Status: New
Owner: ----
Labels: Type-Defect Priority-Medium

New issue 3307 by nano...@gmail.com: cannot add repository using webapi even if non-super-user has this perm
http://code.google.com/p/reviewboard/issues/detail?id=3307

*** READ THIS BEFORE POSTING!
***
*** You must complete this form in its entirety, or your bug report will be
rejected.
***
*** For customer support, please post to reviewbo...@googlegroups.com
***
*** If you have a patch, please submit it to
http://reviews.reviewboard.org/
***
*** Do not post confidential information in this bug report!


What version are you running?
1.7.6


What's the URL of the page containing the problem?
api/repositories


What steps will reproduce the problem?
1. create a user account, add it in staff + add it "Can add repository" perm
2. send an http post request to create a new repo using this user credential

What is the expected output? What do you see instead?
I expect success but get "msg": "You don't have permission for this", "code": 101

What operating system are you using? What browser?
curl client

In fact when i show all user permission I can see
all permissions: set([u'scmtools.add_repository', u'reviews.change_group', u'reviews.add_group', u'scmtools.change_repository'])

and in scmtools/managers.py it check create_repository instead of add_repository. I don't know exactly where permissions are declared but I suppose the good one is create_repository because it is the one defined ;-)


please find the fix below

diff --git a/usr/local/lib/python2.7/dist-packages/ReviewBoard-1.7.6-py2.7.egg/reviewboard/scmtools/managers.py.orig b/usr/local/lib/pytho
index 88206ef..8a4f16a 100755
--- a/usr/local/lib/python2.7/dist-packages/ReviewBoard-1.7.6-py2.7.egg/reviewboard/scmtools/managers.py.orig +++ b/usr/local/lib/python2.7/dist-packages/ReviewBoard-1.7.6-py2.7.egg/reviewboard/scmtools/managers.py
@@ -65,5 +65,6 @@ class RepositoryManager(Manager):
         return qs.filter(local_site=local_site)

     def can_create(self, user, local_site=None):
-        return (user.has_perm('scmtools.create_repository') or
+       # Adding a repository permission is 'add_' not but 'change_'.
+        return (user.has_perm('scmtools.add_repository') or
                 (local_site and local_site.is_mutable_by(user)))



--
You received this message because this project is configured to send all issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings

--
You received this message because you are subscribed to the Google Groups 
"reviewboard-issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to reviewboard-issues+unsubscr...@googlegroups.com.
To post to this group, send email to reviewboard-issues@googlegroups.com.
Visit this group at http://groups.google.com/group/reviewboard-issues.
For more options, visit https://groups.google.com/d/optout.

Reply via email to