i want my helpdesk coworker can run job so they try this before calling me at 3.00AM.
I just let them run job or access to issue but not source code so i create
when i connect this a such account
They can only re-run job but not run a specific job or set notification when job is run.
How do it :
let them run job base on a specific commit but not the source code
enable/disable notification based on job query
Thanks
Robin Shen commented 2 years ago
let them run job base on a specific commit but not the source code
If user can access commit info to run job, they have some info of the source, why not let them accessing source then.
enable/disable notification based on job query
you can subscribe to a build query to get notifications:
Robin Shenchanged state to 'Closed'2 years ago
Previous Value
Current Value
Open
Closed
bufferUnderrun commented 2 years ago
If user can access commit info to run job, they have some info of the source, why not let them accessing source then.
Well, that's the point !
The only place where they can run an old job is in the commit page.
So they have to list the commit and commit message but NOT the source as i don't want they exfiltrate source code.
Robin Shen commented 2 years ago
I personally feel that it is not very reasonable to have users seen commits (which is necessary to run build against), but not being able to see source. Sometimes, it is even necessary to check source of the commit to make sure the job is running against right commit...
bufferUnderrun commented 2 years ago
This is for helpdesk support, they don't have the knowledge to read source code instead they read the commit message to take a decision and run the associated job.
But only owner and dev can access source code for security reason.
Robin Shenchanged state to 'Open'2 years ago
Previous Value
Current Value
Closed
Open
Robin Shen commented 2 years ago
Will improve so that user can choose commit to build against in builds page.
Robin Shen commented 2 years ago
Trying to implement this, feature but turns out this feature is flawed. For instance, to find out appropriate commits to build against, OneDev may need to be able to search commits by author/file, and may also need to show branches/tags, and this discloses much of source info.
Due to this, I'd like not to implement this feature. Instead the role editing page will be improved to make sure code read privilege is also specified if job run privilege is specified.
Hi,
i want my helpdesk coworker can run job so they try this before calling me at 3.00AM.
I just let them run job or access to issue but not source code so i create
when i connect this a such account
They can only re-run job but not run a specific job or set notification when job is run.
How do it :
Thanks