/pulp/api/v3/rpm/prune/ permissions and/or usage is unclear

[simenon]

Version
"versions": {
"deb": "3.3.0",
"gem": "0.6.0",
"rpm": "3.27.1",
"core": "3.54.1",
"file": "3.54.1",
"maven": "0.8.1",
"ostree": "2.4.0",
"python": "3.11.1",
"ansible": "0.22.0",
"certguard": "3.54.1",
"container": "2.20.0"
}

Describe the bug
If the user has the permission to view and modify, and calls the api, the user is not allowed to prune the packages. Instead a stacktrace shows in the logs

2024-07-01T10:14:06.289909944+02:00 pulp [a5c25c8c514b4317bd2b9c1ff076a9d6]: django.request:ERROR: Internal Server Error: /pulp/api/v3/rpm/prune/
2024-07-01T10:14:06.289909944+02:00 Traceback (most recent call last):
2024-07-01T10:14:06.289909944+02:00 File "/usr/local/lib/python3.9/site-packages/django/core/handlers/exception.py", line 55, in inner
2024-07-01T10:14:06.289909944+02:00 response = get_response(request)
2024-07-01T10:14:06.289909944+02:00 File "/usr/local/lib/python3.9/site-packages/django/core/handlers/base.py", line 197, in _get_response
2024-07-01T10:14:06.289909944+02:00 response = wrapped_callback(request, *callback_args, **callback_kwargs)
2024-07-01T10:14:06.289909944+02:00 File "/usr/local/lib/python3.9/site-packages/django/views/decorators/csrf.py", line 56, in wrapper_view
2024-07-01T10:14:06.289909944+02:00 return view_func(*args, **kwargs)
2024-07-01T10:14:06.289909944+02:00 File "/usr/local/lib/python3.9/site-packages/rest_framework/viewsets.py", line 124, in view
2024-07-01T10:14:06.289909944+02:00 return self.dispatch(request, *args, **kwargs)
2024-07-01T10:14:06.289909944+02:00 File "/usr/local/lib/python3.9/site-packages/rest_framework/views.py", line 509, in dispatch
2024-07-01T10:14:06.289909944+02:00 response = self.handle_exception(exc)
2024-07-01T10:14:06.289909944+02:00 File "/usr/local/lib/python3.9/site-packages/rest_framework/views.py", line 469, in handle_exception
2024-07-01T10:14:06.289909944+02:00 self.raise_uncaught_exception(exc)
2024-07-01T10:14:06.289909944+02:00 File "/usr/local/lib/python3.9/site-packages/rest_framework/views.py", line 480, in raise_uncaught_exception
2024-07-01T10:14:06.289909944+02:00 raise exc
2024-07-01T10:14:06.289909944+02:00 File "/usr/local/lib/python3.9/site-packages/rest_framework/views.py", line 497, in dispatch
2024-07-01T10:14:06.289909944+02:00 self.initial(request, *args, **kwargs)
2024-07-01T10:14:06.289909944+02:00 File "/usr/local/lib/python3.9/site-packages/rest_framework/views.py", line 415, in initial
2024-07-01T10:14:06.289909944+02:00 self.check_permissions(request)
2024-07-01T10:14:06.289909944+02:00 File "/usr/local/lib/python3.9/site-packages/rest_framework/views.py", line 332, in check_permissions
2024-07-01T10:14:06.289909944+02:00 if not permission.has_permission(request, self):
2024-07-01T10:14:06.289909944+02:00 File "/usr/local/lib/python3.9/site-packages/rest_access_policy/access_policy.py", line 69, in has_permission
2024-07-01T10:14:06.289909944+02:00 allowed = self._evaluate_statements(statements, request, view, action)
2024-07-01T10:14:06.289909944+02:00 File "/usr/local/lib/python3.9/site-packages/rest_access_policy/access_policy.py", line 113, in _evaluate_statements
2024-07-01T10:14:06.289909944+02:00 matched = self._get_statements_matching_conditions(
2024-07-01T10:14:06.289909944+02:00 File "/usr/local/lib/python3.9/site-packages/rest_access_policy/access_policy.py", line 262, in _get_statements_matching_conditions
2024-07-01T10:14:06.289909944+02:00 passed = self._check_condition(condition, request, view, action)
2024-07-01T10:14:06.289909944+02:00 File "/usr/local/lib/python3.9/site-packages/rest_access_policy/access_policy.py", line 286, in _check_condition
2024-07-01T10:14:06.289909944+02:00 result = method(request, view, action, arg)
2024-07-01T10:14:06.289909944+02:00 File "/usr/local/lib/python3.9/site-packages/pulpcore/app/global_access_conditions.py", line 375, in has_repository_model_or_domain_or_obj_perms
2024-07-01T10:14:06.289909944+02:00 return has_model_or_domain_perms(request, view, action, permission) or has_repository_obj_perms(
2024-07-01T10:14:06.289909944+02:00 File "/usr/local/lib/python3.9/site-packages/pulpcore/app/global_access_conditions.py", line 367, in has_repository_obj_perms
2024-07-01T10:14:06.289909944+02:00 plugin_repository = Repository.objects.get(pk=view.kwargs["repository_pk"]).cast()
2024-07-01T10:14:06.289909944+02:00 KeyError: 'repository_pk'

When running as admin i get an unclear response about GET not being allowed while it is a POST call being made
2024-07-01T10:46:11.681521573+02:00 ('pulp [823adeb440d2463fbbc8f8509b8f5233]: ::ffff:127.0.0.1 - admin [01/Jul/2024:08:46:11 +0000] "POST /pulp/api/v3/rpm/prune?keep_days=1&dry_run=true&repo_hrefs=[%22*%22] HTTP/1.0" 301 0 "-" "PostmanRuntime/7.39.0"',)
2024-07-01T10:46:12.083845797+02:00 pulp [dd2e7a5840fc4dcba15cdbaf50c3956f]: django.request:WARNING: Method Not Allowed: /pulp/api/v3/rpm/prune/
2024-07-01T10:46:12.085448171+02:00 ('pulp [dd2e7a5840fc4dcba15cdbaf50c3956f]: ::ffff:127.0.0.1 - admin [01/Jul/2024:08:46:12 +0000] "GET /pulp/api/v3/rpm/prune/?keep_days=1&dry_run=true&repo_hrefs=[%22*%22] HTTP/1.0" 405 40 "http://repository.local/pulp/api/v3/rpm/prune?keep_days=1&dry_run=true&repo_hrefs=[%22*%22]" "PostmanRuntime/7.39.0"',)

To Reproduce
Call the prune api with a user that has view permissions and modify_repository_content

Expected behavior
I would expect an appropriate error messages (in case if not allowed or lack of permissions).

pulp/api/v3/docs/#tag/Rpm:-Prune is not really clear about if additonal permissions are required

Additional i am not getting clear instructions if it should or should not work based on https://pulpproject.org/pulp_rpm/docs/user/guides/prune/?h=prune#output_1. The examples talk about a cli option, but lacks information about the API call

Additional context
none

[dralley]

Looks valid, if you can modify the repo you should be able to prune packages - also the traceback is not very helpful in this case and we should see if we can improve the rejection error messages.