Labels: Type-Defect Priority-Medium
New issue 3307 by nano...@gmail.com: cannot add repository using webapi
even if non-super-user has this perm
*** READ THIS BEFORE POSTING!
*** You must complete this form in its entirety, or your bug report will be
*** For customer support, please post to reviewbo...@googlegroups.com
*** If you have a patch, please submit it to
*** Do not post confidential information in this bug report!
What version are you running?
What's the URL of the page containing the problem?
What steps will reproduce the problem?
1. create a user account, add it in staff + add it "Can add repository" perm
2. send an http post request to create a new repo using this user credential
What is the expected output? What do you see instead?
I expect success but get "msg": "You don't have permission for
this", "code": 101
What operating system are you using? What browser?
In fact when i show all user permission I can see
all permissions: set([u'scmtools.add_repository', u'reviews.change_group',
and in scmtools/managers.py it check create_repository instead of
I don't know exactly where permissions are declared but I suppose the good
one is create_repository because it is the one defined ;-)
please find the fix below
index 88206ef..8a4f16a 100755
@@ -65,5 +65,6 @@ class RepositoryManager(Manager):
def can_create(self, user, local_site=None):
- return (user.has_perm('scmtools.create_repository') or
+ # Adding a repository permission is 'add_' not but 'change_'.
+ return (user.has_perm('scmtools.add_repository') or
(local_site and local_site.is_mutable_by(user)))
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
You received this message because you are subscribed to the Google Groups
To unsubscribe from this group and stop receiving emails from it, send an email
To post to this group, send email to firstname.lastname@example.org.
Visit this group at http://groups.google.com/group/reviewboard-issues.
For more options, visit https://groups.google.com/d/optout.