From d61e345dee62446d2e89843972166769f1644b52 Mon Sep 17 00:00:00 2001 From: Tomas Kopecek Date: Tue, 13 Dec 2022 14:22:49 +0100 Subject: [PATCH] sidetag_edit permission for automation Related: https://pagure.io/koji/issue/3700 --- plugins/hub/sidetag_hub.py | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/plugins/hub/sidetag_hub.py b/plugins/hub/sidetag_hub.py index 9dce43c9..9a2ed3d0 100644 --- a/plugins/hub/sidetag_hub.py +++ b/plugins/hub/sidetag_hub.py @@ -41,6 +41,7 @@ def is_sidetag_owner(taginfo, user, raise_error=False): """Check, that given user is owner of the sidetag""" result = (taginfo['extra'].get('sidetag') and (taginfo['extra'].get('sidetag_user_id') == user['id'] or + context.session.hasPerm('sidetag_edit') or context.session.hasPerm('admin'))) if not result and raise_error: raise koji.ActionNotAllowed("This is not your sidetag") @@ -230,7 +231,7 @@ def listSideTags(basetag=None, user=None, queryOpts=None): @export -def editSideTag(sidetag, debuginfo=None, rpm_macros=None, remove_rpm_macros=None): +def editSideTag(sidetag, debuginfo=None, rpm_macros=None, remove_rpm_macros=None, extra=None): """Restricted ability to modify sidetags, parent tag must have: sidetag_debuginfo_allowed: 1 sidetag_rpm_macros_allowed: 1 @@ -255,6 +256,13 @@ def editSideTag(sidetag, debuginfo=None, rpm_macros=None, remove_rpm_macros=None is_sidetag(sidetag, raise_error=True) is_sidetag_owner(sidetag, user, raise_error=True) + if extra is not None and not (context.session.hasPerm('sidetag_admin') or + context.session.hasPerm('admin')): + raise koji.GenericError( + "Extra can be modified only with sidetag_admin or admin permissions.") + else: + extra = {} + parent_id = readInheritanceData(sidetag['id'])[0]['parent_id'] parent = get_tag(parent_id) @@ -265,7 +273,7 @@ def editSideTag(sidetag, debuginfo=None, rpm_macros=None, remove_rpm_macros=None and not parent['extra'].get('sidetag_rpm_macros_allowed'): raise koji.GenericError("RPM macros change is not allowed in parent tag.") - kwargs = {'extra': {}} + kwargs = {'extra': extra} if debuginfo is not None: kwargs['extra']['with_debuginfo'] = bool(debuginfo) if rpm_macros is not None: