Permissions related question

[axeloz]

Hi there,

FYI : I have added the same question on Gogs official repo as both projects are linked.

Not really a bug but a question about the permissions : they are not very clear to me, am I the only one?

I want to use Gogs as a private repositories hosting app. When installing Gogs, I have set in the options that Gogs is private, no registration, no public page. This part works.

I have created an organisation named MyOrg and I have created 10 repositories whose owner is MyOrg (not me). When visiting the "Explorer" page as me (admin), I can list my 10 repos.
Then I have created a team MyTeam in MyOrg with write permission in which I have added an user "user1". And I have created another user "user2" with no team.

When logging as "user2", this user could see the 10 repos in "Explorer". I was at first surprised because this user does not belong to any organisation nor team then I realized that I had to set "Private" in the repo settings. Doing so, "user2" could not see any repo any longer, which was good.

When logging as "user1", this user could not see any repo in "Explorer" despite it belongs to the team in the organisation. Also, even when browsing on the organisation page, it could not see any repo.
Once again, I realized I had to manually add each repo to the team and this is weird and time consuming. Doing so, the "user1" can now see the repos from the organisation page (but not from the "Explorer" page, which is weird). So I got to the point where my 10 repos are owned by me (Owner) and as a duplicate by the team (MyTeam). Plus adding a repo to a team is not very user-friendly as you must remember the name of the repo for autocompletion (so I did this in the database directly).

Finally, I was really surprised when I realized that me (Owner and admin) could not see any repo in Explorer any longer. I had to go through the organisation page.

Taking Bitbucket as an example, it is not the way Bitbucket works. Once a team is affected to an organisation, the team has permission to list and/or write (according to the given permission) on all repos of this organisation. It is not required to manually affect each repo to the team as these repos are already affected to the organisation. Plus, on Bitbucket, when listing the repos, it will output all the repos you have access to. I don't understand why the "Explorer" page is now empty.

Is there anything I missed?
Sorry for the long post, wasn't easy to be shorter.
Thanks

Axel

[thibaultmeyer]

"why do I need to set repos as private when the entire Gogs installation is private, that shoud be enough"

By example, in our company : we don't want that repo A was visible from users who only have read permission on repo B. We also use this feature to hide a lot a repos from trainees or to hide "non android" projects to Android developers.

Private Gitea instance ==> Must be registered to see something
Private repo ==> Must be accepted by repo owner to view files or contribute

[lunny]

^

The same word private which has different meaning.

[axeloz]

Hello @0xBAADF00D,

"why do I need to set repos as private when the entire Gogs installation is private, that shoud be enough" ==> my mistake I did not finish this sentence, I forgot to get rid of it prior to posting...

Yes, that's my point. I have my internal devs, they're in my MyTeam team and should have access to all repos of my MyOrg organisation.
But I also have external devs on particular projects and they must have access to one given repo (which works well when adding the user directly in the repo settings). But same issue for external devs : even if they have access to a repo, this repo doesn't show up in the Explorer.

That's why I use private repos on my org. So the two issues I can see here are :

• why doesn't the Explorer list all repos you have access to?
• why a team member cannot list all repos of a given organisation?

Thanks

[axeloz]

I add a comment in the issue because it is related :
because my users can't see anything in the Explorer page, they also can't use the search engine.
Plus, because all the repos are ordered by updated date, it is a pain to find a repo : I have to browse all the pages, one by one, to find the repo I'm looking for. I have 50 repos so far and more are coming. It's frustrating.

So my guess would be to :

• allow users to order repos anywhere by name / updated_time / creation_time (and to set this set by default or to keep this setting in a cookie)
• allow users to browse all the repos they have access to in the Explorer page (not only the public one)
• therefore, allow users to use the search engine (not only for public repos but all repos they have access to).
• allow all users of a given team to access (read, read/write or admin according to the team permission) to all repos of the organisation owning the team, no matter the repo belong to the Owner of the organisation or to the team. This point is actually quite weird in term of functionality by the way, because when adding a repo, I did set the owner to "MyOrg" in the select list but in reality, the repo is assigned to the "Owners" team of the "MyOrg" org, not directly to the "MyOrg" organisation like I asked.

That would make me very happy and I can't imagine I'm the only one. I'm a good web developer and CTO and I'm mad at myself I don't know a thing about Go. I know exactly what should be modified and where in the sources, line by line, but it will take me so much time to do so and to understand how to develop on Gitea... :( I couldn't find a tuto on how to build the master branch with live reload. If anyone has this, I might be interested.

Thanks a lot

[Bwko]

I'm almost done with:

• allow users to order repos anywhere by name / updated_time / creation_time (and to set this set by default or to keep this setting in a cookie)
• allow users to browse all the repos they have access to in the Explorer page (not only the public one)
• therefore, allow users to use the search engine (not only for public repos but all repos they have access to).

I'll create a PR tomorrow

[axeloz]

@Bwko awesome, thanks. You're fast.
I have to dig into Go. How do you set a dev environment ?

[strk]

On Tue, Nov 22, 2016 at 12:26:34AM -0800, axeloz wrote: How do you set a dev environment ?

See https://golang.org/doc/install Once you're setup (Go installed and GOPATH env variable set) you'd do: ``` go get code.gitea.io/gitea cd $GOPATH/src/code.gitea.io/gitea ./gitea web ```

[axeloz]

Thanks @strk does it include a file watcher which will recompile when I update the code? Or should I rerun the server each time?

[strk]

The commands I showed do not include a file watcher.
You need to recompile (go build from within the
source directory) and then re-run the server, upon
changes.

[axeloz]

OK thanks,
I asked because Gogs uses a watcher according to its documentation :

You can enable live compile by executing bra run in the Gogs source folder To install bra: go get -u github.com/Unknwon/bra

[lunny]

Any file watcher included bra is still avaiable for Gitea. @axeloz