X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/7a98271d94163cdc4afa5bfcf275db353bc062d2..3735d52b65928e3626a8e223acadc318a3d31097:/services/api/app/controllers/arvados/v1/repositories_controller.rb

diff --git a/services/api/app/controllers/arvados/v1/repositories_controller.rb b/services/api/app/controllers/arvados/v1/repositories_controller.rb
index 390aa73324..0452c523bf 100644
--- a/services/api/app/controllers/arvados/v1/repositories_controller.rb
+++ b/services/api/app/controllers/arvados/v1/repositories_controller.rb
@@ -7,6 +7,7 @@ class Arvados::V1::RepositoriesController < ApplicationController
     User.includes(:authorized_keys).all.each do |u|
       @users[u.uuid] = u
     end
+    admins = @users.select { |k,v| v.is_admin }
     @user_aks = {}
     @repo_info = {}
     @repos = Repository.includes(:permissions).all
@@ -17,7 +18,9 @@ class Arvados::V1::RepositoriesController < ApplicationController
         if ArvadosModel::resource_class_for_uuid(perm.tail_uuid) == Group
           @users.each do |user_uuid, user|
             user.group_permissions.each do |group_uuid, perm_mask|
-              if perm_mask[:write]
+              if perm_mask[:manage]
+                perms << {name: 'can_manage', user_uuid: user_uuid}
+              elsif perm_mask[:write]
                 perms << {name: 'can_write', user_uuid: user_uuid}
               elsif perm_mask[:read]
                 perms << {name: 'can_read', user_uuid: user_uuid}
@@ -28,6 +31,10 @@ class Arvados::V1::RepositoriesController < ApplicationController
           perms << {name: perm.name, user_uuid: perm.tail_uuid}
         end
       end
+      # Owner of the repository, and all admins, can RW
+      ([repo.owner_uuid] + admins.keys).each do |user_uuid|
+        perms << {name: 'can_write', user_uuid: user_uuid}
+      end
       perms.each do |perm|
         user_uuid = perm[:user_uuid]
         @user_aks[user_uuid] = @users[user_uuid].andand.authorized_keys.andand.
@@ -52,7 +59,11 @@ class Arvados::V1::RepositoriesController < ApplicationController
     end
     @repo_info.values.each do |repo_users|
       repo_users[:user_permissions].each do |user_uuid,perms|
-        if perms['can_write']
+        if perms['can_manage']
+          perms[:gitolite_permissions] = 'RW'
+          perms['can_write'] = true
+          perms['can_read'] = true
+        elsif perms['can_write']
           perms[:gitolite_permissions] = 'RW'
           perms['can_read'] = true
         elsif perms['can_read']