User in team which has read perm to issues can create issue in a private org repo #10298

New Issue

Closed

opened 2025-11-02 09:03:34 -06:00 by GiteaMirror · 7 comments

GiteaMirror commented 2025-11-02 09:03:34 -06:00

Owner

Copy Link

Originally created by @yp05327 on GitHub (Feb 19, 2023).

Description

team permission settings:

private org and private repo:

It shows that the user in this team only have read permission to issues

But the user in this team can create issues in this repo

PR can not be created, and this is right.

Gitea Version

1.19.0+dev-403-gb6b8feb3d

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

No response

How are you running Gitea?

gitea.com

Database

None

Originally created by @yp05327 on GitHub (Feb 19, 2023). ### Description team permission settings:  private org and private repo:  It shows that the user in this team only have read permission to issues  But the user in this team can create issues in this repo  PR can not be created, and this is right.  ### Gitea Version 1.19.0+dev-403-gb6b8feb3d ### Can you reproduce the bug on the Gitea demo site? No ### Log Gist _No response_ ### Screenshots _No response_ ### Git Version _No response_ ### Operating System _No response_ ### How are you running Gitea? gitea.com ### Database None

GiteaMirror added the issue/needs-feedbackissue/not-a-bug labels 2025-11-02 09:03:34 -06:00

GiteaMirror closed this issue 2025-11-02 09:03:34 -06:00

GiteaMirror commented 2025-11-02 09:03:35 -06:00

Author

Owner

Copy Link

@lunny commented on GitHub (Feb 19, 2023):

This is by design.

@lunny commented on GitHub (Feb 19, 2023): This is by design.

GiteaMirror commented 2025-11-02 09:03:35 -06:00

Author

Owner

Copy Link

@delvh commented on GitHub (Feb 19, 2023):

I mean…
I can understand that if you declare write permissions as editing issues that are not their own.
Intuitively, I agree with @yp05327.
However, I can also see why teams with read permission should still be able to create (but not edit) issues.

@delvh commented on GitHub (Feb 19, 2023): I mean… I can understand that if you declare `write permissions` as editing issues that are not their own. Intuitively, I agree with @yp05327. However, I can also see why teams with `read` permission should still be able to create (but not edit) issues.

GiteaMirror commented 2025-11-02 09:03:35 -06:00

Author

Owner

Copy Link

@yp05327 commented on GitHub (Feb 20, 2023):

It seems that the permission controll and the definitions are confusion and hard to understand.

---

I tested some of them in gitea.com as following: (with a private repo in a private org and the repo is added to the team, so the permissions should be controlled by team permission settings I think ):

Issues:

Actions	No Access	Read	Write
Read	x	○	○
Create	x	○	○
Edit	x	-(only their own)	○

Nothing strange but teams with Read permission can Create issues. This is what I mentioned in this issue.

PR:

Actions	No Access	Read	Write
Read	x	○	○
Create	x	-(depends on Code)	-(depends on Code)
Edit	x	-(only their own)	○
Code Review(Approve)	x	○	○

The description of PR permission is:

Enable pull requests and code reviews.

But Create a PR depends on Code permission actually, and Approve a PR is partly depends on PR permission.
And teams with No Access permission of Code and Read permission of PR can also Review the changes in this PR and Approve it.

---

I don't know whether this is the correct design, but it looks confusion.

@delvh

However, I can also see why teams with read permission should still be able to create (but not edit) issues.

So is it possible to separate Create and Edit from Write in some units.
Create means you can create a new issue/PR/wiki/projects/package and edit your own.
Edit means you can edit all the existed issue/PR/wiki/projects/package (and codereview?)
Code is special, maybe can only have Read and Write?

@yp05327 commented on GitHub (Feb 20, 2023): It seems that the permission controll and the definitions are confusion and hard to understand. ---- I tested some of them in gitea.com as following: (with a private repo in a private org and the repo is added to the team, so the permissions should be controlled by team permission settings I think ): Issues: | Actions | No Access | Read | Write | | ---- | ---- | ---- | ---- | | Read | x | ○ | ○ | | Create | x | ○ | ○ | | Edit | x | -(only their own) | ○ | Nothing strange but teams with `Read` permission can `Create` issues. This is what I mentioned in this issue. PR: | Actions | No Access | Read | Write | | ---- | ---- | ---- | ---- | | Read | x | ○ | ○ | | Create | x | -(depends on Code) | -(depends on Code) | | Edit | x | -(only their own) | ○ | | Code Review(Approve) | x | ○ | ○ | The description of PR permission is: > Enable pull requests and code reviews. But `Create` a PR depends on Code permission actually, and `Approve` a PR is partly depends on PR permission. And teams with `No Access` permission of Code and `Read` permission of PR can also `Review` the changes in this PR and `Approve` it. ---- I don't know whether this is the correct design, but it looks confusion. @delvh > However, I can also see why teams with read permission should still be able to create (but not edit) issues. So is it possible to separate `Create` and `Edit` from `Write` in some units. `Create` means you can create a new issue/PR/wiki/projects/package and edit your own. `Edit` means you can edit all the existed issue/PR/wiki/projects/package (and codereview?) `Code` is special, maybe can only have `Read` and `Write`?

