Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot restrict users from publishing #242

Closed
vladfilipro opened this issue Apr 29, 2015 · 3 comments
Closed

Cannot restrict users from publishing #242

vladfilipro opened this issue Apr 29, 2015 · 3 comments

Comments

@vladfilipro
Copy link

Hello,

I cannot seem to be able to restrict users from publishing packages. My config file looks like this:

#
# This is the default config file. It allows all users to do anything,
# so don't use it on production systems.
#
# Look here for more config file examples:
# https://github.com/rlidwka/sinopia/tree/master/conf
#

# path to a directory with all packages
storage: ./storage

web:
  # web interface is disabled by default in 0.x, will be enabled soon in 1.x
  # when all its issues will be fixed
  #
  # set this to `true` if you want to experiment with web ui now;
  # this has a lot of issues, e.g. no auth yet, so use at your own risk
  enable: true

  title: Private NPM (Sinopia)
  # logo: logo.png
  # template: custom.hbs

auth:
  htpasswd:
    file: ./htpasswd
    # Maximum amount of users allowed to register, defaults to "+inf".
    # You can set this to -1 to disable registration.
    #max_users: 1000

# a list of other known repositories we can talk to
uplinks:
  npmjs:
    url: https://registry.npmjs.org/

packages:
  '@wh/*':
    # scoped packages
    # allow all users to read packages ('all' is a keyword)
    # this includes non-authenticated users
    access: $authenticated
    publish: admin
    storage: ./wh-storage

  '*':
    # allow all users (including non-authenticated users) to read and
    # publish all packages
    #
    # you can specify usernames/groupnames (depending on your auth plugin)
    # and three keywords: "$all", "$anonymous", "$authenticated"
    access: $all

    # allow all known users to publish packages
    # (anyone can register by default, remember?)
    publish: admin

    # if package is not available locally, proxy requests to 'npmjs' registry
    proxy: npmjs

# log settings
logs:
  - {type: stdout, format: pretty, level: http}
  #- {type: file, path: sinopia.log, level: info}

listen: 0.0.0.0:80

The server starts and runs well. New users are created by using npm adduser --registry http://mydomain.com

In the web interface, the packages which start with @wh/ are displayed only to authenticated users (intended behaviour), however every authenticated user can publish packages.

As you can see form the config.yaml file, i only want the user named "admin" to publish.

(Probably worth to mention that i'm logged in as a user called "test")

Can anyone please tell me what i am doing wrong?

Thank you
@rlidwka
Copy link
Owner

rlidwka commented Apr 29, 2015

This might be a duplicate of the issue #238 which was fixed recently.

So which version are you running? Is this bug still reproducible in sinopia@1.2.2?

@vladfilipro
Copy link
Author

I'm running version 1.2.1. I will upgrade to 1.2.2 and check.
Once i do, i will get back to this ticket. Thank you for the reply.

@vladfilipro
Copy link
Author

Just checked it. Upgrading to version 1.2.2 fixed it, thank you.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rlidwka @vladfilipro