github-starred/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-09 21:10:00 -05:00
Code Issues 2.6k Packages Projects Releases 100 Wiki Activity

Permissions related question #70

New Issue
Closed
opened 2025-11-02 03:07:28 -06:00 by GiteaMirror · 15 comments
GiteaMirror commented 2025-11-02 03:07:28 -06:00
Owner
Copy Link

Originally created by @axeloz on GitHub (Nov 21, 2016).

Hi there,

FYI : I have added the same question on Gogs official repo as both projects are linked.

Not really a bug but a question about the permissions : they are not very clear to me, am I the only one?

I want to use Gogs as a private repositories hosting app. When installing Gogs, I have set in the options that Gogs is private, no registration, no public page. This part works.

I have created an organisation named MyOrg and I have created 10 repositories whose owner is MyOrg (not me). When visiting the "Explorer" page as me (admin), I can list my 10 repos.
Then I have created a team MyTeam in MyOrg with write permission in which I have added an user "user1". And I have created another user "user2" with no team.

When logging as "user2", this user could see the 10 repos in "Explorer". I was at first surprised because this user does not belong to any organisation nor team then I realized that I had to set "Private" in the repo settings. Doing so, "user2" could not see any repo any longer, which was good.

When logging as "user1", this user could not see any repo in "Explorer" despite it belongs to the team in the organisation. Also, even when browsing on the organisation page, it could not see any repo.
Once again, I realized I had to manually add each repo to the team and this is weird and time consuming. Doing so, the "user1" can now see the repos from the organisation page (but not from the "Explorer" page, which is weird). So I got to the point where my 10 repos are owned by me (Owner) and as a duplicate by the team (MyTeam). Plus adding a repo to a team is not very user-friendly as you must remember the name of the repo for autocompletion (so I did this in the database directly).

Finally, I was really surprised when I realized that me (Owner and admin) could not see any repo in Explorer any longer. I had to go through the organisation page.

Taking Bitbucket as an example, it is not the way Bitbucket works. Once a team is affected to an organisation, the team has permission to list and/or write (according to the given permission) on all repos of this organisation. It is not required to manually affect each repo to the team as these repos are already affected to the organisation. Plus, on Bitbucket, when listing the repos, it will output all the repos you have access to. I don't understand why the "Explorer" page is now empty.

Is there anything I missed?
Sorry for the long post, wasn't easy to be shorter.
Thanks

Axel

Originally created by @axeloz on GitHub (Nov 21, 2016). Hi there, FYI : I have added the same question on Gogs official repo as both projects are linked. Not really a bug but a question about the permissions : they are not very clear to me, am I the only one? I want to use Gogs as a **private repositories hosting** app. When installing Gogs, I have set in the options that Gogs is private, no registration, no public page. This part works. I have created an organisation named **MyOrg** and I have created 10 repositories whose owner is **MyOrg** (not me). When visiting the "Explorer" page as me (admin), I can list my 10 repos. Then I have created a team **MyTeam** in **MyOrg** with write permission in which I have added an user "**user1**". And I have created another user "**user2**" with no team. When logging as "**user2**", this user could see the 10 repos in "Explorer". I was at first surprised because this user does not belong to any organisation nor team then I realized that I had to set "Private" in the repo settings. Doing so, "**user2**" could not see any repo any longer, which was good. When logging as "**user1**", this user could not see any repo in "Explorer" despite it belongs to the team in the organisation. Also, even when browsing on the organisation page, it could not see any repo. Once again, I realized I had to manually add each repo to the team and this is weird and time consuming. Doing so, the "**user1**" can now see the repos from the organisation page (but not from the "Explorer" page, which is weird). So I got to the point where my 10 repos are owned by me (Owner) and as a duplicate by the team (MyTeam). Plus adding a repo to a team is not very user-friendly as you must remember the name of the repo for autocompletion (so I did this in the database directly). Finally, I was really surprised when I realized that me (Owner and admin) could not see any repo in Explorer any longer. I had to go through the organisation page. Taking Bitbucket as an example, it is not the way Bitbucket works. Once a team is affected to an organisation, the team has permission to list and/or write (according to the given permission) on all repos of this organisation. It is not required to manually affect each repo to the team as these repos are already affected to the organisation. Plus, on Bitbucket, when listing the repos, it will output all the repos you have access to. I don't understand why the "Explorer" page is now empty. Is there anything I missed? Sorry for the long post, wasn't easy to be shorter. Thanks Axel
GiteaMirror added the issue/criticaltype/bugtopic/securityissue/needs-feedback labels 2025-11-02 03:07:28 -06:00
GiteaMirror commented 2025-11-02 03:07:29 -06:00
Author
Owner
Copy Link

@thibaultmeyer commented on GitHub (Nov 21, 2016):

"why do I need to set repos as private when the entire Gogs installation is private, that shoud be enough"

By example, in our company : we don't want that repo A was visible from users who only have read permission on repo B. We also use this feature to hide a lot a repos from trainees or to hide "non android" projects to Android developers.

Private Gitea instance ==> Must be registered to see something
Private repo ==> Must be accepted by repo owner to view files or contribute

@thibaultmeyer commented on GitHub (Nov 21, 2016): _"why do I need to set repos as private when the entire Gogs installation is private, that shoud be enough"_ By example, in our company : we don't want that repo A was visible from users who only have read permission on repo B. We also use this feature to hide a lot a repos from trainees or to hide "non android" projects to Android developers. Private Gitea instance ==> Must be registered to see something Private repo ==> Must be accepted by repo owner to view files or contribute
GiteaMirror commented 2025-11-02 03:07:29 -06:00
Author
Owner
Copy Link

@lunny commented on GitHub (Nov 21, 2016):

^

The same word private which has different meaning.

@lunny commented on GitHub (Nov 21, 2016): ^ The same word `private` which has different meaning.
GiteaMirror commented 2025-11-02 03:07:29 -06:00
Author
Owner
Copy Link

@axeloz commented on GitHub (Nov 21, 2016):

Hello @0xbaadf00d,

"why do I need to set repos as private when the entire Gogs installation is private, that shoud be enough" ==> my mistake I did not finish this sentence, I forgot to get rid of it prior to posting...

Yes, that's my point. I have my internal devs, they're in my MyTeam team and should have access to all repos of my MyOrg organisation.
But I also have external devs on particular projects and they must have access to one given repo (which works well when adding the user directly in the repo settings). But same issue for external devs : even if they have access to a repo, this repo doesn't show up in the Explorer.

That's why I use private repos on my org. So the two issues I can see here are :

  • why doesn't the Explorer list all repos you have access to?
  • why a team member cannot list all repos of a given organisation?

Thanks

@axeloz commented on GitHub (Nov 21, 2016): Hello @0xbaadf00d, "_why do I need to set repos as private when the entire Gogs installation is private, that shoud be enough_" ==> my mistake I did not finish this sentence, I forgot to get rid of it prior to posting... Yes, that's my point. I have my internal devs, they're in my MyTeam team and should have access to all repos of my MyOrg organisation. But I also have external devs on particular projects and they must have access to one given repo (which works well when adding the user directly in the repo settings). But same issue for external devs : even if they have access to a repo, this repo doesn't show up in the Explorer. That's why I use private repos on my org. So the two issues I can see here are : * why doesn't the Explorer list all repos you have access to? * why a team member cannot list all repos of a given organisation? Thanks
GiteaMirror commented 2025-11-02 03:07:29 -06:00
Author
Owner
Copy Link

@axeloz commented on GitHub (Nov 21, 2016):

I add a comment in the issue because it is related :
because my users can't see anything in the Explorer page, they also can't use the search engine.
Plus, because all the repos are ordered by updated date, it is a pain to find a repo : I have to browse all the pages, one by one, to find the repo I'm looking for. I have 50 repos so far and more are coming. It's frustrating.

So my guess would be to :

  • allow users to order repos anywhere by name / updated_time / creation_time (and to set this set by default or to keep this setting in a cookie)
  • allow users to browse all the repos they have access to in the Explorer page (not only the public one)
  • therefore, allow users to use the search engine (not only for public repos but all repos they have access to).
  • allow all users of a given team to access (read, read/write or admin according to the team permission) to all repos of the organisation owning the team, no matter the repo belong to the Owner of the organisation or to the team. This point is actually quite weird in term of functionality by the way, because when adding a repo, I did set the owner to "MyOrg" in the select list but in reality, the repo is assigned to the "Owners" team of the "MyOrg" org, not directly to the "MyOrg" organisation like I asked.

That would make me very happy and I can't imagine I'm the only one. I'm a good web developer and CTO and I'm mad at myself I don't know a thing about Go. I know exactly what should be modified and where in the sources, line by line, but it will take me so much time to do so and to understand how to develop on Gitea... :( I couldn't find a tuto on how to build the master branch with live reload. If anyone has this, I might be interested.

Thanks a lot

@axeloz commented on GitHub (Nov 21, 2016): I add a comment in the issue because it is related : because my users can't see anything in the Explorer page, they also can't use the search engine. Plus, because all the repos are ordered by updated date, it is a pain to find a repo : I have to browse all the pages, one by one, to find the repo I'm looking for. I have 50 repos so far and more are coming. It's frustrating. So my guess would be to : * allow users to order repos anywhere by name / updated_time / creation_time (and to set this set by default or to keep this setting in a cookie) * allow users to browse all the repos they have access to in the Explorer page (not only the public one) * therefore, allow users to use the search engine (not only for public repos but all repos they have access to). * allow all users of a given team to access (read, read/write or admin according to the team permission) to all repos of the organisation owning the team, no matter the repo belong to the Owner of the organisation or to the team. This point is actually quite weird in term of functionality by the way, because when adding a repo, I did set the owner to "MyOrg" in the select list but in reality, the repo is assigned to the "Owners" team of the "MyOrg" org, not directly to the "MyOrg" organisation like I asked. That would make me very happy and I can't imagine I'm the only one. I'm a good web developer and CTO and I'm mad at myself I don't know a thing about Go. I know exactly what should be modified and where in the sources, line by line, but it will take me so much time to do so and to understand how to develop on Gitea... :( I couldn't find a tuto on how to build the master branch with live reload. If anyone has this, I might be interested. Thanks a lot
GiteaMirror commented 2025-11-02 03:07:30 -06:00
Author
Owner
Copy Link

@Bwko commented on GitHub (Nov 21, 2016):

I'm almost done with:

  • allow users to order repos anywhere by name / updated_time / creation_time (and to set this set by default or to keep this setting in a cookie)
  • allow users to browse all the repos they have access to in the Explorer page (not only the public one)
  • therefore, allow users to use the search engine (not only for public repos but all repos they have access to).

I'll create a PR tomorrow

@Bwko commented on GitHub (Nov 21, 2016): I'm almost done with: - allow users to order repos anywhere by name / updated_time / creation_time (and to set this set by default or to keep this setting in a cookie) - allow users to browse all the repos they have access to in the Explorer page (not only the public one) - therefore, allow users to use the search engine (not only for public repos but all repos they have access to). I'll create a PR tomorrow
GiteaMirror commented 2025-11-02 03:07:30 -06:00
Author
Owner
Copy Link

@axeloz commented on GitHub (Nov 22, 2016):

@bwko awesome, thanks. You're fast.
I have to dig into Go. How do you set a dev environment ?

@axeloz commented on GitHub (Nov 22, 2016): @bwko awesome, thanks. You're fast. I have to dig into Go. How do you set a dev environment ?
GiteaMirror commented 2025-11-02 03:07:30 -06:00
Author
Owner
Copy Link

@strk commented on GitHub (Nov 22, 2016):

On Tue, Nov 22, 2016 at 12:26:34AM -0800, axeloz wrote:

How do you set a dev environment ?

See https://golang.org/doc/install

Once you're setup (Go installed and GOPATH env variable set)
you'd do:

 go get code.gitea.io/gitea
 cd $GOPATH/src/code.gitea.io/gitea
 ./gitea web
@strk commented on GitHub (Nov 22, 2016): On Tue, Nov 22, 2016 at 12:26:34AM -0800, axeloz wrote: > How do you set a dev environment ? See https://golang.org/doc/install Once you're setup (Go installed and GOPATH env variable set) you'd do: ``` go get code.gitea.io/gitea cd $GOPATH/src/code.gitea.io/gitea ./gitea web ```
GiteaMirror commented 2025-11-02 03:07:30 -06:00
Author
Owner
Copy Link

@axeloz commented on GitHub (Nov 22, 2016):

Thanks @strk does it include a file watcher which will recompile when I update the code? Or should I rerun the server each time?

@axeloz commented on GitHub (Nov 22, 2016): Thanks @strk does it include a file watcher which will recompile when I update the code? Or should I rerun the server each time?
GiteaMirror commented 2025-11-02 03:07:31 -06:00
Author
Owner
Copy Link

@strk commented on GitHub (Nov 22, 2016):

The commands I showed do not include a file watcher.
You need to recompile (go build from within the
source directory) and then re-run the server, upon
changes.

@strk commented on GitHub (Nov 22, 2016): The commands I showed do not include a file watcher. You need to _recompile_ (`go build` from within the source directory) and then re-run the server, upon changes.
GiteaMirror commented 2025-11-02 03:07:31 -06:00
Author
Owner
Copy Link

@axeloz commented on GitHub (Nov 22, 2016):

OK thanks,
I asked because Gogs uses a watcher according to its documentation :

You can enable live compile by executing bra run in the Gogs source folder To install bra: go get -u github.com/Unknwon/bra

@axeloz commented on GitHub (Nov 22, 2016): OK thanks, I asked because Gogs uses a watcher according to its documentation : `You can enable live compile by executing bra run in the Gogs source folder To install bra: go get -u github.com/Unknwon/bra`
GiteaMirror commented 2025-11-02 03:07:31 -06:00
Author
Owner
Copy Link

@lunny commented on GitHub (Nov 22, 2016):

Any file watcher included bra is still avaiable for Gitea. @axeloz

@lunny commented on GitHub (Nov 22, 2016): Any file watcher included `bra` is still avaiable for Gitea. @axeloz
GiteaMirror commented 2025-11-02 03:07:31 -06:00
Author
Owner
Copy Link

@axeloz commented on GitHub (Nov 23, 2016):

@Bwko thanks for the pull request, nice piece of work. Hopefully it will be merged soon.

Also, did you guys have the time to consider my last point?

  • allow all users of a given team to access (read, read/write or admin according to the team permission) to all repos of the organisation owning the team, no matter the repo belong to the Owner of the organisation or to the team. This point is actually quite weird in term of functionality by the way, because when adding a repo, I did set the owner to "MyOrg" in the select list but in reality, the repo is assigned to the "Owners" team of the "MyOrg" org, not directly to the "MyOrg" organisation like I asked.

I think Bitbucket model is easier to understand and to manage than Gitea's model.
Thanks

Axel

@axeloz commented on GitHub (Nov 23, 2016): @Bwko thanks for the pull request, nice piece of work. Hopefully it will be merged soon. Also, did you guys have the time to consider my last point? * allow all users of a given team to access (read, read/write or admin according to the team permission) to all repos of the organisation owning the team, no matter the repo belong to the Owner of the organisation or to the team. This point is actually quite weird in term of functionality by the way, because when adding a repo, I did set the owner to "MyOrg" in the select list but in reality, the repo is assigned to the "Owners" team of the "MyOrg" org, not directly to the "MyOrg" organisation like I asked. I think Bitbucket model is easier to understand and to manage than Gitea's model. Thanks Axel
GiteaMirror commented 2025-11-02 03:07:32 -06:00
Author
Owner
Copy Link

@Bwko commented on GitHub (Nov 23, 2016):

I'll look into that. I hope to create a PR in a couple of days

@Bwko commented on GitHub (Nov 23, 2016): I'll look into that. I hope to create a PR in a couple of days
GiteaMirror commented 2025-11-02 03:07:32 -06:00
Author
Owner
Copy Link

@axeloz commented on GitHub (Jan 3, 2017):

Hello @all,

sorry for bringing that up again. I understand the search in private repo and ordering will be fixed soon. What's about the team permission related question I asked? @Bwko you said you would create a pull request soon but I don't think you did, right? Are you still considering this point? It's very time consuming to add each repo to each team who should have access to it. When you have 40 repos and 2 teams, you must replicate this action 80 times.

Thanks a lot

@axeloz commented on GitHub (Jan 3, 2017): Hello @all, sorry for bringing that up again. I understand the search in private repo and ordering will be fixed soon. What's about the team permission related question I asked? @Bwko you said you would create a pull request soon but I don't think you did, right? Are you still considering this point? It's very time consuming to add each repo to each team who should have access to it. When you have 40 repos and 2 teams, you must replicate this action 80 times. Thanks a lot
GiteaMirror commented 2025-11-02 03:07:32 -06:00
Author
Owner
Copy Link

@Bwko commented on GitHub (Jan 5, 2017):

@axeloz The search in private repo feature is already added to the latest master . I haven't had the time to create a PR for this issue. I hope to create a PR in a couple of days/ weeks.

@Bwko commented on GitHub (Jan 5, 2017): @axeloz The search in private repo feature is already added to the [latest master](https://dl.gitea.io/gitea/master/) . I haven't had the time to create a PR for this issue. I hope to create a PR in a couple of days/ weeks.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
Mirrored from GitHub Pull Request
 reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
No Label issue/critical issue/needs-feedback topic/security type/bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#70
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?