API Create issue, Privare repo, Public issue (BB-3043)

MrCue avatarMrCue created an issue

When trying to create an issue via the API, the authenticated user needs a minimum of read privilege on the repo in order to create the issue.

When the repo is private, and the issue tracker is public the user should only be required to be authenticated, not to have read access to the repo.

Instead, an http error 401 is returned from the API if the user does not have read access.

Comments (4)

  1. David Chambers

    Are you suggesting that creating an issue on a private repo's public tracker and creating an issue on a public repo's public tracker should be treated differently?

    Before taking action I'd like to understand both the privileges required to create issues in each of the four scenarios, and the thinking behind these rules.

  2. MrCue

    I have not tested how this works with public repos and public trackers, i would presume that since everybody has read access to public repos, this is not an issue.

    However

    Private repo + Public tracker

    • Via the web interface, a user may create an issue, without having any level of access to the repository.
    • The same user, can not use the API to create an issue, unless the user has a minimum of read access to the repository.

    What I am asking for, is that any user be allowed to create an issue via the API if the issue tracker is public, regardless of their repository access level.

    A nice extension to this, would be to allow for anonymous issue creation via the API as can be achieved through the site.

  3. Dylan Etkin

    I agree that the UI and the API should be consistent.

    We are not really tackling too many API issues ATM but we will try to address this when we are next in the area.

    Cheers,

    Dylan

  4. Log in to comment
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.