Mercurial > kallithea

diff docs/api/api.rst @ 7296:caa482f8fb5f

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
repos: only allow api repo creation in existing groups Fix problem with '../something' paths being allowed; '..' will always exist and can't be created. This also introduce a small API change: Repository groups must now exist before repositories can be created. This makes the API more explicit and simpler. This issue was found and reported by Kacper Szurek https://security.szurek.pl/
author Mads Kiilerich <mads@kiilerich.com>
date Tue, 29 May 2018 12:25:41 +0200
parents 19bc05bd8cf7
children b3289fef0daa
line wrap: on
line diff
--- a/docs/api/api.rst	Tue May 29 12:25:40 2018 +0200
+++ b/docs/api/api.rst	Tue May 29 12:25:41 2018 +0200
@@ -796,10 +796,12 @@
 create_repo
 ^^^^^^^^^^^
 
-Create a repository. If the repository name contains "/", all needed repository
-groups will be created. For example "foo/bar/baz" will create repository groups
-"foo", "bar" (with "foo" as parent), and create "baz" repository with
-"bar" as group.
+Create a repository. If the repository name contains "/", the repository will be
+created in the repository group indicated by that path. Any such repository
+groups need to exist before calling this method, or the call will fail.
+For example "foo/bar/baz" will create a repository "baz" inside the repository
+group "bar" which itself is in a repository group "foo", but both "foo" and
+"bar" already need to exist before calling this method.
 This command can only be executed using the api_key of a user with admin rights,
 or that of a regular user with create repository permission.
 Regular users cannot specify owner parameter.