Git LFS: "Access forbidden. Check your access level" error when pushing to a contributor's branch on a fork
Summary
For a forked MR, a user can configure their MR branch so the maintainer of the target project can push to it. In !67979 (comment 648778007) , I used this functionality to correct a commit message, but got this from the git push output:
$ git push --force-with-lease milkers milkers-master-patch-02266
WARNING: Authentication error: Authentication required: Access forbidden. Check your access level.
Enumerating objects: 9, done.
Counting objects: 100% (9/9), done.
Delta compression using up to 8 threads
Compressing objects: 100% (5/5), done.
Writing objects: 100% (5/5), 503 bytes | 251.00 KiB/s, done.
Total 5 (delta 4), reused 0 (delta 0), pack-reused 0
remote:
remote: View merge request for milkers-master-patch-02266:
remote: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/67979
remote:
To gitlab.com:milkers/gitlab.git
+ 9ea6da2cec1...61ca3232d18 milkers-master-patch-02266 -> milkers-master-patch-02266 (forced update)The push itself succeeded, but if I had had any LFS objects to send along, I suspect it would have failed.
Steps to reproduce
- Create a project
- Create a fork of the project
- Create an MR from fork -> parent, with "allow maintainers to push to branch" checked
- Have
git lfsinstalled - As a member of the parent, but not the fork, try to push a commit to the fork's branch from the CLI
Example Project
What is the current bug behavior?
LFS subsystem complains:
WARNING: Authentication error: Authentication required: Access forbidden. Check your access level.
What is the expected correct behavior?
I should be able to perform any LFS operations relevant to the branch I have access to
Output of checks
This bug happens on GitLab.com
Possible fixes
Most likely down to this line: https://gitlab.com/gitlab-org/gitlab/blob/c52747208039dddafadb361a0625c590a58b5ae2/app/controllers/concerns/lfs_request.rb#L102
I cannot :push_code to the repository in-general, but I can push to a specific branch within the repository (the one the MR is built on top of). If I needed to push a commit that changed an LFS file, I'd be stuck here.