FusionForge Support item #1145, was changed at 2011-12-01 14:51 by Miguel Carrillo
You can respond by visiting:
https://forge.fi-ware.eu/tracker/?func=detail&atid=199&aid=1145&group_id=28
Or by replying to this e-mail entering your response between the following markers:
#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+
(enter your response here, only in plain text format)
#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+
Status: Open
Priority: 4
Submitted By: Davide Dalle Carbonare (davide)
Assigned to: Roberto Andradas Izquierdo (randradas)
>Summary: User role and SVN commit
Severity: Critical
Workflow State: Assigned
Initial Comment:
There is a problem on the configuration of the roles and their permissions for the SCM.
At the moment only administrators are able to commit into the SVN repository.
I would like to enable also "Senior Developer" role and disable the others two.
Form the configuration section the Senior Developer has a "write" on the SCM row but the users with this role are not able to commit and they get a "access forbidden for unknown reason" message.
regards,
Davide
----------------------------------------------------------------------
>Comment By: Miguel Carrillo (mcp)
Date: 2012-02-15 11:27
Message:
Change in the subject. This is not only for the Tools project, it applies to all projects in the forge
----------------------------------------------------------------------
Comment By: Alvaro Olmedo (aolmedo)
Date: 2012-02-01 14:01
Message:
The solution is upgrade the DB to the 5.1 version.
Robert should decide about this.
----------------------------------------------------------------------
Comment By: Alvaro Olmedo (aolmedo)
Date: 2012-01-31 11:42
Message:
I've received reply from Roland:
"Yes, this is probably a bug in 5.0.
(...)
The permission system was overhauled in 5.1, and this bug should no
longer exist in there, especially since you can get the SCM write
permission in many different ways (explicit role, global role, project
admin, and so on).
Roland.
-- Roland Mas"
----------------------------------------------------------------------
Comment By: Miguel Carrillo (mcp)
Date: 2012-01-30 12:19
Message:
New complaints from other work group. This is blocking a lot of people! We need to assess if we can provide an answer or have to look for a new tool to do the job (this would be very bad image for the forge, we should avoid it)
----------------------------------------------------------------------
Comment By: Alvaro Olmedo (aolmedo)
Date: 2012-01-26 11:24
Message:
I've write to the FusionForge community:
Hi,
I have the same problem in two differents forges (one of them was migrated from gforge and the other one is a new installation of FusionForge 5.0.3): only the project's administrators can commit in the repositories. The problem is related with the setup of the permissions of the repositories (SVN exactly) in the access file.
I've checked the code and the database and I've got some questions/doubts. The rw o r access to the repository is established in SVNPlugin.class with these lines:
252 if ($perm->isMember ('scm', 1)) {
253 $access_data .= $user->getUnixName() . "= rw\n" ;
254 } elseif ($perm->isMember ('scm', 0)) {
255 $access_data .= $user->getUnixName() . "= r\n" ;
So, I observed in Permission.class that the isMember function don't handle the field 'scm', in the code and in the database (user_groups table) I can see a 'cvs_flags' field but I don't know if this field is related.
I think that the solution could be in this way because the project's administrators obtain the rw access with the admin_flag, no with the "repositorie flag". It's only a possibility.
Please, could you help me with this problem?
Thanks in advance.
Best regards,
Álvaro
----------------------------------------------------------------------
Comment By: Alvaro Olmedo (aolmedo)
Date: 2012-01-26 11:20
Message:
The perms are established in /opt/gforge/common/include/Permission.class.php and the user_groups table have these fields:
user_group_id | integer | not null default nextval(('user_group_pk_seq'::text)::regclass)
user_id | integer | not null default 0
group_id | integer | not null default 0
admin_flags | character(16) | not null default ''::bpchar
dead1 | integer | not null default 0
forum_flags | integer | not null default 0
project_flags | integer | not null default 2
dead2 | integer | not null default 1
dead3 | integer | not null default 1
doc_flags | integer | not null default 0
cvs_flags | integer | not null default 1
member_role | integer | not null default 100
release_flags | integer | not null default 0
artifact_flags | integer | default 0
sys_state | character(1) | default 'N'::bpchar
sys_cvs_state | character(1) | default 'N'::bpchar
role_id | integer | default 1
----------------------------------------------------------------------
Comment By: Alvaro Olmedo (aolmedo)
Date: 2012-01-10 16:54
Message:
The code that check the permissions:
bart:/opt/gforge# vi www/plugins/scmsvn/common/SVNPlugin.class.php
245 $users = $project->getMembers () ;
246 foreach ($users as $user) {
247 $perm = $project->getPermission ($user) ;
248 if ($perm->isMember ('scm', 0)) {
249 $svnusers[$user->getID()] = $user ;
250 }
251 $access_data .= '[' . $project->getUnixName () . ":/]\n" ;
252 if ($perm->isMember ('scm', 1)) {
253 $access_data .= $user->getUnixName() . "= rw\n" ;
254 } elseif ($perm->isMember ('scm', 0)) {
255 $access_data .= $user->getUnixName() . "= r\n" ;
256 }
257 }
----------------------------------------------------------------------
Comment By: Miguel Carrillo (mcp)
Date: 2012-01-09 15:24
Message:
In that case, I am very happy to be wrong, haha. This simplifies all the work! :)
----------------------------------------------------------------------
Comment By: Alvaro Olmedo (aolmedo)
Date: 2012-01-09 15:22
Message:
Miguel,
You are wrong, the permissions are established dynamically with the cron task, it means that when the bug will be fixed, all the repositories will work fine.
