I'm having a little bit of trouble implementing ACLs in a 2.1. When trying to insert (into the project config): <group groupid="Amino" role="maintainer"/> <sourceaccess> <disable/> </sourceaccess> <binarydownload> <disable/> </binarydownload>
osc complains that: Sending meta data... BuildService API error: change_project_protection_level (403) admin rights are required to raise the source protection level of a project Try again? ([y/N]):
This also seems to occur with the webui.
Interestingly, api/app/controllers/source_controller.rb contains the following snippet: p = Project.new(request_data, :name => project_name) if @project and not @project.disabled_for?('sourceaccess', nil, nil) if p.disabled_for? :sourceaccess render_error :status => 403, :errorcode => "change_project_protection_level", :message => "admin rights are required to raise the source protection level of a project" return end end
This doesn't seem to check for if a user is an admin or not, but (if I'm reading the code right) simply checks to see if the sourceaccess flag is being added at all.
So... commenting out section allows me to add the flag, but then more interesting problems occur. It doesn't seem to matter what 'group' you're actually in, you can view the spec file via the webui, the download links (for the source) fail with access denied errors, but the source can be downloaded via osc!
I'm hoping some basic understanding is missing here, and I'm not going completely insane. Does anyone have any thoughts about what could be causing this?