You do not have permission to create a repository within the project

その他

このページの内容

関連コンテンツ

  • 関連コンテンツがありません

お困りですか?

アトラシアン コミュニティをご利用ください。

コミュニティに質問

症状

If you own a Stash instance that is older than the 3.2 release, moving an account to a different "OU" or losing the connectivity to the LDAP User Directory will make Stash lose visibility of this AD account.

If you re-add the account to the correct OU or recover the account, Stash will show the account again, but his old permissions/user access won't be in Stash anymore. Adding the user back via global permissions and granting him permission on the Projects again will work as expected.

However, in some circumstances, when the user tries to create a personal repository it will get a message like:

You do not have permission to create a repository within the <Username> project

This error can also be perceived as:

401 You are not permitted to view this page

Both error messages have the same root cause and this issue needs to be manually fixed on the database.

診断

The queries below show which usernames are explicitly given project admin permissions to their own personal repository. Therefore, all users who have the right "PROJECT_ADMIN" permissions to their personal space are shown. Hence, if the query below doesn't return the user which is facing the described symptom, it means that it needs to be fixed.



If your instance older than 2.12.X, please run to diagnose ...

 

 

select u.id as user_id, u.name as user_name, pp.perm_id, pp.project_id, p.name as project_name 
from stash_user u 
left join sta_project_permission pp on (u.id = pp.user_id) 
left join project p on (pp.project_id = p.id)
where p.project_type = 1;

// p.project_type = 1 indicates a personal repository
// pp.perm_id = 4 indicates PROJECT_ADMIN permissions

Attention

If the user is not listed here it has an issue and needs to be fixed. All the other users in the output of the query above are fine.

If your instance newer than or equal to 2.12.X, please run to diagnose ...

 

You can run this following SQL query to check if the user is listed:

 

Attention

If the user is not listed here it has an issue and needs to be fixed. All the other users in the output of the query above are fine.

select u.id as user_id, nu.name as user_name, pp.perm_id, pp.project_id, p.name as project_name 
from stash_user u
left join sta_normal_user nu on (nu.user_id = u.id) 
left join sta_project_permission pp on (u.id = pp.user_id) 
left join project p on (pp.project_id = p.id)
where p.project_type = 1;

// p.project_type = 1 indicates a personal repository
// pp.perm_id = 4 indicates PROJECT_ADMIN permissions

 

または


You can run this following SQL query to check if there are users that are affected by this symptom.

 

Attention

If the user is listed here it has an issue and needs to be fixed.

select u.id as user_id, nu.name as user_name
from stash_user u
left join sta_normal_user nu on (nu.user_id = u.id)
where 
u.id not in (select u.id as user_id
from stash_user u
left join sta_normal_user nu on (nu.user_id = u.id)
left join sta_project_permission pp on (u.id = pp.user_id)
left join project p on (pp.project_id = p.id)
where p.project_type = 1) 
and 
nu.name not in (select nu.name as user_name
from stash_user u
left join sta_normal_user nu on (nu.user_id = u.id)
left join sta_project_permission pp on (u.id = pp.user_id)
left join project p on (pp.project_id = p.id)
where p.project_type = 1);

 

Also, just as an extra note, users will only be given the right "PROJECT_ADMIN" permissions to their personal space once the user explicitly goes on to Stash UI and click on Profile >> View Profile. Only then, the permission will be automatically created. Forking repository into the personal repository also creates this permission automatically.

 

 

原因

The loss of permissions due to loss of connections to LDAP is fixed in Stash 3.2.0:  STASH-4631 - Getting issue details... STATUS

You shouldn't face issues like that in an more recent version of Stash.

ソリューション

 

The database structure of Stash can be changed on upgrades without discretion. If you are unsure about changing your database or you had errors running the queries above (in the Diagnosis), please file an issue with Atlassian Support before running the transaction described in the Resolution. Always remember to backup your instance before any database change as we recommend on:

 

 

If your instance older than 2.12.X, please run ...
  • Use this query to find the project ID and user ID. Substitute username by the user having troubles creating a personal repo (i.e. mkramer or tbomfim). In one of the query parameters, the symbol " ~ " should be kept before the username:


select project.id as project_id, stash_user.id from project, stash_user where project.name LIKE '~username' AND project_type=1 AND stash_user.name LIKE 'username';
  • Double check! Make sure nothing already exists in the permission table:


select * from sta_project_permission where user_id=<user_id here> AND project_id=<project_id here>;
  • After that you can use the values found from the first query to fix the permissions with the transaction below:


begin;
insert into sta_project_permission
(id, perm_id, project_id, user_id)
values
(
    (
		select next_val from id_sequence
		where sequence_name = 'granted_permission'
    ), 4, <project_id here>, <user_id here>
);

update id_sequence set next_val = next_val + 1 where sequence_name = 'granted_permission';
commit;
If your instance newer than or equal to 2.12.X, please run ...
  • Use this query to find the project ID and user ID. Substitute username by the user having troubles creating a personal repo (i.e. mkramer or tbomfim). In one of the query parameters, the symbol " ~ " should be kept before the username:
select project.id as project_id, sta_normal_user.user_id from project, sta_normal_user where project.name LIKE '~username' AND project_type=1 AND sta_normal_user.name LIKE 'username';

 

  • Double check! Make sure nothing already exists in the permission table:
select * from sta_project_permission where user_id=<user_id here> AND project_id=<project_id here>;

 

  • After that you can use the values found from the first query to fix the permissions with the transaction below:
begin;
insert into sta_project_permission
(id, perm_id, project_id, user_id)
values
(
    (
		select next_val from id_sequence
		where sequence_name = 'granted_permission'
    ), 4, <project_id here>, <user_id here>
);

update id_sequence set next_val = next_val + 1 where sequence_name = 'granted_permission';
commit;

The permissions might be cached thus the database change might not immediately resolve the error message the user is experiencing.

There are 2 options to repopulate the cache after the database change:

  • Restart Stash

または

  • Grant and then revoke a new permission to a project, repo, or even a Global Permission via the UI for the affected user.
最終更新日: 2016 年 2 月 23 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する

関連コンテンツ

  • 関連コンテンツがありません
Powered by Confluence and Scroll Viewport.