ActionNotAllowed: admin permission required

Tom Stage tom.stage at dvos.dk
Tue May 26 15:29:48 UTC 2009 

Hi Mike, Jay and the rest of you

I have solved the problem with you kind help.

The basic problem was the user_perms table not being updated, so it was a
combo of not reading the how to right.

Thanks for your help on this.

Cheers Tom



-----Original Message-----
From: Mike Bonnet [mailto:mikeb at redhat.com] 
Sent: 26. maj 2009 16:18
To: Tom Stage; Discussion of Fedora build system
Subject: Re: ActionNotAllowed: admin permission required

Tom Stage wrote:
> Hi all
> 
> Well I have to admit that I am in the same boat as the last thread with
the
> same Subject, this config is also with SSL configured and it seems to be
ok
> and running good, I can log in to the web interface.
> 
> I have Koji installed on a Fedora 10 x86_64 system, and I have followed
the
> HowTo at http://fedoraproject.org/wiki/Koji/ServerHowTo and I to cant seem
> to execute the following commands as an example:
> 
> System info:
> Uname -a 
> Linux koji 2.6.27.21-170.2.56.fc10.x86_64 #1 SMP Mon Mar 23 23:08:10 EDT
> 2009 x86_64 x86_64 x86_64 GNU/Linux
> 
> Rpm -qa
> koji-builder-1.3.1-1.fc10.noarch
> koji-utils-1.3.1-1.fc10.noarch
> koji-1.3.1-1.fc10.noarch
> koji-web-1.3.1-1.fc10.noarch
> koji-hub-1.3.1-1.fc10.noarch
> 
> SSL certificates created after the instructions in the howto, with one
> exception, since this is a single host installation I have only created 3
> types of certificates. The 1st one is the signing certificate. The 2nd one
> is the certificates for the host, and used by all the koji services. The
3rd
> one is the user certificates.
> 
> [root at koji ~]koji call getLoggedInUser
> {'id': 1, 'krb_principal': None, 'name': 'admin', 'status': 0, 'usertype':
> 0} 
> 
> [root at koji ~]koji add-user kojira
> ActionNotAllowed: admin permission required
> 
> [root at koji ~]koji add-host koji.dvos.dk x86_64
> ActionNotAllowed: admin permission required
> 
> My users in the users table in postgres looks like this:
> Id	name	password	status	usertype	krb_principal
> 1	admin		0	0	
> 2	koji.dvos.dk	0	1	
> 
> My permissions table looks like this:
> Id	name
> 1	admin
> 2	build
> 3	repo
> 
> I am confused and don't understand what I am doing wrong, and I am willing
> to post my configuration files as well.
> 
> Any help is appreciated.

To grant a permission to a user you need to insert into the "user_perms" 
table.  The user_id column references the id of the users table, and the 
perm_id references the id of the permissions table.  In your case, 
granting the "admin" user the "admin" permission would be accomplished 
by running:

insert into user_perms (user_id, perm_id) values (1, 1);

After that, you can grant other permissions by using the "koji 
grant-permission" command.

More information about the buildsys mailing list