GiteaMirror commented 2025-11-02 09:03:35 -06:00

Author

Owner

Copy Link

@lunny commented on GitHub (Jul 27, 2023):

The design is the same as GH, I think it's not a bug.

@lunny commented on GitHub (Jul 27, 2023): The design is the same as GH, I think it's not a bug.

GiteaMirror commented 2025-11-02 09:03:36 -06:00

Author

Owner

Copy Link

@yp05327 commented on GitHub (Jul 27, 2023):

The design is the same as GH, I think it's not a bug.

GH doesn't have private org, where does the same design come from?

@yp05327 commented on GitHub (Jul 27, 2023): > The design is the same as GH, I think it's not a bug. GH doesn't have private org, where does `the same design` come from?

GiteaMirror commented 2025-11-02 09:03:36 -06:00

Author

Owner

Copy Link

@lunny commented on GitHub (Jul 28, 2023):

The design is the same as GH, I think it's not a bug.

GH doesn't have private org, where does the same design come from?

I mean for public org.

@lunny commented on GitHub (Jul 28, 2023): > > The design is the same as GH, I think it's not a bug. > > GH doesn't have private org, where does `the same design` come from? I mean for public org.

GiteaMirror commented 2025-11-02 09:03:36 -06:00

Author

Owner

Copy Link

@GiteaBot commented on GitHub (Dec 20, 2023):

We close issues that need feedback from the author if there were no new comments for a month. 🍵

@GiteaBot commented on GitHub (Dec 20, 2023): We close issues that need feedback from the author if there were no new comments for a month. :tea:

