FusionForge Support item #1145, was changed at 2011-12-01 15:51 by Alvaro Olmedo
You can respond by visiting:
https://forge.fi-ware.eu/tracker/?func=detail&atid=199&aid=1145&group_id=28
Or by replying to this e-mail entering your response between the following markers:
#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+
(enter your response here, only in plain text format)
#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+#+
Status: Open
Priority: 4
Submitted By: Davide Dalle Carbonare (davide)
Assigned to: Alvaro Olmedo (aolmedo)
Summary: User role and SVN commit for Tools project
Severity: Critical
Workflow State: Assigned
Initial Comment:
There is a problem on the configuration of the roles and their permissions for the SCM.
At the moment only administrators are able to commit into the SVN repository.
I would like to enable also "Senior Developer" role and disable the others two.
Form the configuration section the Senior Developer has a "write" on the SCM row but the users with this role are not able to commit and they get a "access forbidden for unknown reason" message.
regards,
Davide
----------------------------------------------------------------------
>Comment By: Alvaro Olmedo (aolmedo)
Date: 2012-01-26 12:20
Message:
The perms are established in /opt/gforge/common/include/Permission.class.php and the user_groups table have these fields:
user_group_id | integer | not null default nextval(('user_group_pk_seq'::text)::regclass)
user_id | integer | not null default 0
group_id | integer | not null default 0
admin_flags | character(16) | not null default ''::bpchar
dead1 | integer | not null default 0
forum_flags | integer | not null default 0
project_flags | integer | not null default 2
dead2 | integer | not null default 1
dead3 | integer | not null default 1
doc_flags | integer | not null default 0
cvs_flags | integer | not null default 1
member_role | integer | not null default 100
release_flags | integer | not null default 0
artifact_flags | integer | default 0
sys_state | character(1) | default 'N'::bpchar
sys_cvs_state | character(1) | default 'N'::bpchar
role_id | integer | default 1
----------------------------------------------------------------------
Comment By: Alvaro Olmedo (aolmedo)
Date: 2012-01-10 17:54
Message:
The code that check the permissions:
bart:/opt/gforge# vi www/plugins/scmsvn/common/SVNPlugin.class.php
245 $users = $project->getMembers () ;
246 foreach ($users as $user) {
247 $perm = $project->getPermission ($user) ;
248 if ($perm->isMember ('scm', 0)) {
249 $svnusers[$user->getID()] = $user ;
250 }
251 $access_data .= '[' . $project->getUnixName () . ":/]\n" ;
252 if ($perm->isMember ('scm', 1)) {
253 $access_data .= $user->getUnixName() . "= rw\n" ;
254 } elseif ($perm->isMember ('scm', 0)) {
255 $access_data .= $user->getUnixName() . "= r\n" ;
256 }
257 }
----------------------------------------------------------------------
Comment By: Miguel Carrillo (mcp)
Date: 2012-01-09 16:24
Message:
In that case, I am very happy to be wrong, haha. This simplifies all the work! :)
----------------------------------------------------------------------
Comment By: Alvaro Olmedo (aolmedo)
Date: 2012-01-09 16:22
Message:
Miguel,
You are wrong, the permissions are established dynamically with the cron task, it means that when the bug will be fixed, all the repositories will work fine.
----------------------------------------------------------------------
Comment By: Miguel Carrillo (mcp)
Date: 2012-01-09 16:08
Message:
We should swich to English in this ticket, it seems that Davide is following us! :)
Álvaro, see if you can fix this to make it work. A fix will resolve this for subversion instances we create in the future but the ones already created will have to be fixed by hand, if I am right.
----------------------------------------------------------------------
Comment By: Alvaro Olmedo (aolmedo)
Date: 2012-01-09 16:05
Message:
OK, many thanks Miguel. It was only in order to get knowledge about other problems.
I've executed the cronjob manually and I get a notice (not an error). I will start with this.
"PHP Notice: Undefined index: scm in /usr/share/gforge/common/include/Permission.class.php on line 286"
Besides I've changed the rol in a test user in our project (fforgesupport) and the result is the same: with the senior developer role and the write acces to the repo for this role this user haven't got write permissions in the svn access file generated.
----------------------------------------------------------------------
Comment By: Davide Dalle Carbonare (davide)
Date: 2012-01-09 15:57
Message:
As far as I understand from your comments ... I confirm I can try to replicate the situation together with some of you moniring the backstage. Let me know.
----------------------------------------------------------------------
Comment By: Miguel Carrillo (mcp)
Date: 2012-01-09 15:49
Message:
Álvaro, no recuerdo ya porque esto pasó hace tiempo, pero en otros repositorios hubo quejas, no recuerdo ya cuales ni de quién.
Yo empezaría con este caso concreto y vería qué pasa. En función de lo que sea, una vez hayamos pescado el problema, miraría si está también en otros repositorios donde se vaya a trabajar (cuando los problemas están diagnosticados, suele ser casi inmediato ver y/o arreglar en otros repositorios similares).
Davide es una persona amigable y muy colaborativa, si es preciso contactarle estará seguro contento de probar contigo (lo único que sería en inglés). Si quieres que haga de interfaz, me lo dices también, como prefieras.
----------------------------------------------------------------------
Comment By: Alvaro Olmedo (aolmedo)
Date: 2012-01-09 15:48
Message:
El fichero que genera la tarea cron de FF crea el fichero de permisos de forma incorrecta, dando solo permisos de lectura a usuarios que por su rol deberían tener permisos de escritura.
El fichero es /var/lig/gforge/svnroot-access.
----------------------------------------------------------------------
Comment By: Alvaro Olmedo (aolmedo)
Date: 2012-01-09 15:40
Message:
Miguel,
¿El problema se produce en todos los repositorios?¿Os lo han notificado otros proyectos anteriormente?¿Os han reportado otros problemas de los repos?
Es por hacer pruebas en el de fforgesupport y para ponerme en situación.
Saludos,
Álvaro
----------------------------------------------------------------------
Comment By: Miguel Carrillo (mcp)
Date: 2012-01-05 16:23
Message:
Álvaro, te reasigno esto para que lo vayas mirando con calma. No es para mañana, pero tampoco podemos seguir dejándolo semanas. Vamos a necesitar el SCM y no podemos seguir mucho tiempo así.
----------------------------------------------------------------------
Comment By: Miguel Carrillo (mcp)
Date: 2011-12-01 15:57
Message:
I get the same feedback from other people. This is a blocker.
----------------------------------------------------------------------
You can respond by visiting:
https://forge.fi-ware.eu/tracker/?func=detail&atid=199&aid=1145&group_id=28
You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy