Not able to publish even though I have access

[bartdelange]

Hi I am not able to publish a package when I have access according to the logs.

Related logs

debug--- [gitlab] user: bart.delange, with groups: { publish: [ 'bart.delange', 'group' ] }
debug--- [gitlab] user: bart.delange allowed to publish package: @group/package based on package-scope
http <-- 403, user: bart.delange, req: 'PUT /@group%2fpackage', error: user bart.delange is not allowed to publish package @group/package

Config

storage: /verdaccio/storage

plugins: /verdaccio/plugins/

listen:
  - 0.0.0.0:4873

auth:
  gitlab:
    url: https://gitlab.example.com
    publish: $developer

uplinks:
  npmjs:
    url: https://registry.npmjs.org/

middlewares:
  audit:
    enabled: true

packages:
  '@group/*':
    access: $reporter
    publish: $developer
    gitlab: true

  '**':
    access: $authenticated
    publish: $authenticated
    proxy: npmjs
    gitlab: false

web:
  enable: true
  title: NPM Registry
  scope:

logs:
  - {type: stdout, format: pretty, level: debug}

[dlouzan]

Are you using the latest master? You might have stumbled with the issue we are tracking in #60

If that's the case, please try checking out the latest release 2.0.0 tag and let us know if it still happens.

[dlouzan]

By the way I have just noticed, you are trying to map the gitlab access levels on access and publish for the package groups; that's not how the plugin currently works. You have to use in there either $all or $authenticated.

Access is allowed to all based on authenticated / not authenticated. Publish is limited based on the user id / user groups. Please read carefully the documentation.

[dlouzan]

@bart-de-lange We merged the corrected code yesterday, please let us know if that solved your issue.

[bartdelange]

This did indeed resolve the publish issue, but then the question arises: How do I limit pull access to groups?

[bufferoverflow]

@bart-de-lange this is not possible yet