Projects onedev server Issues #1631
#1631  Any way to make a project truly private?
Closed
Tim opened 4 months ago

Hello! I have a couple of private projects on my onedev instance but they still show up if you view them as an anonymous user. You can see that only the repository "minecraft-economy-parser" is public as it actually shows it has files:
image.png

Any anonymous user sees this when they open a private project:
image_2.png

They have the following permissions (aptly named nothing because they have no permissions for private projects):
image_3.png

How do I make it so that these projects arent viewable for anonymous users? I bet it will create a lot of confusion for them to see the projects but them being empty.

Thanks in advance for your reply

Robin Shen commented 4 months ago

Please check if any ancestor project has default role allowing to access them. If not, check the default login group in administration / security setting.

Tim commented 4 months ago

Hello thanks for your reply!

The root projects all have the default role set at the same Nothing role:
image_5.png
As per suggestion, I have made a new group as the default with the following settings:
image_4.png

However when I go on an incognito tab I can still see all the projects:
image_6.png

I did some further testing myself and interestingly enough if I make a project that has no default role it doesn't show up anywhere and is truly private. But once I said the role to "nothing" it appears as an empty project again:
image_7.png

Is this intentional behaviour? I guess it's fixed from my part because I can set it as no default role for now but I'm wondering if this is a bug

Robin Shen commented 4 months ago

This is expected behavior. When a project is associated with a role, it will get minimum permission which is issue browsing and opening. Since your projects do not have issues, it displays nothing.

Robin Shen changed state to 'Closed' 4 months ago
Previous Value Current Value
Open
Closed
ZhuangYumin changed state to 'Open' 3 weeks ago
Previous Value Current Value
Closed
Open
ZhuangYumin commented 3 weeks ago

However, it seems that a child project cannot be set as "no default role", so a public project cannot have a truly private child project by setting the role to nothing. Is there any way to make a child project truly private?

ZhuangYumin commented 3 weeks ago

After clicking the "X", the default role will be set to "Inherit from parent" 屏幕截图 2024-01-29 221453.png 屏幕截图 2024-01-29 221532.png

Robin Shen commented 3 weeks ago

This is expected behavior. The effective permissions of a project is union of permissions from all sources, including inherited and self-defined.

Robin Shen commented 3 weeks ago

So it is impossible to make a child private if any of its parent is public.

ZhuangYumin commented 3 weeks ago

So it is impossible to make a child private if any of its parent is public.

Is it possible to add some methods to easily and freely set a project as truly private in future versions?

Robin Shen commented 3 weeks ago

I am afraid this may not be implemented in the near future, as many tree operations in OneDev are based on this assumption.

Robin Shen changed state to 'Closed' 3 weeks ago
Previous Value Current Value
Open
Closed
issue 1 of 1
Type
Question
Priority
Normal
Assignee
Labels
No labels
Issue Votes (0)
Watchers (4)
Reference
onedev/server#1631
Please wait...
Page is in error, reload to recover