You do not have permission to create a repository within the project

Miscellaneous

On this page

Still need help?

The Atlassian Community is here for you.

Ask the community

Symptoms

If you own a Stash instance that is older than the 3.2 release, moving an account to a different "OU" or losing the connectivity to the LDAP User Directory will make Stash lose visibility of this AD account.

If you re-add the account to the correct OU or recover the account, Stash will show the account again, but his old permissions/user access won't be in Stash anymore. Adding the user back via global permissions and granting him permission on the Projects again will work as expected.

However, in some circumstances, when the user tries to create a personal repository it will get a message like:

You do not have permission to create a repository within the <Username> project

This error can also be perceived as:

401 You are not permitted to view this page

Both error messages have the same root cause and this issue needs to be manually fixed on the database.

Diagnosis

The queries below show which usernames are explicitly given project admin permissions to their own personal repository. Therefore, all users who have the right "PROJECT_ADMIN" permissions to their personal space are shown. Hence, if the query below doesn't return the user which is facing the described symptom, it means that it needs to be fixed.



If your instance older than 2.12.X, please run to diagnose ...

 

 

select u.id as user_id, u.name as user_name, pp.perm_id, pp.project_id, p.name as project_name 
from stash_user u 
left join sta_project_permission pp on (u.id = pp.user_id) 
left join project p on (pp.project_id = p.id)
where p.project_type = 1;

// p.project_type = 1 indicates a personal repository
// pp.perm_id = 4 indicates PROJECT_ADMIN permissions

Attention

If the user is not listed here it has an issue and needs to be fixed. All the other users in the output of the query above are fine.

If your instance newer than or equal to 2.12.X, please run to diagnose ...

 

You can run this following SQL query to check if the user is listed:

 

Attention

If the user is not listed here it has an issue and needs to be fixed. All the other users in the output of the query above are fine.

select u.id as user_id, nu.name as user_name, pp.perm_id, pp.project_id, p.name as project_name 
from stash_user u
left join sta_normal_user nu on (nu.user_id = u.id) 
left join sta_project_permission pp on (u.id = pp.user_id) 
left join project p on (pp.project_id = p.id)
where p.project_type = 1;

// p.project_type = 1 indicates a personal repository
// pp.perm_id = 4 indicates PROJECT_ADMIN permissions

 

OR


You can run this following SQL query to check if there are users that are affected by this symptom.

 

Attention

If the user is listed here it has an issue and needs to be fixed.

select u.id as user_id, nu.name as user_name
from stash_user u
left join sta_normal_user nu on (nu.user_id = u.id)
where 
u.id not in (select u.id as user_id
from stash_user u
left join sta_normal_user nu on (nu.user_id = u.id)
left join sta_project_permission pp on (u.id = pp.user_id)
left join project p on (pp.project_id = p.id)
where p.project_type = 1) 
and 
nu.name not in (select nu.name as user_name
from stash_user u
left join sta_normal_user nu on (nu.user_id = u.id)
left join sta_project_permission pp on (u.id = pp.user_id)
left join project p on (pp.project_id = p.id)
where p.project_type = 1);

 

Also, just as an extra note, users will only be given the right "PROJECT_ADMIN" permissions to their personal space once the user explicitly goes on to Stash UI and click on Profile >> View Profile. Only then, the permission will be automatically created. Forking repository into the personal repository also creates this permission automatically.

 

 

Cause

The loss of permissions due to loss of connections to LDAP is fixed in Stash 3.2.0:  STASH-4631 - Getting issue details... STATUS

You shouldn't face issues like that in an more recent version of Stash.

Resolution

 

The database structure of Stash can be changed on upgrades without discretion. If you are unsure about changing your database or you had errors running the queries above (in the Diagnosis), please file an issue with Atlassian Support before running the transaction described in the Resolution. Always remember to backup your instance before any database change as we recommend on:

 

 

If your instance older than 2.12.X, please run ...
  • Use this query to find the project ID and user ID. Substitute username by the user having troubles creating a personal repo (i.e. mkramer or tbomfim). In one of the query parameters, the symbol " ~ " should be kept before the username:


select project.id as project_id, stash_user.id from project, stash_user where project.name LIKE '~username' AND project_type=1 AND stash_user.name LIKE 'username';
  • Double check! Make sure nothing already exists in the permission table:


select * from sta_project_permission where user_id=<user_id here> AND project_id=<project_id here>;
  • After that you can use the values found from the first query to fix the permissions with the transaction below:


begin;
insert into sta_project_permission
(id, perm_id, project_id, user_id)
values
(
    (
		select next_val from id_sequence
		where sequence_name = 'granted_permission'
    ), 4, <project_id here>, <user_id here>
);

update id_sequence set next_val = next_val + 1 where sequence_name = 'granted_permission';
commit;
If your instance newer than or equal to 2.12.X, please run ...
  • Use this query to find the project ID and user ID. Substitute username by the user having troubles creating a personal repo (i.e. mkramer or tbomfim). In one of the query parameters, the symbol " ~ " should be kept before the username:
select project.id as project_id, sta_normal_user.user_id from project, sta_normal_user where project.name LIKE '~username' AND project_type=1 AND sta_normal_user.name LIKE 'username';

 

  • Double check! Make sure nothing already exists in the permission table:
select * from sta_project_permission where user_id=<user_id here> AND project_id=<project_id here>;

 

  • After that you can use the values found from the first query to fix the permissions with the transaction below:
begin;
insert into sta_project_permission
(id, perm_id, project_id, user_id)
values
(
    (
		select next_val from id_sequence
		where sequence_name = 'granted_permission'
    ), 4, <project_id here>, <user_id here>
);

update id_sequence set next_val = next_val + 1 where sequence_name = 'granted_permission';
commit;

The permissions might be cached thus the database change might not immediately resolve the error message the user is experiencing.

There are 2 options to repopulate the cache after the database change:

  • Restart Stash

or

  • Grant and then revoke a new permission to a project, repo, or even a Global Permission via the UI for the affected user.
Last modified on Feb 23, 2016

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.