After RC 2.2.5 migration, local admin cannot fork

Issue #58 invalid
Arnaud GUT created an issue

In RC, I created a user's group, put a user (named train03) in it and give Fork default permission to this user's group.

In RC, I give admin rights to this user's group on a top level repo group (CF_Domain) and created a repo in it (test_fork).

The user train03 can fork the repo.

I migrated to KLT 0.1 with no problems.

Then, the user train03 can no more fork the repo: 403 forbidden. Logs:

2014-11-26 17:43:29.781 INFO  [kallithea.lib.base] IP: 10.10.168.170 User: <AuthUser('id:257[train03] ip:10.10.168.170 auth:True')> accessed /CF_Domain/test_fork/fork
2014-11-26 17:43:29.892 INFO  [kallithea.lib.auth] user <AuthUser('id:257[train03] ip:10.10.168.170 auth:True')> authenticating with:RegularAuth IS authenticated on func ForksController:fork
2014-11-26 17:43:30.545 INFO  [kallithea.RequestWrapper] IP: 10.10.168.170 Request to /CF_Domain/test_fork/fork time: 0.825s
2014-11-26 17:43:30.578 INFO  [kallithea.lib.base] IP: 10.10.168.170 User: <AuthUser('id:257[train03] ip:10.10.168.170 auth:True')> accessed /CF_Domain/test_fork/fork
2014-11-26 17:43:30.581 INFO  [kallithea.RequestWrapper] IP: 10.10.168.170 Request to /CF_Domain/test_fork/fork time: 0.036s

For information, if I add another user (named train02) in the same user's group, this user can fork ! Logs:

2014-11-26 17:47:54.608 INFO  [kallithea.lib.base] IP: 10.10.168.170 User: <AuthUser('id:17[train02] ip:10.10.168.170 auth:True')> accessed /CF_Domain/test_fork/fork
2014-11-26 17:47:54.693 INFO  [kallithea.lib.auth] user <AuthUser('id:17[train02] ip:10.10.168.170 auth:True')> authenticating with:RegularAuth IS authenticated on func ForksController:fork
2014-11-26 17:47:55.933 INFO  [kallithea.RequestWrapper] IP: 10.10.168.170 Request to /CF_Domain/test_fork/fork time: 1.353s
2014-11-26 17:47:59.545 INFO  [kallithea.lib.base] IP: 10.10.168.170 User: <AuthUser('id:17[train02] ip:10.10.168.170 auth:True')> accessed /CF_Domain/test_fork/fork
2014-11-26 17:47:59.790 INFO  [kallithea.lib.auth] user <AuthUser('id:17[train02] ip:10.10.168.170 auth:True')> authenticating with:RegularAuth IS authenticated on func ForksController:fork_create
2014-11-26 17:48:00.551 INFO  [kallithea.lib.utils] Logging action:started_following_repo on <RepoTemp('id:934')> by user:<User('id:17:train02')> ip:10.10.168.170
2014-11-26 17:48:00.571 INFO  [kallithea.lib.utils] Logging action:user_forked_repo:CF_Domain/test_fork-fork on CF_Domain/test_fork by user:<User('id:17:train02')> ip:10.10.168.170
2014-11-26 17:48:00.632 INFO  [kallithea.model.repo] creating repo test_fork-fork in /product/repo/CF_Domain/test_fork-fork from url: `/product/repo/CF_Domain/test_fork`
2014-11-26 17:48:00.722 INFO  [kallithea.RequestWrapper] IP: 10.10.168.170 Request to /CF_Domain/test_fork/fork time: 1.204s
2014-11-26 17:48:00.760 INFO  [kallithea.lib.base] IP: 10.10.168.170 User: <AuthUser('id:17[train02] ip:10.10.168.170 auth:True')> accessed /CF_Domain/test_fork-fork/repo_creating
2014-11-26 17:48:00.762 INFO  [kallithea.lib.auth] user <AuthUser('id:17[train02] ip:10.10.168.170 auth:True')> authenticating with:RegularAuth IS authenticated on func ReposController:__before__
2014-11-26 17:48:00.876 INFO  [kallithea.lib.auth] user <AuthUser('id:17[train02] ip:10.10.168.170 auth:True')> authenticating with:RegularAuth IS authenticated on func ReposController:repo_creating
2014-11-26 17:48:01.623 INFO  [kallithea.RequestWrapper] IP: 10.10.168.170 Request to /CF_Domain/test_fork-fork/repo_creating time: 0.889s
2014-11-26 17:48:02.163 INFO  [kallithea.lib.base] IP: 10.10.168.170 User: <AuthUser('id:17[train02] ip:10.10.168.170 auth:True')> accessed /CF_Domain/test_fork-fork/crepo_check
2014-11-26 17:48:02.167 INFO  [kallithea.lib.auth] user <AuthUser('id:17[train02] ip:10.10.168.170 auth:True')> authenticating with:RegularAuth IS authenticated on func ReposController:__before__
2014-11-26 17:48:02.234 INFO  [kallithea.lib.auth] user <AuthUser('id:17[train02] ip:10.10.168.170 auth:True')> authenticating with:RegularAuth IS authenticated on func ReposController:repo_check
2014-11-26 17:48:02.251 INFO  [kallithea.RequestWrapper] IP: 10.10.168.170 Request to /CF_Domain/test_fork-fork/crepo_check time: 0.126s
2014-11-26 17:48:02.298 INFO  [kallithea.lib.base] IP: 10.10.168.170 User: <AuthUser('id:17[train02] ip:10.10.168.170 auth:True')> accessed /CF_Domain/test_fork-fork
2014-11-26 17:48:02.362 INFO  [kallithea.lib.auth] user <AuthUser('id:17[train02] ip:10.10.168.170 auth:True')> authenticating with:RegularAuth IS authenticated on func SummaryController:index
2014-11-26 17:48:03.054 INFO  [kallithea.RequestWrapper] IP: 10.10.168.170 Request to /CF_Domain/test_fork-fork time: 0.782s

I've the same behavior for all repos.

If I try to remove first user (train03) from the user's group then add it in again, train03 always can not fork.

This is extremely blocking for me as I've one hundred users in this case into dozens of user's groups and thousands of repos.

Comments (4)

  1. Mads Kiilerich

    There is not much here that can help reproduce the problem.

    Try comparing the Permissions page for these 2 users and verify they are exactly the same.

  2. Arnaud GUT reporter

    Comparison shows clearly that one user has "Repo forking disabled" and the other has "Repo forking enabled". Question: if a user is local admin of a top level repo group thru a user's group which has forking enabled, and normal user for another top level repo group, what must show the global permission of this user?

  3. Mads Kiilerich

    I don't understand the question ... but do also not understand the complexity of the current access control system. I would like to replace it with something simpler.

  4. Log in to comment