GSoC 2016 finished last week and i am writing this blog to list the work done by me in last three months for Fedora. My project was to adjust pagure and write script(s) so that we can have pkgs.fedoraproject.org on a pagure instance. We have it in staging currently http://pkgs.stg.fedoraproject.org/pagure/
Besides these, there is a script for getting user acls from pkgdb:
For me, the experience has been perfect. I like the work environment at #fedora-apps. My mentor, Pierre-Yves Chibon is nice to everyone and i hope i haven’t annoyed or disappointed him in last 3 months. It’s hard to find a person who can guide so patiently. I am saying this not because i see one of my friend working for FOSS Asia but, because he is genuinely good.
If GSoC wasn’t there, even then i would have spent my last 3 months in the same way (without mine and my father’s new mobile phone). I contribute here because i like the work environment that they have created and i get to learn new things while working on real life projects.
So, thanks Google for the money and Fedora for such an awesome experience.
Not long ago, Gaurav added watch feature on pagure. But, It had one thing missing from it: a user could not see what all projects he/she is watching. So, with pull request #1158, i tried to solve that problem.
For those of you are not aware of this feature, a user can now subscribe for emails for development of a project. He/She will receive emails for any changes on the issue tracker or if anything happens in any pull request. By default, the admin of a project is watching the project. However, if he wishes, he can unwatch it and he won’t receive emails for that project anymore. This can help in situations when the user is admin of a lot of projects and is no longer interested in some of them.
I won’t go in details of how this was implemented since, it involves simple function calls and minor addition in the UI (plus, there is a link to the PR). I will, however, attach screenshot of how it will look, when it will be live on pagure.io.
pkgs.fedoraproject.org currently has more than 18k git repositories and it’s relying on cgit which is not capable of git collaboration. On the other hand, we have pagure which is a git collaboration tool and it’s live on pagure.io. As part of my Google Summer of Code project, i was supposed to prepare script and adjust pagure so that we can have pkgs.fp.org on a pagure instance.
For those who are not familiar with pagure, it’s a free and open source git collaboration tool written on top of pygit2 by pingou. It has a similar workflow as Github . One can fork a project, make changes and ask to merge the changes to the main project by creating a pull request. pagure.io already has more than 250 projects hosted on it and it’s increasing everyday. Feel free to play with pagure on stg.pagure.io.
The idea is, we will make pkgs.fedoraproject.org a pagure instance. With this change, it will be easier for anybody to contribute to any of the git rpms hosted on pkgs.fp.org . This is the major reason for the shift. Currently, only the rpm maintainers can make changes to the repository. But, once we have these rpms on a pagure instance, anybody with a FAS account can fork the project and make a pull request.
Here are a few points which makes pagure adaptable for pkgs.fp.org :
- Turn on/off user management: Since, the acls for the git repositories come from pkgdb, user management should be turned off on the instance level.
- Turn on/off Issue Tracker: The git rpms are not exactly projects, so it’s turned off at the instance level as well.
- Turn on/off project creation: The git rpms need approval for creation of a project, thus a user shouldn’t be able to create a project.
- Pseudo namespace: Pagure doesn’t have namespaces for a project (although, forks have). Thus, pseudo namespace was introduced. We can have a list of namespaces allowed for an instance.
Honestly speaking, almost all the above mentioned work was already done. After this, we just needed to adjust the script which currently gets acls from pkgdb so that it updates pagure database as well.
The work is almost complete and the shift should not take long once pingou returns from his vacation.
For any further query, you can ping me on #fedora-apps (nick: vivek_)
Currently in pagure, we have only two access levels in a project – either you have no access or admin access. There have been a few discussions of more levels of access – #892, #792
With the new changes, there will be four different levels of access –
- None: As the name suggests, no special power. Just a normal user.
- Ticket: Edit the metadata of issues which includes tagging, assigning and changing the status of the issue. They can’t delete or edit the issue itself.
- Commit: All the access an admin of the project has except access to settings of the project.
- Admin: He is the boss of the project.
As you can see, the levels are hierarchical in nature. The committers have all the access a user with ticket access has and similarly, the admin has all the access a committer has plus, some other accesses.
Ticket access is sort of “entry” level access to the project. They can play with the metadata of the issue and that’s it. The committers can merge/close a pull request, can commit to the project repository directly, edit/remove issues/comments. Basically, they can do anything in the project but touch the settings. Since, the admins are the only ones with access to settings, they are the only ones who can add/remove a user/group from a project or update their accesses.
In pagure, groups are dealt in a similar way as a user is. So, they too can have all the mentioned access levels. If you provide a group with some access in a project, all the users in the group will automatically get that access. In cases when a user already has some access “a”, and is also present in a group with some other access “b”, he gets greater level of access out of “a” and “b”.
Implementation (in short)
We already have admin access level in pagure so adding two more levels wasn’t a big deal. It has been implemented in a similar way. Here are few of the points:
- Introduction of a new table: access_levels in the pagure db and foreign keys of the same in user_projects and projects_groups tables.
- project.users now returns the list of users with at least ticket access , earlier it returned the list of users with admin access. Similar is the case with project.groups . Similar relations: project.admins, project.committers, project.admin_groups, project.committer_groups.
- Two functions: is_repo_committer and is_repo_user to check for the rights of the user on the project. is_repo_admin was already there.
- Update code to allow RW+ right for committers in gitolite file.
- Changes in the conditional statements across the pagure code.
Pull request related to this is here. Tests and docs haven’t been updated yet.