Details
-
Suggestion
-
Resolution: Won't Fix
Description
We're a team of about 10 people looking into using Bitbucket to manage coursework code submissions from ~100 users. The workflow we're considering goes something like this:
- We make template code available under a public repository (e.g. courseteam/foo).
- Students private-fork this repository (e.g. as foobarbaz/foo), granting access to team user (courseteam). To our knowledge, there is no easy way for students to grant access to all of the users in courseteam at once short of adding them all manually (which we wouldn't want students to do every week!).
- Students use repository as usual.
- Upon completion, students provide repo/commit ID, and courseteam members pull repos for grading.
We could in principle support most of this toolchain through judicious use of SSH keys, but anything we'd want to do using the Bitbucket web interface would require us to log in as the team user. That would require us to distribute and share a common password (which has its own security implications), as well as log out and log back in every time we need to switch contexts.
Thus, to support such a use case, we'd like to propose adding a "Switch to team user" UI item in an appropriate place (either in the top-right account menu next to the team name, or on the team page itself) that would allow authorized team members to instantly switch context to that of the team user when necessary, as well as a corresponding "Switch to main user" UI item that would switch context back to the primary user account.
(The need is driven largely by the fact that team users can exist in a different security context from the team members, since team members don't automatically inherit permissions granted to the team user. An alternative fix could address this issue.)