Project

General

Profile

Actions
Copy link

Bug #5192

closed

[API] Disallow changing the name of a repository record (by non-admin users)

Added by Peter Amstutz about 9 years ago. Updated about 9 years ago.

Status:
Resolved
Priority:
Normal
Assigned To:
Radhika Chippada
Category:
API
Target version:
2015-03-11 sprint
Story points:
0.5

Description

Currently, a regular user can rename a repository, but the new name will resolve to a new empty repository: the content of the existing repository does not move with the name (but you can go back to the old content by renaming the repository record again).

Short term fix is to disallow changing the name attribute of a repository unless current_user.andand.is_admin.

Longer term fix is #4253.

Related issues

Related to Arvados - Feature #4253: [API] Users can create their own arvados-hosted git repositoriesResolvedBrett Smith10/17/2014Actions
Related to Arvados - Bug #5190: [Workbench] Tell admins not to put hyphens in repository namesResolvedRadhika Chippada03/08/2015Actions
Actions
Copy link
 #1

Updated by Peter Amstutz about 9 years ago

  • Subject changed from [API] Renaming repository results in gitolite creating a new repository to [API] Renaming repository results in a new repository
  • Description updated (diff)
Actions
Copy link
 #2

Updated by Peter Amstutz about 9 years ago

  • Description updated (diff)
Actions
Copy link
 #3

Updated by Tom Clegg about 9 years ago

  • Target version changed from Bug Triage to 2015-03-11 sprint
Actions
Copy link
 #4

Updated by Ward Vandewege about 9 years ago

  • Story points set to 0.5
Actions
Copy link
 #5

Updated by Tom Clegg about 9 years ago

  • Subject changed from [API] Renaming repository results in a new repository to [API] Disallow changing the name of a repository record
  • Description updated (diff)
  • Category set to API
  • Story points deleted (0.5)
Actions
Copy link
 #6

Updated by Tom Clegg about 9 years ago

  • Story points set to 0.5
Actions
Copy link
 #7

Updated by Radhika Chippada about 9 years ago

  • Assigned To set to Radhika Chippada
Actions
Copy link
 #8

Updated by Radhika Chippada about 9 years ago

  • Status changed from New to In Progress
Actions
Copy link
 #9

Updated by Radhika Chippada about 9 years ago

  • Subject changed from [API] Disallow changing the name of a repository record to [API] Disallow changing the name of a repository record (by non-admin users)
  • Status changed from In Progress to Resolved

Both API and Workbench already disallow a non-admin user from changing a repository name.

  • API: repository.rb -> permission_to_update method allows only admin user to update a repository. A unit test "active user cannot change repo name via can_manage permission" exists in api/test/unit/permission_test.rb
  • Workbench: Workbench hides the "Attributes" tab from non-admin users. In addition, repository.rb -> editable_attributes returns an empty array for non-admin users and allows only admin users to update the object.
Actions
Copy link

Also available in: Atom PDF