OBS requires admin access to modify DoD project’s configuration

Audience

As a user of OBS, I want to be able to configure DoD projects (when given maintainer’s access to) without having to resort to admin privileges as this leads to difficulties with managing access to the admin account and poses security risks.

Background

$ osc meta prjconf -e Debian:Bookworm:main
Sending meta data...
BuildService API error: update_project_not_authorized (403)
You are not authorized to update this Project.

This is due to the following code in ProjectPolicy:

def update?
  return false unless user
  return false unless local_project_and_allowed_to_create_package_in?
  # The ordering is important because of the lock status check
  return true if user.is_admin?
  return false unless user.can_modify?(record, true)
  # Regular users are not allowed to modify projects with remote references
  no_remote_instance_defined_and_has_not_remote_repositories?
end

This is inconvenient. We need to investigate the reason behind this and, if feasible, propose a change and submit it upstream.