Hello there! Right now access if pretty much fine-grained, users can only see repos that are allowed for their teams on github, but on issue left - can’t find a way in the docs to promote a build for a user that is not admin. Any way to do that?
Giving him admin is dangerous, since he’s a newcomer, but we’d like to give him ability to promote build from his own repos.
He’s administrator of his own repos. Isn’t it enough?
Thanks in advance for the info!
Giving him admin is dangerous, since he’s a newcomer, but we’d like to give him ability to promote build from his own repos.
Sorry if I am misunderstanding, but a repository owner can always promote their own repositories. Promoting a build requires admin access to the repository [1], not admin access to all of Drone.
[1] as of Drone 1.2.1 repository write access is required to promote a build
Actually drone gives him client 404 on promoting build from repo he created himself + I’ve added additional repo admin team, he’s part of.
I cannot reproduce what you are describing. I can promote with admin access to a repository and do not require admin access to Drone itself. You can examine the relevant source code.
CheckAdminAccess middleware [1]CheckAdminAccess looks at repository permission for admin access [2] which comes from the permissions object in the github repository endpoint [3]Since I am unable to reproduce the behavior you are describing, and since other users are successfully using the promotion feature without issue, the feature appears to be working as expected.
[1] https://github.com/drone/drone/blob/v1.2.0/handler/api/api.go#L188
[2] https://github.com/drone/drone/blob/v1.2.0/handler/api/acl/check_test.go#L435
[3] https://developer.github.com/v3/repos/#get
You are totally right, sorry, feedback was erroneous, user tried to promote non-existing build in another repo.
Thanks Brad!!