Permissions.AdminProhibitedProjectsRelease (#18257)

This introduces Permissions.AdminProhibitedProjectsWrite and grants it to admins and support.

Closes #18251

Author: ewdurbin

tests/unit/test_config.py

@@ -567,6 +567,7 @@ def test_root_factory_access_control_list():
                 Permissions.AdminProhibitedEmailDomainsWrite,
                 Permissions.AdminProhibitedProjectsRead,
                 Permissions.AdminProhibitedProjectsWrite,
+                Permissions.AdminProhibitedProjectsRelease,
                 Permissions.AdminProhibitedUsernameRead,
                 Permissions.AdminProhibitedUsernameWrite,
                 Permissions.AdminProjectsDelete,
@@ -598,6 +599,7 @@ def test_root_factory_access_control_list():
                 Permissions.AdminOrganizationsWrite,
                 Permissions.AdminProhibitedEmailDomainsRead,
                 Permissions.AdminProhibitedProjectsRead,
+                Permissions.AdminProhibitedProjectsRelease,
                 Permissions.AdminProhibitedUsernameRead,
                 Permissions.AdminProjectsRead,
                 Permissions.AdminProjectsSetLimit,

warehouse/admin/templates/admin/prohibited_project_names/list.html

@@ -66,10 +66,10 @@
             <input name="csrf_token" type="hidden" value="{{ request.session.get_csrf_token() }}">
             <input name="project_name" type="hidden" value="{{ prohibited_project_name.name }}">
             <input name="next" type="hidden" value="{{ request.current_route_path() }}">
-            <button type="submit" class="btn btn-link" title="{{ 'Submitting requires superuser privileges' if not request.has_permission(Permissions.AdminProhibitedProjectsWrite) }}" {{ "disabled" if not request.has_permission(Permissions.AdminProhibitedProjectsWrite) }}>
+            <button type="submit" class="btn btn-link" title="{{ 'Submitting requires additional privileges' if not request.has_permission(Permissions.AdminProhibitedProjectsRelease) }}" {{ "disabled" if not request.has_permission(Permissions.AdminProhibitedProjectsRelease) }}>
               <i class="fa fa-hands"></i>
             </button>
-            <input name="username" type="text" {{ "disabled" if not request.has_permission(Permissions.AdminProhibitedProjectsWrite) }}>
+            <input name="username" type="text" {{ "disabled" if not request.has_permission(Permissions.AdminProhibitedProjectsRelease) }}>
           </form>
         </td>
       </tr>

warehouse/admin/views/prohibited_project_names.py

@@ -136,7 +136,7 @@ def confirm_prohibited_project_names(request):
 
 @view_config(
     route_name="admin.prohibited_project_names.release",
-    permission=Permissions.AdminProhibitedProjectsWrite,
+    permission=Permissions.AdminProhibitedProjectsRelease,
     request_method="POST",
     uses_session=True,
     require_methods=False,

warehouse/authnz/_permissions.py

@@ -56,6 +56,7 @@ class Permissions(StrEnum):
 
     AdminProhibitedProjectsRead = "admin:prohibited-projects:read"
     AdminProhibitedProjectsWrite = "admin:prohibited-projects:write"
+    AdminProhibitedProjectsRelease = "admin:prohibited-projects:release"
 
     AdminProhibitedUsernameRead = "admin:prohibited-username:read"
     AdminProhibitedUsernameWrite = "admin:prohibited-username:write"

warehouse/config.py

@@ -81,6 +81,7 @@ class RootFactory:
                 Permissions.AdminProhibitedEmailDomainsWrite,
                 Permissions.AdminProhibitedProjectsRead,
                 Permissions.AdminProhibitedProjectsWrite,
+                Permissions.AdminProhibitedProjectsRelease,
                 Permissions.AdminProhibitedUsernameRead,
                 Permissions.AdminProhibitedUsernameWrite,
                 Permissions.AdminProjectsDelete,
@@ -112,6 +113,7 @@ class RootFactory:
                 Permissions.AdminOrganizationsWrite,
                 Permissions.AdminProhibitedEmailDomainsRead,
                 Permissions.AdminProhibitedProjectsRead,
+                Permissions.AdminProhibitedProjectsRelease,
                 Permissions.AdminProhibitedUsernameRead,
                 Permissions.AdminProjectsRead,
                 Permissions.AdminProjectsSetLimit,