----------------------------------------------------------------------
Comment By: Miguel Carrillo (mcp)
Date: 2012-01-09 15:08
Message:
We should swich to English in this ticket, it seems that Davide is following us! :)
Álvaro, see if you can fix this to make it work. A fix will resolve this for subversion instances we create in the future but the ones already created will have to be fixed by hand, if I am right.
----------------------------------------------------------------------
Comment By: Alvaro Olmedo (aolmedo)
Date: 2012-01-09 15:05
Message:
OK, many thanks Miguel. It was only in order to get knowledge about other problems.
I've executed the cronjob manually and I get a notice (not an error). I will start with this.
"PHP Notice: Undefined index: scm in /usr/share/gforge/common/include/Permission.class.php on line 286"
Besides I've changed the rol in a test user in our project (fforgesupport) and the result is the same: with the senior developer role and the write acces to the repo for this role this user haven't got write permissions in the svn access file generated.
----------------------------------------------------------------------
Comment By: Davide Dalle Carbonare (davide)
Date: 2012-01-09 14:57
Message:
As far as I understand from your comments ... I confirm I can try to replicate the situation together with some of you moniring the backstage. Let me know.
----------------------------------------------------------------------
Comment By: Miguel Carrillo (mcp)
Date: 2012-01-09 14:49
Message:
Álvaro, no recuerdo ya porque esto pasó hace tiempo, pero en otros repositorios hubo quejas, no recuerdo ya cuales ni de quién.
Yo empezaría con este caso concreto y vería qué pasa. En función de lo que sea, una vez hayamos pescado el problema, miraría si está también en otros repositorios donde se vaya a trabajar (cuando los problemas están diagnosticados, suele ser casi inmediato ver y/o arreglar en otros repositorios similares).
Davide es una persona amigable y muy colaborativa, si es preciso contactarle estará seguro contento de probar contigo (lo único que sería en inglés). Si quieres que haga de interfaz, me lo dices también, como prefieras.
----------------------------------------------------------------------
Comment By: Alvaro Olmedo (aolmedo)
Date: 2012-01-09 14:48
Message:
El fichero que genera la tarea cron de FF crea el fichero de permisos de forma incorrecta, dando solo permisos de lectura a usuarios que por su rol deberían tener permisos de escritura.
El fichero es /var/lig/gforge/svnroot-access.
----------------------------------------------------------------------
Comment By: Alvaro Olmedo (aolmedo)
Date: 2012-01-09 14:40
Message:
Miguel,
¿El problema se produce en todos los repositorios?¿Os lo han notificado otros proyectos anteriormente?¿Os han reportado otros problemas de los repos?
Es por hacer pruebas en el de fforgesupport y para ponerme en situación.
Saludos,
Álvaro
----------------------------------------------------------------------
Comment By: Miguel Carrillo (mcp)
Date: 2012-01-05 15:23
Message:
Álvaro, te reasigno esto para que lo vayas mirando con calma. No es para mañana, pero tampoco podemos seguir dejándolo semanas. Vamos a necesitar el SCM y no podemos seguir mucho tiempo así.
----------------------------------------------------------------------
Comment By: Miguel Carrillo (mcp)
Date: 2011-12-01 14:57
Message:
I get the same feedback from other people. This is a blocker.
----------------------------------------------------------------------
You can respond by visiting:
https://forge.fi-ware.eu/tracker/?func=detail&atid=199&aid=1145&group_id=28
You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy