Status: New
Owner: ----
Labels: Type-Defect Priority-Medium

New issue 3307 by cannot add repository using webapi even if non-super-user has this perm

*** You must complete this form in its entirety, or your bug report will be
*** For customer support, please post to
*** If you have a patch, please submit it to
*** Do not post confidential information in this bug report!

What version are you running?

What's the URL of the page containing the problem?

What steps will reproduce the problem?
1. create a user account, add it in staff + add it "Can add repository" perm
2. send an http post request to create a new repo using this user credential

What is the expected output? What do you see instead?
I expect success but get "msg": "You don't have permission for this", "code": 101

What operating system are you using? What browser?
curl client

In fact when i show all user permission I can see
all permissions: set([u'scmtools.add_repository', u'reviews.change_group', u'reviews.add_group', u'scmtools.change_repository'])

and in scmtools/ it check create_repository instead of add_repository. I don't know exactly where permissions are declared but I suppose the good one is create_repository because it is the one defined ;-)

please find the fix below

diff --git a/usr/local/lib/python2.7/dist-packages/ReviewBoard-1.7.6-py2.7.egg/reviewboard/scmtools/ b/usr/local/lib/pytho
index 88206ef..8a4f16a 100755
--- a/usr/local/lib/python2.7/dist-packages/ReviewBoard-1.7.6-py2.7.egg/reviewboard/scmtools/ +++ b/usr/local/lib/python2.7/dist-packages/ReviewBoard-1.7.6-py2.7.egg/reviewboard/scmtools/
@@ -65,5 +65,6 @@ class RepositoryManager(Manager):
         return qs.filter(local_site=local_site)

     def can_create(self, user, local_site=None):
-        return (user.has_perm('scmtools.create_repository') or
+       # Adding a repository permission is 'add_' not but 'change_'.
+        return (user.has_perm('scmtools.add_repository') or
                 (local_site and local_site.is_mutable_by(user)))

You received this message because this project is configured to send all issue notifications to this address.
You may adjust your notification preferences at:

You received this message because you are subscribed to the Google Groups 
"reviewboard-issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
To post to this group, send email to
Visit this group at
For more options, visit

Reply via email to