Closed JamborJan closed 6 years ago
dwrensha
commented
9 years ago Yes, I agree that read-only access would be very useful.
At the moment, Sandstorm permissions can only distinguish between "owner" and "everyone else". Once we've improved that situation, it should be easy to update GitLab and GitWeb to allow read-only access.
JamborJan
commented
9 years ago Actually it would be the same as for the WordPress Sandstorm app. It would be cool to have the link with the unique grain part public available without the sandstorm top bar.
Depending on the project based decision public / logged in only / private which is available in the full GitLab version but not yet in the Sandstorm port it would be esy to determine what to display:
Given that the visitor is not logged in what is the only option today besides being logged in and admin:
As soon as the user management is improved it can be changed:
dwrensha
commented
9 years ago Note that my latest release includes integration with Gitlab's Guest, Reporter, Developer, and Master roles. https://apps.sandstorm.io/app/zx9d3pt0fjh4uqrprjftgpqfwgzp6y2ena6098ug3ctv37uv6kfh
It still doesn't work for non-logged-in users, because I've made all repos "private". I think we could get the behavior you're asking for here by allowing users to make a repo "public". However, I worry that providing that option would be somewhat confusing, as the roles have different meanings for public vs private repositories.
JamborJan
commented
9 years ago Thanks @dwrensha it looks great so far.
The public repos would be nice for open source project hosted on Gitlab on a Sandstorm instance. In this case not logged in anonymous users should be able to pull the code or am I wrong?
Maybe it is possible to create an anonymous user or sth like that which will be used in case nobody is logged in into sandstorm. Furthermore it would then also be possible to add a DNS entry which points to the grain (like you have it with the wordpress Sandstorm package).
Not sure if this is the best idea or not.
JJ
ndarilek
commented
8 years ago Would definitely like to see this as well, albeit for a slightly different use case. I have my Jenkins server periodically pulling from Sandstorm-hosted Gitlab instances. At the moment I'm using a set of my own credentials that I get from loading the repository. This is very very very ugly. :) I'm not too worried about it since at the moment I'm the only one with access to these repositories and server, but were I ever to bring on more developers I'd want Jenkins' credentials to be distinct from my own.
What I'd like to do is create a Reporter link, or whatever role can pull from repositories. Then I access the link in a private tab, get the credentials and feed those to Jenkins.
Is there any reason Gitlab repositories can't just be made public, counting on Sandstorm's own security to distinguish between public access and private repositories? (I.e. if I want a public project, I make and publish a link with read-only access. If I want a private project, I just make sure no one ever gets a share link with public access.) That would seem to solve the problem referenced above. I guess you'd also need a new role corresponding to whatever Gitlab uses for pulling from public repositories without the ability to file issues.
xet7
commented
6 years ago This issue was moved to sandstormports/gitlab-sandstorm#3
Hey @dwrensha,
First of all: great work and thanks for the Sandstorm GitLab port!
Will it be possible to have public reading access to projects? Would be good if the repository could be displayed / browsed / cloned without being logged in.