Hello! I have a couple of private projects on my onedev instance but they still show up if you view them as an anonymous user. You can see that only the repository "minecraft-economy-parser" is public as it actually shows it has files:
Any anonymous user sees this when they open a private project:
They have the following permissions (aptly named nothing because they have no permissions for private projects):
How do I make it so that these projects arent viewable for anonymous users? I bet it will create a lot of confusion for them to see the projects but them being empty.
Thanks in advance for your reply
Robin Shen commented 6 months ago
Please check if any ancestor project has default role allowing to access them. If not, check the default login group in administration / security setting.
Tim commented 6 months ago
Hello thanks for your reply!
The root projects all have the default role set at the same Nothing role:
As per suggestion, I have made a new group as the default with the following settings:
However when I go on an incognito tab I can still see all the projects:
I did some further testing myself and interestingly enough if I make a project that has no default role it doesn't show up anywhere and is truly private. But once I said the role to "nothing" it appears as an empty project again:
Is this intentional behaviour? I guess it's fixed from my part because I can set it as no default role for now but I'm wondering if this is a bug
Robin Shen commented 6 months ago
This is expected behavior. When a project is associated with a role, it will get minimum permission which is issue browsing and opening. Since your projects do not have issues, it displays nothing.
Robin Shenchanged state to 'Closed'6 months ago
Previous Value
Current Value
Open
Closed
ZhuangYuminchanged state to 'Open'3 months ago
Previous Value
Current Value
Closed
Open
ZhuangYumin commented 3 months ago
However, it seems that a child project cannot be set as "no default role", so a public project cannot have a truly private child project by setting the role to nothing. Is there any way to make a child project truly private?
ZhuangYumin commented 3 months ago
After clicking the "X", the default role will be set to "Inherit from parent"
Robin Shen commented 3 months ago
This is expected behavior. The effective permissions of a project is union of permissions from all sources, including inherited and self-defined.
Robin Shen commented 3 months ago
So it is impossible to make a child private if any of its parent is public.
ZhuangYumin commented 3 months ago
So it is impossible to make a child private if any of its parent is public.
Is it possible to add some methods to easily and freely set a project as truly private in future versions?
Robin Shen commented 3 months ago
I am afraid this may not be implemented in the near future, as many tree operations in OneDev are based on this assumption.
Hello! I have a couple of private projects on my onedev instance but they still show up if you view them as an anonymous user. You can see that only the repository "minecraft-economy-parser" is public as it actually shows it has files:
Any anonymous user sees this when they open a private project:
They have the following permissions (aptly named nothing because they have no permissions for private projects):
How do I make it so that these projects arent viewable for anonymous users? I bet it will create a lot of confusion for them to see the projects but them being empty.
Thanks in advance for your reply