Open seccentral opened 3 weeks ago
It's not a bug, it's by design which will keep consistent with Github's implementations.
I didn't know. Is there a way to allow read only access as the ACL page actually suggests is happening ? If not, it should be useful to remove the read only option from the ACL settings page because it's not advertising what it's selling.
Also, thank you for clarifying.
Description
I created a gitea instance with keycloak authentication for the purpose of centralizing multiple service authentication/authorization under one solution and added the users to groups that are exposed as a custom claim along with their group names in the access token, then created an Org with teams in gitea and mapped the claimed groups to the organization's teams representing full access administrators and read only members. The read only members should have read only access to the Issues and Wiki as configured on the Team's ACL settings. The problem is that the read only users can create new issues, hence I suspect that this is a bug.
TL/DR - make an org with a team who's members are ACL restricted to read only, and they can create new issues.
Gitea Version
1.21.8
Can you reproduce the bug on the Gitea demo site?
No
Log Gist
Screenshots
Git Version
No response
Operating System
Debian 12
How are you running Gitea?
Custom tailored docker stack including it's postgres database, auth(keycloak) and reverse proxy(caddy), but this detail is not relevant for this bug.
Database
PostgreSQL