Feature #3486

expose origin of permission in perm dict for users

Added by Marcin Kuzminski [CTO] about 5 years ago. Updated about 5 years ago.

Target version:
Start date:
Due date:
% Done:


Estimated time:
Commit Number:


Currently when we build permissions tree there are multiple origins of permissions. It would be usefull to know from where the user got a permission. During the big calculation we should store the origin of permissions into a separate dict so we can display it in permissions summary page.

example origin types:

  • explicit permissions on repo
  • permission inherited from user group
  • permissions inherited from default repo permissions
  • permissions inherited from global default permission.

This would allow to check if some users don't have wrong user rights, by checking the origin.

Example: it's ok if user has read that it's coming from explicit assignment (one can go to that repo and change it), but it would be wrong if that read permissions comes from inherited global one. It would simply allow to detect nicer exception and improve security


pasted_image_at_2016_06_03_09_51_pm.png (200 KB) pasted_image_at_2016_06_03_09_51_pm.png Marcin Kuzminski [CTO], 03.06.2016 21:03

Updated by Marcin Kuzminski [CTO] about 5 years ago

example implementation, @arnaud, could be useful to get an opinion from you on this.


Updated by Arnaud GUT about 5 years ago

Hi Marcin,

This could be useful for me even if I've written a Python script that checks if the delegated admin respects the corporate secrity policy we have at Gemalto.

But, always the same thing ;-), the information you display are not explicit at all for me at least. What means the strikethrough text for this?:
rhodecode-appenlight: repository.none(repo), repository.admin (usergroup:test), repository.none (default)

Also available in: Atom PDF