Skip to content

warehouse: Allow maintainers to craft project tokens #6301

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 11 commits into from
Jul 31, 2019
Merged

warehouse: Allow maintainers to craft project tokens #6301

merged 11 commits into from
Jul 31, 2019

Conversation

@woodruffw
Copy link
Member

@woodruffw woodruffw commented Jul 29, 2019
edited
Loading

Closes #6262.

cc @di / @dstufft / @brainwane

@woodruffw woodruffw changed the title [WIP] warehouse: Allow maintainers to craft project tokens warehouse: Allow maintainers to craft project tokens Jul 29, 2019
@woodruffw woodruffw force-pushed the tob-project-tokens-for-maintainers branch from 0a71cce to f118b5f Compare July 29, 2019 18:49
@brainwane brainwane requested review from di and ewdurbin July 29, 2019 19:42
brainwane
brainwane suggested changes Jul 29, 2019
View reviewed changes
Copy link
Contributor

@brainwane brainwane left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The token management screen links to manage/project/[project name]/releases/ (the link provided in the "scope" item for a project-scoped token) but, as a maintainer, that gives me an Access Denied: "You don't have permission to view this page" error. Perhaps it should link to project/[project name]/ if the user is a maintainer. Or if that's inelegant, it should link to that page for all users.

@woodruffw
warehouse: Route to project page instead of management page
4100823 
This avoids 403s for tokens created by maintainers.
@woodruffw
Copy link
Member Author

Perhaps it should link to project/[project name]/ if the user is a maintainer. Or if that's inelegant, it should link to that page for all users.

Done: I've linked to /project/{name} unconditionally, since retrieving the user's role for each project would be a little inelegant in this context (and I think consistency is best, since we're filling out a single row within a table).

brainwane
brainwane approved these changes Jul 30, 2019
View reviewed changes
Copy link
Contributor

@brainwane brainwane left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested on localhost and I can successfully -- as a project maintainer -- create a token and upload a distribution with it.

di
di reviewed Jul 30, 2019
View reviewed changes
@woodruffw
Copy link
Member Author

@di should be good for another pass!

@brainwane brainwane requested a review from di July 30, 2019 21:53
@ewdurbin ewdurbin merged commit ba6bc19 into pypi:master Jul 31, 2019
@woodruffw woodruffw deleted the tob-project-tokens-for-maintainers branch July 31, 2019 14:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ewdurbin ewdurbin ewdurbin approved these changes

@di di Awaiting requested review from di

+1 more reviewer

@brainwane brainwane brainwane approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Project-scoped API tokens] aren't available to maintainers

4 participants

@woodruffw @di @brainwane @ewdurbin