gnat
commented
3 years ago Also I believe this has been proposed years ago in the past (granular access controls for OAuth Access Tokens, read/write, etc.), but proposals have looked super complicated to the point where I fear we may never see this feature. The above would get us there for the vast majority of gitea users with less effort, be easy to document and use.
a1012112796
Currently, CI systems and apps integrate with Gitea using "full access" OAuth Application / Access Tokens.
Unfortunately this is a security issue as the tokens have full access to every repository- this has fairly serious implications if any app using these tokens is compromised.
To keep things simple, I propose an easy way to add access control:
This has a nice side effect of cleaning up repositories from the build list when using automated CI systems such as Drone.
Thanks!