Repos in hidden groups are still accessible

Issue #384 resolved
IBBoard created an issue

I'm trying to share a Rhodecode install between public/FOSS code and some private stuff. With 1.3 I can create a group and make it not visible to (for example) guests. However, if I create a repo in that group and leave its settings as default then it is accessible to guests who know the path.

The fix for now is to remember to set the repos to private as well, but it'd be useful and (IMO) more intuitive if repos in hidden groups were also hidden. Basically, default permission inheritance.

Comments (4)

  1. Former user Account Deleted

    I vote against this. I think groups are groups and repos are repos. Don't mess that up to much. If it's allowed to access the repo, then it's allowed to access the repo - period. I think it's fine that way. I would suggest to even remove the rights on repo groups completely and just determine the visibility of the group based on the fact if the user has access rights to any of the repositories inside the group. The only additional setting necessary then would be if a user is allowed to see an empty group to create a new repository in.

  2. Marcin Kuzminski repo owner

    Yeah this is something i really need to decide on. If the permissions on groups should propagate to repos... haven't decided yet...

  3. Log in to comment