christhomas
commented
5 years ago This is done, all package group accesses are now associated with a repository
Closed christhomas closed 5 years ago
christhomas
commented
5 years ago This is done, all package group accesses are now associated with a repository
Right now you can give access to package groups and there is no way to know for which repository type you're being given access.
Lets assume that you have php and npm repositories. You also have a package group called "platforms".
So if you give REPOSITORY_ACCESS=php, and PACKAGE_GROUP=platforms. There is no correlation between them.
So if the system tries to access the platforms group, using the npm repository, it'll work since you didn't specify them as a combination together.
But I think it makes a lot more sense to have these two options together since then you can customise package group access in combination with the repository type. Therefore giving access to the "platforms" package group, but only to the php repository, preventing the user from accessing the "platforms" package group from the npm repository.
This might seem like an edge case, and it is, which is why it's not a high priority. But obviously this is something that should be fixed.