Luke Macken wrote:
On Fri, Oct 05, 2007 at 01:38:19PM -0400, Todd Zullinger wrote:
I built an updated vorbis-tools package to fix bz#244757[1] but bodhi
won't let me push the update for F7. When I select Add Update, I get
an error that states:
tmz does not have commit access to vorbis-tools
This is partly true. Though the package is open to cvsextras, which
is how I had acccess to commit the changes. What's the best way to
solve this? Do I need to nag one of the primary maintainers of
vorbis-tools to do the actual push in bodhi (or request more
privileges from the pkgdb)?
Would it be reasonable to allow members of cvsextras to push an update
to -testing if the package is open to cvs commits from cvsextras?
That'd facilitate someone coming along and helping fix low-hanging
fruit bugs like this -- freeing up the maintainers to work on the
harder and more pressing bugs.
Pushing to -testing would provide some warning to the primary
maintainers if someone were to try and push an update they thought
shouldn't be pushed. Then they could unpush it to prevent it from
getting into the stable updates.
(I'm not sure what the best balance is here, I can see reasons for
allowing or for denying such access in bodhi.)
Right now bodhi only looks at the individuals with commit access from
the pkgdb. It should definitely also check the ACL, and in the case
of vorbis-tools, allow you to push updates for it.
Toshio is throwing together a patch for bodhi now.
Here's a patch for considering group-acls as part of authentication check.
There are several people working on a proposal for unsponsored
comaintainers. When that happens, the behavior of groups may change
slightly but I'll announce the changes when we have a more concrete plan.
-Toshio
diff -r 3d87397af909 bodhi/controllers.py
--- a/bodhi/controllers.py Wed Oct 03 17:44:08 2007 -0400
+++ b/bodhi/controllers.py Fri Oct 05 13:14:34 2007 -0700
@@ -29,7 +29,7 @@ from turbogears.widgets import DataGrid
from bodhi import buildsys, util
from bodhi.rss import Feed
-from bodhi.util import flash_log, get_pkg_people
+from bodhi.util import flash_log, get_pkg_pushers
from bodhi.new import NewUpdateController, update_form
from bodhi.admin import AdminController
from bodhi.model import (Package, PackageBuild, PackageUpdate, Release,
@@ -369,15 +369,18 @@ class Root(controllers.RootController):
for build in builds:
nvr = util.get_nvr(build)
people = None
- try:
- people = get_pkg_people(nvr[0], release.long_name.split()[0],
+ groups = None
+ try:
+ people, groups = get_pkg_pushers(nvr[0],
+ release.long_name.split()[0],
release.long_name[-1])
except Exception, e:
flash_log(e)
raise redirect('/new', **params)
if not identity.current.user_name in people[0] and \
not 'releng' in identity.current.groups and \
- not 'security_respons' in identity.current.groups:
+ not 'security_respons' in identity.current.groups and \
+ filter(lambda x: x in identity.current.groups, groups):
flash_log("%s does not have commit access to %s" % (
identity.current.user_name, nvr[0]))
raise redirect('/new', **params)
diff -r 3d87397af909 bodhi/util.py
--- a/bodhi/util.py Wed Oct 03 17:44:08 2007 -0400
+++ b/bodhi/util.py Fri Oct 05 13:40:59 2007 -0700
@@ -200,12 +200,20 @@ def get_repo_tag(repo):
log.error("Cannot find mash configuration for %s: %s" % (repo,
mashconfig))
-def get_pkg_people(pkgName, collectionName, collectionVersion):
+def get_pkg_pushers(pkgName, collectionName, collectionVersion):
""" Pull users who can commit and are watching a package
- Return two lists:
- * The first consists of usernames allowed to commit to the package.
- * The second are usernames watching the package for updates.
+ Return two two-tuples of lists:
+ * The first tuple is for usernames. The second tuple is for groups.
+ * The first list of the tuple is for committers. The second is for
+ watchers.
+
+ An example::
+ >>> people, groups = get_pkg_pushers('foo', 'Fedora', 'devel')
+ >>> print people
+ (['toshio', 'lmacken'], ['wtogami', 'toshio', 'lmacken'])
+ >>> print groups
+ (['cvsextras'], [])
Note: The interface to the pkgdb could undergo the following changes:
FAS2 related:
@@ -229,21 +237,32 @@ def get_pkg_people(pkgName, collectionNa
pkgName, pkg['message'])
# Owner is allowed to commit and gets notified of pushes
- # This will always be 0 as we'll retrieve at most one value for
- # Package-Collection-Version
- notify = [pkg['packageListings'][0]['owneruser']]
- allowed = [notify[0]]
+ # This will always be the 0th element as we'll retrieve at most one
+ # value for any given Package-Collection-Version
+ pNotify = [pkg['packageListings'][0]['owneruser']]
+ pAllowed = [notify[0]]
# Find other people in the acl
for person in pkg['packageListings'][0]['people']:
if person['aclOrder']['watchcommits'] and \
pkg['statusMap'][str(person['aclOrder']['watchcommits']['statuscode'])] == 'Approved':
- notify.append(person['user'])
+ pNotify.append(person['user'])
if person['aclOrder']['commit'] and \
pkg['statusMap'][str(person['aclOrder']['commit']['statuscode'])] == 'Approved':
- allowed.append(person['user'])
-
- return (allowed, notify)
+ pAllowed.append(person['user'])
+
+ # Find groups that can push
+ gNotify = []
+ gAllowed = []
+ for group in pkg['packageListings'][0]['groups']:
+ if group['aclOrder']['watchcommits'] and \
+ pkg['statusMap'][str(group['aclOrder']['watchcommits']['statuscode'])] == 'Approved':
+ gNotify.append(group['name'])
+ if group['aclOrder']['commit'] and \
+ pkg['statusMap'][str(group['aclOrder']['commit']['statuscode'])] == 'Approved':
+ gAllowed.append(group['name'])
+
+ return ((pAllowed, pNotify), (gAllowed, gNotify))
def build_evr(build):
return (str(build['epoch']), build['version'], build['release'])
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list