rpms
/
koji
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c611e19cd5'
${ noResults }
koji/2203.patch

68 lines
2.6 KiB
Raw Blame History

From ce86d84c87709ea6efa4bbc16fabe593de5b4a66 Mon Sep 17 00:00:00 2001
From: Tomas Kopecek <tkopecek@redhat.com>
Date: Apr 28 2020 08:10:24 +0000
Subject: [PATCH 1/2] hub: admin can't force tag now
Fixes: https://pagure.io/koji/issue/2202
---
diff --git a/hub/kojihub.py b/hub/kojihub.py
index 960c0c6..9ec9bb8 100644
--- a/hub/kojihub.py
+++ b/hub/kojihub.py
@@ -9760,7 +9760,7 @@ def check_policy(name, data, default='deny', strict=False, force=False):
access: True if the policy result is allow, false otherwise
reason: reason for the access
If strict is True, will raise ActionNotAllowed if the action is not 'allow'
- If force is True, policy will pass, but action will be logged
+ If force is True, policy will pass (under admin), but action will be logged
"""
ruleset = context.policy.get(name)
if not ruleset:
@@ -9791,12 +9791,14 @@ def check_policy(name, data, default='deny', strict=False, force=False):
if result != 'deny':
reason = 'error in policy'
logger.error("Invalid action in policy %s, rule: %s", name, lastrule)
- if force and context.session.hasPerm('admin'):
- msg = "Policy %s overriden by force: %s" % (name, context.session.user_data["name"])
- if reason:
- msg += ": %s" % reason
- logger.info(msg)
- return True, "overriden by force"
+ if force:
+ user = policy_get_user(data)
+ if 'admin' in koji.auth.get_user_perms(user['id']):
+ msg = "Policy %s overriden by force: %s" % (name, user["name"])
+ if reason:
+ msg += ": %s" % reason
+ logger.info(msg)
+ return True, "overriden by force"
if not strict:
return False, reason
err_str = "policy violation (%s)" % name
From 8da87dfd42d63d9252117b331223b4a70f517ac6 Mon Sep 17 00:00:00 2001
From: Tomas Kopecek <tkopecek@redhat.com>
Date: Apr 28 2020 14:08:21 +0000
Subject: [PATCH 2/2] don't traceback on missing user
---
diff --git a/hub/kojihub.py b/hub/kojihub.py
index 9ec9bb8..92fb389 100644
--- a/hub/kojihub.py
+++ b/hub/kojihub.py
@@ -9793,7 +9793,7 @@ def check_policy(name, data, default='deny', strict=False, force=False):
logger.error("Invalid action in policy %s, rule: %s", name, lastrule)
if force:
user = policy_get_user(data)
- if 'admin' in koji.auth.get_user_perms(user['id']):
+ if user and 'admin' in koji.auth.get_user_perms(user['id']):
msg = "Policy %s overriden by force: %s" % (name, user["name"])
if reason:
msg += ": %s" % reason
Reference in new issue View Git Blame Copy Permalink