almet
commented
3 years ago I like the idea that anybody with access to the project can change anything in it. It's simple enough and reduces the need to implement ACLs.
Open zorun opened 3 years ago
almet
commented
3 years ago I like the idea that anybody with access to the project can change anything in it. It's simple enough and reduces the need to implement ACLs.
While writing documentation in #858 , I thought that the token model is a bit strange.
Tokens are good when used in invitation links: people can connect without knowing the private code, and so they can't change the private code in the web interface.
However, the same token can be used to change the private code through the API!
I like the feature "get access to a project without the power to change the private code", so to keep it we could: