Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User in team which has read perm to issues can create issue in a private org repo #22985

Closed
yp05327 opened this issue Feb 19, 2023 · 7 comments
Closed

User in team which has read perm to issues can create issue in a private org repo #22985

yp05327 opened this issue Feb 19, 2023 · 7 comments
Labels
issue/needs-feedback For bugs, we need more details. For features, the feature must be described in more detail issue/not-a-bug The reported issue is the intended behavior or the problem is not inside Gitea

Comments

@yp05327
Copy link
Contributor

yp05327 commented Feb 19, 2023

Description

team permission settings:
image
private org and private repo:
image
It shows that the user in this team only have read permission to issues
image
But the user in this team can create issues in this repo
image
PR can not be created, and this is right.
image

Gitea Version

1.19.0+dev-403-gb6b8feb3d

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

No response

How are you running Gitea?

gitea.com

Database

None
@lunny
Copy link
Member

lunny commented Feb 19, 2023

This is by design.

@delvh
Copy link
Member

delvh commented Feb 19, 2023

I mean…
I can understand that if you declare write permissions as editing issues that are not their own.
Intuitively, I agree with @yp05327.
However, I can also see why teams with read permission should still be able to create (but not edit) issues.

@yp05327
Copy link
Contributor Author

yp05327 commented Feb 20, 2023

It seems that the permission controll and the definitions are confusion and hard to understand.

I tested some of them in gitea.com as following: (with a private repo in a private org and the repo is added to the team, so the permissions should be controlled by team permission settings I think ):

Issues:

Actions No Access Read Write
Read x
Create x
Edit x -(only their own)

Nothing strange but teams with Read permission can Create issues. This is what I mentioned in this issue.

PR:

Actions No Access Read Write
Read x
Create x -(depends on Code) -(depends on Code)
Edit x -(only their own)
Code Review(Approve) x

The description of PR permission is:

Enable pull requests and code reviews.

But Create a PR depends on Code permission actually, and Approve a PR is partly depends on PR permission.
And teams with No Access permission of Code and Read permission of PR can also Review the changes in this PR and Approve it.

I don't know whether this is the correct design, but it looks confusion.

@delvh

However, I can also see why teams with read permission should still be able to create (but not edit) issues.

So is it possible to separate Create and Edit from Write in some units.
Create means you can create a new issue/PR/wiki/projects/package and edit your own.
Edit means you can edit all the existed issue/PR/wiki/projects/package (and codereview?)
Code is special, maybe can only have Read and Write?

@lunny
Copy link
Member

lunny commented Jul 27, 2023

The design is the same as GH, I think it's not a bug.

@lunny lunny added issue/not-a-bug The reported issue is the intended behavior or the problem is not inside Gitea and removed type/bug labels Jul 27, 2023
@yp05327
Copy link
Contributor Author

yp05327 commented Jul 27, 2023

The design is the same as GH, I think it's not a bug.

GH doesn't have private org, where does the same design come from?

@lunny
Copy link
Member

lunny commented Jul 28, 2023

The design is the same as GH, I think it's not a bug.

GH doesn't have private org, where does the same design come from?

I mean for public org.

@lunny lunny added the issue/needs-feedback For bugs, we need more details. For features, the feature must be described in more detail label Nov 9, 2023
@GiteaBot
Copy link
Collaborator

We close issues that need feedback from the author if there were no new comments for a month. 🍵

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Feb 4, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
issue/needs-feedback For bugs, we need more details. For features, the feature must be described in more detail issue/not-a-bug The reported issue is the intended behavior or the problem is not inside Gitea
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@lunny @yp05327 @GiteaBot @delvh