more verbose default policy denials

Related: https://pagure.io/koji/issue/3397
2022-06-09 13:05:35 +02:00 · 2022-06-09 13:05:35 +02:00 · 03f3d92a00
commit 03f3d92a00
parent 1a71b4e8d9
1 changed files with 5 additions and 5 deletions
--- a/hub/kojixmlrpc.py
+++ b/hub/kojixmlrpc.py
@ -557,23 +557,23 @@ def load_plugins(opts):
 _default_policies = {
    'build_from_srpm': '''
            has_perm admin :: allow
-            all :: deny
+            all :: deny Only admin can do this via default policy
            ''',
    'build_from_repo_id': '''
            has_perm admin :: allow
-            all :: deny
+            all :: deny Only admin can do this via default policy
            ''',
    'build_from_scm': '''
            has_perm admin :: allow
            # match scm_type CVS CVS+SSH && match scm_host scm.example.com && match scm_repository /cvs/example :: allow
            # match scm_type GIT GIT+SSH && match scm_host git.example.org && match scm_repository /example :: allow
            # match scm_type SVN SVN+SSH && match scm_host svn.example.org && match scm_repository /users/* :: allow
-            all :: deny
+            all :: deny Only admin can do this via default policy
            ''',  # noqa: E501
    'package_list': '''
            has_perm admin :: allow
            has_perm tag :: allow
-            all :: deny
+            all :: deny Only admin/tag can do this via default policy
            ''',
    'channel': '''
            has req_channel :: req
@ -582,7 +582,7 @@ _default_policies = {
            ''',
    'vm': '''
            has_perm admin win-admin :: allow
-            all :: deny
+            all :: deny Only admin/win-admin can do this via default policy
           ''',
    'cg_import': '''
            all :: allow