Any user can clone private git repository

Issue #372 resolved
Andrey Feoktistov created an issue

I installed Rhodecode1.3.2. Then, create a new user "testuser". And a new git repository "testrep" marked as private. The testuser havn't any rights for read/clone testrep, but it can clone. This problem occurs only in the git repository, hg works perfect.

Comments (10)

  1. Marcin Kuzminski repo owner

    I think it's just an issue with private repository creation rather than permissions, if you edit a git-repo set it to private it's not clonable.

  2. Andrey Feoktistov reporter

    After a few switches "private" check box and access rights, all seems to work correctly. There was some error messages in the output:

    2012-02-29 00:04:36.471 ERROR [rhodecode.model.repo] Traceback (most recent call last):
      File "/home/cattus/tmp/rhodecode-8fbb1d250804/rhodecode/model/repo.py", line 186, in update
        cur_repo.user = User.get_by_username(v)
      File "/home/cattus/tmp/rhodecode-8fbb1d250804/rhodecode/model/db.py", line 342, in get_by_username
        return q.scalar()
      File "/usr/local/lib/python2.7/dist-packages/SQLAlchemy-0.7.4-py2.7-linux-x86_64.egg/sqlalchemy/orm/query.py", line 2045, in scalar
        ret = self.one()
      File "/usr/local/lib/python2.7/dist-packages/SQLAlchemy-0.7.4-py2.7-linux-x86_64.egg/sqlalchemy/orm/query.py", line 2014, in one
        ret = list(self)
      File "/home/cattus/tmp/rhodecode-8fbb1d250804/rhodecode/lib/caching_query.py", line 82, in __iter__
        return Query.__iter__(self)
      File "/usr/local/lib/python2.7/dist-packages/SQLAlchemy-0.7.4-py2.7-linux-x86_64.egg/sqlalchemy/orm/query.py", line 2056, in __iter__
        self.session._autoflush()
      File "/usr/local/lib/python2.7/dist-packages/SQLAlchemy-0.7.4-py2.7-linux-x86_64.egg/sqlalchemy/orm/session.py", line 973, in _autoflush
        self.flush()
      File "/usr/local/lib/python2.7/dist-packages/SQLAlchemy-0.7.4-py2.7-linux-x86_64.egg/sqlalchemy/orm/session.py", line 1547, in flush
        self._flush(objects)
      File "/usr/local/lib/python2.7/dist-packages/SQLAlchemy-0.7.4-py2.7-linux-x86_64.egg/sqlalchemy/orm/session.py", line 1616, in _flush
        flush_context.execute()
      File "/usr/local/lib/python2.7/dist-packages/SQLAlchemy-0.7.4-py2.7-linux-x86_64.egg/sqlalchemy/orm/unitofwork.py", line 328, in execute
        rec.execute(self)
      File "/usr/local/lib/python2.7/dist-packages/SQLAlchemy-0.7.4-py2.7-linux-x86_64.egg/sqlalchemy/orm/unitofwork.py", line 472, in execute
        uow
      File "/usr/local/lib/python2.7/dist-packages/SQLAlchemy-0.7.4-py2.7-linux-x86_64.egg/sqlalchemy/orm/mapper.py", line 2291, in _save_obj
        execute(statement, params)
      File "/usr/local/lib/python2.7/dist-packages/SQLAlchemy-0.7.4-py2.7-linux-x86_64.egg/sqlalchemy/engine/base.py", line 1405, in execute
        params)
      File "/usr/local/lib/python2.7/dist-packages/SQLAlchemy-0.7.4-py2.7-linux-x86_64.egg/sqlalchemy/engine/base.py", line 1538, in _execute_clauseelement
        compiled_sql, distilled_params
      File "/usr/local/lib/python2.7/dist-packages/SQLAlchemy-0.7.4-py2.7-linux-x86_64.egg/sqlalchemy/engine/base.py", line 1646, in _execute_context
        context)
      File "/usr/local/lib/python2.7/dist-packages/SQLAlchemy-0.7.4-py2.7-linux-x86_64.egg/sqlalchemy/engine/base.py", line 1639, in _execute_context
        context)
      File "/usr/local/lib/python2.7/dist-packages/SQLAlchemy-0.7.4-py2.7-linux-x86_64.egg/sqlalchemy/engine/default.py", line 330, in do_execute
        cursor.execute(statement, parameters)
    IntegrityError: (IntegrityError) null value in column "users_group_id" violates not-null constraint
     'INSERT INTO users_group_repo_to_perm (users_group_id, permission_id, repository_id) VALUES (%(users_group_id)s, %(permission_id)s, %(repository_id)s) RETURNING users_group_repo_to_perm.users_group_to_perm_id' {'repository_id': 2, 'users_group_id': None, 'permission_id': 1}
    
