Access repository properties by normal users
19 views
Skip to first unread message
Jim Klo
Oct 13, 2016, 4:49:35 PM10/13/16
to scmmanager
Greetings,
I'm trying to integrate a CD job with our corporate SCM Manager installation.
One of the things I need to do is get a list of repositories that a standard, non-admin user with write permissions has access, filtering out repositories with specific custom repository properties.
When I use the REST API for /scm/api/rest/repositories.json, I get the list of all the repositories that the standard user has access, however the properties object is empty. However if I use an admin user, I then now get the extra properties.
I'm not sure if this is a bug, or as-designed, or if there's a way to modify the configuration in such a way that properties can be exposed to specific users, user types, or user groups.
I've attached a sample app that uses the Java client library that can be used to demonstrate the problem. It requires the SCM Manager server to have both standard and admin users to test with.
If anyone can assist by showing the errors of my ways or explaining if this is a feature, and if there's a way around it so that non-admins can be exposed to some or all of the repository properties, that would be great.
Thanks,
Jim
Sebastian Sdorra
Oct 18, 2016, 2:58:43 PM10/18/16
to scmma...@googlegroups.com
Hi Jim,
Repository properties are only visible for admins and owners of the repositories. This is by design, because the properties can include access tokens for other services like ci servers. I'm sorry, but there is no setting to change this behaviour. Why do you need the properties for your cd pipeline?
Sebastian
--
You received this message because you are subscribed to the Google Groups "scmmanager" group.
To unsubscribe from this group and stop receiving emails from it, send an email to scmmanager+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Jim Klo
Oct 18, 2016, 11:19:23 PM10/18/16
to scmma...@googlegroups.com
Basically it has to do with how a particular project is structured and how we employ export restricted source.
Our repos have various properties to indicate these export restrictions - which most developers need not know or understand.
I however need to create exported source bundles for licensees but I always have to filter out those repos that are export restricted - however I still have to build binaries from the export restricted source.
What I was hoping for is a fallback safeguard. I have config files which drive the packaging for cd - but it's not always perfect as new repos are created; these new repos don't always make it into the cd config correctly - and its possible for one of these export restricted repos to sneak in - because I don't know it's marked export restricted (and neither does the developer committing - very compartmentalized need-to-know info).
So it would be nice if I could read the meta-properties on the repo to check that flag - so I can double check the restriction.
It seems like a custom properties ACL plugin would be useful. So that some properties (i.e. Those holding credentials) can be marked admin while others could be marked for writers or readers.
Thanks,
JK
Our repos have various properties to indicate these export restrictions - which most developers need not know or understand.
I however need to create exported source bundles for licensees but I always have to filter out those repos that are export restricted - however I still have to build binaries from the export restricted source.
What I was hoping for is a fallback safeguard. I have config files which drive the packaging for cd - but it's not always perfect as new repos are created; these new repos don't always make it into the cd config correctly - and its possible for one of these export restricted repos to sneak in - because I don't know it's marked export restricted (and neither does the developer committing - very compartmentalized need-to-know info).
So it would be nice if I could read the meta-properties on the repo to check that flag - so I can double check the restriction.
It seems like a custom properties ACL plugin would be useful. So that some properties (i.e. Those holding credentials) can be marked admin while others could be marked for writers or readers.
Thanks,
JK
Reply all
Reply to author
Forward
0 new messages