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

release/v1.25

release/v1.24

release/v1.23

release/v1.22

release/v1.21

release/v1.20

release/v1.19

release/v1.18

release/v1.17

release/v1.16

release/v1.15

release/v1.14

release/v1.13

release/v1.12

release/v1.11

release/v1.10

release/v1.9

release/v1.8

v1.25.3

v1.25.2

v1.25.1

v1.25.0

v1.24.7

v1.25.0-rc0

v1.26.0-dev

v1.24.6

v1.24.5

v1.24.4

v1.24.3

v1.24.2

v1.24.1

v1.24.0

v1.23.8

v1.24.0-rc0

v1.25.0-dev

v1.23.7

v1.23.6

v1.23.5

v1.23.4

v1.23.3

v1.23.2

v1.23.1

v1.23.0

v1.23.0-rc0

v1.24.0-dev

v1.22.6

v1.22.5

v1.22.4

v1.22.3

v1.22.2

v1.22.1

v1.22.0

v1.23.0-dev

v1.22.0-rc1

v1.21.11

v1.22.0-rc0

v1.21.10

v1.21.9

v1.21.8

v1.21.7

v1.21.6

v1.21.5

v1.21.4

v1.21.3

v1.21.2

v1.20.6

v1.21.1

v1.21.0

v1.21.0-rc2

v1.21.0-rc1

v1.20.5

v1.22.0-dev

v1.21.0-rc0

v1.20.4

v1.20.3

v1.20.2

v1.20.1

v1.20.0

v1.19.4

v1.21.0-dev

v1.20.0-rc2

v1.20.0-rc1

v1.20.0-rc0

v1.19.3

v1.19.2

v1.19.1

v1.19.0

v1.19.0-rc1

v1.20.0-dev

v1.19.0-rc0

v1.18.5

v1.18.4

v1.18.3

v1.18.2

v1.18.1

v1.18.0

v1.17.4

v1.18.0-rc1

v1.19.0-dev

v1.18.0-rc0

v1.17.3

v1.17.2

v1.17.1

v1.17.0

v1.17.0-rc2

v1.16.9

v1.17.0-rc1

v1.18.0-dev

v1.16.8

v1.16.7

v1.16.6

v1.16.5

v1.16.4

v1.16.3

v1.16.2

v1.16.1

v1.16.0

v1.15.11

v1.17.0-dev

v1.16.0-rc1

v1.15.10

v1.15.9

v1.15.8

v1.15.7

v1.15.6

v1.15.5

v1.15.4

v1.15.3

v1.15.2

v1.15.1

v1.14.7

v1.15.0

v1.15.0-rc3

v1.14.6

v1.15.0-rc2

v1.14.5

v1.16.0-dev

v1.15.0-rc1

v1.14.4

v1.14.3

v1.14.2

v1.14.1

v1.14.0

v1.13.7

v1.14.0-rc2

v1.13.6

v1.13.5

v1.14.0-rc1

v1.15.0-dev

v1.13.4

v1.13.3

v1.13.2

v1.13.1

v1.13.0

v1.12.6

v1.13.0-rc2

v1.14.0-dev

v1.13.0-rc1

v1.12.5

v1.12.4

v1.12.3

v1.12.2

v1.12.1

v1.11.8

v1.12.0

v1.11.7

v1.12.0-rc2

v1.11.6

v1.12.0-rc1

v1.13.0-dev

v1.11.5

v1.11.4

v1.11.3

v1.10.6

v1.12.0-dev

v1.11.2

v1.10.5

v1.11.1

v1.10.4

v1.11.0

v1.11.0-rc2

v1.10.3

v1.11.0-rc1

v1.10.2

v1.10.1

v1.10.0

v1.9.6

v1.9.5

v1.10.0-rc2

v1.11.0-dev

v1.10.0-rc1

v1.9.4

v1.9.3

v1.9.2

v1.9.1

v1.9.0

v1.9.0-rc2

v1.10.0-dev

v1.9.0-rc1

v1.8.3

v1.8.2

v1.8.1

v1.8.0

v1.8.0-rc3

v1.7.6

v1.8.0-rc2

v1.7.5

v1.8.0-rc1

v1.9.0-dev

v1.7.4

v1.7.3

v1.7.2

v1.7.1

v1.7.0

v1.7.0-rc3

v1.6.4

v1.7.0-rc2

v1.6.3

v1.7.0-rc1

v1.7.0-dev

v1.6.2

v1.6.1

v1.6.0

v1.6.0-rc2

v1.5.3

v1.6.0-rc1

v1.6.0-dev

v1.5.2

v1.5.1

v1.5.0

v1.5.0-rc2

v1.5.0-rc1

v1.5.0-dev

v1.4.3

v1.4.2

v1.4.1

v1.4.0

v1.4.0-rc3

v1.4.0-rc2

v1.3.3

v1.4.0-rc1

v1.3.2

v1.3.1

v1.3.0

v1.3.0-rc2

v1.3.0-rc1

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.2.0-rc3

v1.2.0-rc2

v1.1.4

v1.2.0-rc1

v1.1.3

v1.1.2

v1.1.1

v1.1.0

v1.0.2

v1.0.1

v1.0.0

v0.9.99

Labels

Clear labels

$20

$250

$50

$500

backport/done

💎 Bounty

docs-update-needed

good first issue

hacktoberfest

issue/bounty

issue/confirmed

issue/critical

issue/duplicate

issue/needs-feedback

issue/not-a-bug

issue/regression

issue/stale

issue/workaround

lgtm/need 2

modifies/api

modifies/translation

outdated/backport/v1.18

outdated/theme/markdown

outdated/theme/timetracker

performance/bigrepo

performance/cpu

performance/memory

performance/speed

pr/breaking

proposal/accepted

proposal/rejected

pr/wip

pull-request

Mirrored from GitHub Pull Request

reviewed/wontfix

💰 Rewarded

skip-changelog

status/blocked

topic/accessibility

topic/api

topic/authentication

topic/build

topic/code-linting

topic/commit-signing

topic/content-rendering

topic/deployment

topic/distribution

topic/federation

topic/gitea-actions

topic/issues

topic/lfs

topic/mobile

topic/moderation

topic/packages

topic/pr

topic/projects

topic/repo

topic/repo-migration

topic/security

topic/theme

topic/ui

topic/ui-interaction

topic/ux

topic/webhooks

topic/wiki

type/bug

type/deprecation

type/docs

type/enhancement

type/feature

type/miscellaneous

type/proposal

type/question

type/refactoring

type/summary

type/testing

type/upstream

No Label issue/needs-feedback issue/not-a-bug

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/gitea#10298