Closed svedova closed 2 years ago
Closing issue, this one is resolved for private projects. If the visibility of a project is INTERNAL
or PRIVATE
, Stormkit allows any member to execute the command. If the visibility of a project is PUBLIC
then only the MR author can deploy.
One of our customers wrote:
Implementation plan
Currently only MR authors are allowed to deploy using the
/stormkit deploy
comment. We had this as a security feature because as far as I remember, the permission level is not passed with the author information when using GitLab API.