    2012-02-29 00:04:36.472 ERROR [rhodecode.controllers.admin.repos] Traceback (most recent call last):
      File "/home/cattus/tmp/rhodecode-8fbb1d250804/rhodecode/controllers/admin/repos.py", line 209, in update
        repo = repo_model.update(repo_name, form_result)
      File "/home/cattus/tmp/rhodecode-8fbb1d250804/rhodecode/model/repo.py", line 186, in update
        cur_repo.user = User.get_by_username(v)
      File "/home/cattus/tmp/rhodecode-8fbb1d250804/rhodecode/model/db.py", line 342, in get_by_username
        return q.scalar()
      File "/usr/local/lib/python2.7/dist-packages/SQLAlchemy-0.7.4-py2.7-linux-x86_64.egg/sqlalchemy/orm/query.py", line 2045, in scalar
        ret = self.one()
      File "/usr/local/lib/python2.7/dist-packages/SQLAlchemy-0.7.4-py2.7-linux-x86_64.egg/sqlalchemy/orm/query.py", line 2014, in one
        ret = list(self)
      File "/home/cattus/tmp/rhodecode-8fbb1d250804/rhodecode/lib/caching_query.py", line 82, in __iter__
        return Query.__iter__(self)
      File "/usr/local/lib/python2.7/dist-packages/SQLAlchemy-0.7.4-py2.7-linux-x86_64.egg/sqlalchemy/orm/query.py", line 2056, in __iter__
        self.session._autoflush()
      File "/usr/local/lib/python2.7/dist-packages/SQLAlchemy-0.7.4-py2.7-linux-x86_64.egg/sqlalchemy/orm/session.py", line 973, in _autoflush
        self.flush()
      File "/usr/local/lib/python2.7/dist-packages/SQLAlchemy-0.7.4-py2.7-linux-x86_64.egg/sqlalchemy/orm/session.py", line 1547, in flush
        self._flush(objects)
      File "/usr/local/lib/python2.7/dist-packages/SQLAlchemy-0.7.4-py2.7-linux-x86_64.egg/sqlalchemy/orm/session.py", line 1616, in _flush
        flush_context.execute()
      File "/usr/local/lib/python2.7/dist-packages/SQLAlchemy-0.7.4-py2.7-linux-x86_64.egg/sqlalchemy/orm/unitofwork.py", line 328, in execute
        rec.execute(self)
      File "/usr/local/lib/python2.7/dist-packages/SQLAlchemy-0.7.4-py2.7-linux-x86_64.egg/sqlalchemy/orm/unitofwork.py", line 472, in execute
        uow
      File "/usr/local/lib/python2.7/dist-packages/SQLAlchemy-0.7.4-py2.7-linux-x86_64.egg/sqlalchemy/orm/mapper.py", line 2291, in _save_obj
        execute(statement, params)
      File "/usr/local/lib/python2.7/dist-packages/SQLAlchemy-0.7.4-py2.7-linux-x86_64.egg/sqlalchemy/engine/base.py", line 1405, in execute
        params)
      File "/usr/local/lib/python2.7/dist-packages/SQLAlchemy-0.7.4-py2.7-linux-x86_64.egg/sqlalchemy/engine/base.py", line 1538, in _execute_clauseelement
        compiled_sql, distilled_params
      File "/usr/local/lib/python2.7/dist-packages/SQLAlchemy-0.7.4-py2.7-linux-x86_64.egg/sqlalchemy/engine/base.py", line 1646, in _execute_context
        context)
      File "/usr/local/lib/python2.7/dist-packages/SQLAlchemy-0.7.4-py2.7-linux-x86_64.egg/sqlalchemy/engine/base.py", line 1639, in _execute_context
        context)
      File "/usr/local/lib/python2.7/dist-packages/SQLAlchemy-0.7.4-py2.7-linux-x86_64.egg/sqlalchemy/engine/default.py", line 330, in do_execute
        cursor.execute(statement, parameters)
    IntegrityError: (IntegrityError) null value in column "users_group_id" violates not-null constraint
     'INSERT INTO users_group_repo_to_perm (users_group_id, permission_id, repository_id) VALUES (%(users_group_id)s, %(permission_id)s, %(repository_id)s) RETURNING users_group_repo_to_perm.users_group_to_perm_id' {'repository_id': 2, 'users_group_id': None, 'permission_id': 1}
    

    Is this helpfull?

  3. Marcin Kuzminski repo owner

    From you screencast i did not see this problem ? Can you provide more details ?

  4. Andrey Feoktistov reporter

    In screen cast you can see that I create git repository as private, and then successfully clone it as "tus" user, that haven't any rights for read it. Then I try to togle/untogle private checkbox, set permissions of default user to none, and in any case "tus" able to clone the repository. I try it many times. Possibily that I missunderstand something, but i able to reproduce this issue in most cases.

  5. Marcin Kuzminski repo owner

    Thanks for posting this, infact there was an issues with detection of push/pull comands in git, that lead to some unpredictable behavior and caused a credentials bug. thats fixed in beta and stable branches, this will be released today as 1.3.3.

  6. Log in to comment