Skip to content

Enforce configuration of roles in Weblate

Originally created by @zen on #17338 (Redmine)

I haven’t followed previous discussion about this, but there’s the idea of enforcing configuration of Weblate roles (as defined in the design doc through configuration management using Puppet.

Roles are:

  • Anonymous users can suggest.
  • Logged in users can suggest and vote on suggestions.
  • Reviewers can accept suggestions.
  • Admin.

The Puppet code created for this might need to be updated when weblate/django’s API changes.

Can someone share some background on this discussion? Was it thought to protect against a specific kind of attack or bug?

Steps for implementing:

  • Create script that checks for differences between template and actual permissions.
  • Agree on the desired state and encode it into the YAML file.
  • Add an option to enforce the config.
  • Add tests
  • Add logging
  • Check/Update documentation
  • Switch the cron job to enforce the config.
  • Add Viewers to every user as it is the default by Weblate
  • Cleanup Puppet code after deploy of renamed resources.

Related issues

Edited by Zen Fu
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information