Status: New
Owner: ----
Labels: Type-Defect Priority-Medium
New issue 3307 by [email protected]: cannot add repository using webapi
even if non-super-user has this perm
http://code.google.com/p/reviewboard/issues/detail?id=3307
*** READ THIS BEFORE POSTING!
***
*** You must complete this form in its entirety, or your bug report will be
rejected.
***
*** For customer support, please post to [email protected]
***
*** If you have a patch, please submit it to
http://reviews.reviewboard.org/
***
*** Do not post confidential information in this bug report!
What version are you running?
1.7.6
What's the URL of the page containing the problem?
api/repositories
What steps will reproduce the problem?
1. create a user account, add it in staff + add it "Can add repository" perm
2. send an http post request to create a new repo using this user credential
What is the expected output? What do you see instead?
I expect success but get "msg": "You don't have permission for
this", "code": 101
What operating system are you using? What browser?
curl client
In fact when i show all user permission I can see
all permissions: set([u'scmtools.add_repository', u'reviews.change_group',
u'reviews.add_group', u'scmtools.change_repository'])
and in scmtools/managers.py it check create_repository instead of
add_repository.
I don't know exactly where permissions are declared but I suppose the good
one is create_repository because it is the one defined ;-)
please find the fix below
diff --git
a/usr/local/lib/python2.7/dist-packages/ReviewBoard-1.7.6-py2.7.egg/reviewboard/scmtools/managers.py.orig
b/usr/local/lib/pytho
index 88206ef..8a4f16a 100755
---
a/usr/local/lib/python2.7/dist-packages/ReviewBoard-1.7.6-py2.7.egg/reviewboard/scmtools/managers.py.orig
+++
b/usr/local/lib/python2.7/dist-packages/ReviewBoard-1.7.6-py2.7.egg/reviewboard/scmtools/managers.py
@@ -65,5 +65,6 @@ class RepositoryManager(Manager):
return qs.filter(local_site=local_site)
def can_create(self, user, local_site=None):
- return (user.has_perm('scmtools.create_repository') or
+ # Adding a repository permission is 'add_' not but 'change_'.
+ return (user.has_perm('scmtools.add_repository') or
(local_site and local_site.is_mutable_by(user)))
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
You received this message because you are subscribed to the Google Groups
"reviewboard-issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/reviewboard-issues.
For more options, visit https://groups.google.com/d/optout.
