Projects should "not exist" for users w/o access (OD-2373)

Sebastian opened 9 months ago

OneDev will tell users if a repository exists and they just don't have access to it or if the repo does not exist at all (for example in the resulting error message: You are not allowed to perform this operation (403) vs Database entity not found (404)). Would it be possible to add an option to make repos truly "private", i.e. such that unauthorized users can not determine if a certain repo exists at all?

Thanks
Sebastian

👍 1

Robin Shen referenced from other issue 8 months ago

Do not reveal whether a project exists prior to authenticating (OD-1715)

Closed
OneDev commented 8 months ago

State changed as code fixing the issue is committed (8abfc655)
OneDev changed state to 'Closed' 8 months ago
Previous Value Current Value
Open

Closed
OneDev commented 8 months ago

State changed as build OD-6133 is successful
OneDev changed state to 'Released' 8 months ago
Previous Value Current Value
Closed

Released
Login to comment

Previous Value	Current Value
Open	Closed

Previous Value	Current Value
Closed	Released

Type	Improvement
Priority	Normal
Assignee	Robin Shen
Labels	No labels

Issue Votes (1)

Watchers (4)

Reference

OD-2373