Access to custom scope based on specific gitlab group

[Telokis]

I'm trying to allow a custom package prefix based on the same group.

Let's say that telokis-group really exists on Gitlab (and I have full access to it). I would like to allow a totally unrelated (possibly already existing) scope based on the same permission. Trying the following config gives me 403 error when I try to publish a package to @totally-different-group.

packages:
    "@totally-different-group/*":
        access: telokis-group
        publish: telokis-group
        gitlab: true
        unpublish:

    "@telokis-group/*":
        access: telokis-group
        publish: telokis-group
        gitlab: true
        unpublish:

The error I get is

npm ERR! code E403
npm ERR! 403 403 Forbidden - PUT http://localhost:4873/@totally-different-group%2ftest2 - must have required permissions:  at package-scope
npm ERR! 403 In most cases, you or one of your dependencies are requesting
npm ERR! 403 a package version that is forbidden by your security policy.

It works fine when I change totally-different-group to telokis-group.

[bufferoverflow]

you need to own the group to publish, see https://github.com/bufferoverflow/verdaccio-gitlab#publish

[Telokis]

Thanks. Is there any way I could find a way around this? Even if it implies forking verdaccio-gitlab.

[bufferoverflow]

get owner of that group and you are done.

There might be a way and if you've found a good one, please create a PR

[Telokis]

From what I understand, I could remove the function allow_publish from verdaccio-gitlab and the default behavior of verdaccio would be used. The default behavior is to be based on the groups of the user meaning that I could be allowed because I'm in the telokis-group group

[Telokis]

@bufferoverflow Would you mind reopening this issue, please? I'll provide a PR to allow it with a custom config variable.