Files @ b2634df81a11
Branch filter:

Location: kallithea/docs/dev/dbmigrations.rst

b2634df81a11 2.9 KiB text/prs.fallenstein.rst Show Annotation Show as Raw Download as Raw
Mads Kiilerich
auth: explicit user permission should not blindly overrule permissions through user groups

Before, explicit permissions of a user could shadow higher permissions that
would otherwise be obtained through a group the user is member of.
That was confusing and fragile: *removing* a permission could then suddenly
give a user *more* permissions.

Instead, change the flag for controlling internal permission computation to
*not* use "explicit". Permissions will then add up, no matter if they are
explicit or through groups.

The change in auth.py is small, but read the body of __get_perms to see the
actual impact ... and also the clean-up changeset that will come next.

This might in some cases be a behaviour change and give users more access ...
but it will probably only give the user that was intended. This change can thus
be seen as a bugfix.

Some tests assumed the old behaviour. Not for good reasons, but just because
that is how they were written. These tests are updated to expect the new
behaviour, and it has been reviewed that it makes sense.

Note that this 'explicit' flag mostly is for repo permissions and independent
of the 'user_inherit_default_permissions' that just was removed and is about
global permissions.
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
=======================
Database schema changes
=======================

Kallithea uses Alembic for :ref:`database migrations <upgrade_db>`
(upgrades and downgrades).

If you are developing a Kallithea feature that requires database schema
changes, you should make a matching Alembic database migration script:

1. :ref:`Create a Kallithea configuration and database <setup>` for testing
   the migration script, or use existing ``development.ini`` setup.

   Ensure that this database is up to date with the latest database
   schema *before* the changes you're currently developing. (Do not
   create the database while your new schema changes are applied.)

2. Create a separate throwaway configuration for iterating on the actual
   database changes::

    kallithea-cli config-create temp.ini

   Edit the file to change database settings. SQLite is typically fine,
   but make sure to change the path to e.g. ``temp.db``, to avoid
   clobbering any existing database file.

3. Make your code changes (including database schema changes in ``db.py``).

4. After every database schema change, recreate the throwaway database
   to test the changes::

    rm temp.db
    kallithea-cli db-create -c temp.ini --repos=/var/repos --user=doe --email doe@example.com --password=123456 --no-public-access --force-yes
    kallithea-cli repo-scan -c temp.ini

5. Once satisfied with the schema changes, auto-generate a draft Alembic
   script using the development database that has *not* been upgraded.
   (The generated script will upgrade the database to match the code.)

   ::

    alembic -c development.ini revision -m "area: add cool feature" --autogenerate

6. Edit the script to clean it up and fix any problems.

   Note that for changes that simply add columns, it may be appropriate
   to not remove them in the downgrade script (and instead do nothing),
   to avoid the loss of data. Unknown columns will simply be ignored by
   Kallithea versions predating your changes.

7. Run ``alembic -c development.ini upgrade head`` to apply changes to
   the (non-throwaway) database, and test the upgrade script. Also test
   downgrades.

   The included ``development.ini`` has full SQL logging enabled. If
   you're using another configuration file, you may want to enable it
   by setting ``level = DEBUG`` in section ``[handler_console_sql]``.

The Alembic migration script should be committed in the same revision as
the database schema (``db.py``) changes.

See the `Alembic documentation`__ for more information, in particular
the tutorial and the section about auto-generating migration scripts.

.. __: http://alembic.zzzcomputing.com/en/latest/


Troubleshooting
---------------

* If ``alembic --autogenerate`` responds "Target database is not up to
  date", you need to either first use Alembic to upgrade the database
  to the most recent version (before your changes), or recreate the
  database from scratch (without your schema changes applied).
This site is powered by Kallithea 0.7.0, which is © 2010–2025 by various authors & licensed under GPLv3.