[Solved] How to setup users with only access to issues

Install/Maintain/Configure
1

Hi, I am trying to setup a Gitea instance with the following user account/organization/repository/team permissions:

Organizations:

  • mycorp
  • anothercorp

Users:

  • User0 (admin)
  • Bob
  • Alice
  • Eve

Repositories:

  • mycorp/projecta
  • anothercorp/projectb
  • anothercorp/projectc

Permissions:

  • Bob: can read/write everything on mycorp/projecta, but cannot access/view anothercorp’s repositories
  • Alice: can read/write everything on anothercorp/projectb, cannot view mycorp’s repositories
  • Eve: can only access antohercorp/projectc issues, cannot see the code/pulls, cannot list or access anything else.

I’m a bit lost regarding granular permissions, I only found how to add a user as Collaborator on a project (in which case global access is either read/write/admin on every feature in a repository), or how to add a Reporter team in anothercorp with limited access to issues, and add that user to it, but this user still has to be added to Collaborators on the repository else they can’t access it at all (then back to problem 1, has read/write access on the whole repo).

Can someone explain me how I should proceed to create users with these permission levels?

2
  1. add Bob on mycorp’s owner team
  2. add Alice on anothercorp’s owner team
  3. create a new team on antohercorp which with read permission and only issues unit. The team only could access projectc and add Eve to this team.
    No Collaborator config.
3

create a new team on antohercorp which with read permission and only issues unit. The team only could access projectc and add Eve to this team.
With this scenario, Eve CAN see repo code

4

@lunny I can confirm what @gstg said: with this configuration, Eve can see the code, pull requests, along with everything else in projectc.

Is there a way to give a user only issues access on a repository?

5

Which version did you use? Could you reproduce that on https://try.gitea.io ?

6

1.7.4, latest (Version: d7542bf )
In which version your scenario work?

I think is not need trying on https://try.gitea.io ( probably latest version, so same 1.7.4)

maybe just a notice:
we have only read access permission, nowhere is NO read access for code, so i think that scenario is not possible

7

Thanks, I found the answer to my question. Here is a similar setup, and it works:

Create 3 users:

  • bob
  • alice
  • eve

Create 2 organizations (only 1 will be used in this example):

  • mycorp
  • anothercorp

Create 3 private repositories for the organization anothercorp:

  • anothercorp-x
  • anothercorp-y
  • anothercorp-z

In anothercorp, create 3 teams:

  • developers_all_projects:
    • Description: Developers for all anothercorp projects
    • Permissions: Write access to everything
  • developers_projectx:
    • Description: Developers for anothercorp-x
    • Permissions: Write access to everything
  • reporters_projectx:
    • Description: Bug reporters for anothercorp-x
    • Permissions: Write access to issues only

Add users to each team:

  • developers_all_projects: bob
  • developers_projectx: alice
  • reporters_projectx: eve

Add repositories to each team! This is what I was missing. Eve was able to read everything on a project because it was a public project (my mistake).

  • developers_all_projects: anothercorp-x, y and z
  • developers_projectx: anothercorp-x
  • reporters_projectx: anothercorp-x

It works! Each user can only see/list repositories assigned to their team, with the permissions from their team. Only organization owners can list everything.

gitea-5-anothercorp-repos-overview
gitea-5-anothercorp-repos-overview.png810×717 44.2 KB

Teams are defined at organization level, but their permission levels only apply to repositories they’ve been given access to. All areas of a public repository are always readable by everyone (even outside the org?).

Tested on Gitea 1.7.3 and 1.7.4

1 Like