Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support public code/issue access for private repositories #33127

Merged
merged 10 commits into from
Jan 14, 2025
Merged

Support public code/issue access for private repositories #33127

merged 10 commits into from
Jan 14, 2025

Conversation

wxiaoguang
Copy link
Contributor

@wxiaoguang wxiaoguang commented Jan 7, 2025
edited
Loading

Close #8649, close #639 (will add "anonymous access" in following PRs)

@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Jan 7, 2025
@pull-request-size pull-request-size bot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Jan 7, 2025
@github-actions github-actions bot added modifies/translation modifies/go Pull requests that update Go code modifies/templates This PR modifies the template files labels Jan 7, 2025
This was referenced Jan 7, 2025
Closed
Closed
@wxiaoguang wxiaoguang added the type/feature Completely new functionality. Can only be merged if feature freeze is not active. label Jan 7, 2025
@wxiaoguang wxiaoguang force-pushed the support-everyone-access branch 2 times, most recently from 4ab3ba3 to c9325c8 Compare January 7, 2025 03:41
@wxiaoguang wxiaoguang marked this pull request as draft January 7, 2025 04:03
@wxiaoguang wxiaoguang force-pushed the support-everyone-access branch 3 times, most recently from bdf9e88 to 95c296c Compare January 7, 2025 06:14
@wxiaoguang wxiaoguang force-pushed the support-everyone-access branch from 95c296c to 48173b0 Compare January 7, 2025 06:28
@wxiaoguang wxiaoguang marked this pull request as ready for review January 7, 2025 06:32
@wxiaoguang wxiaoguang added this to the 1.24.0 milestone Jan 7, 2025
@wxiaoguang wxiaoguang force-pushed the support-everyone-access branch from 458a1ac to 541a190 Compare January 7, 2025 11:30
@lunny
Copy link
Member

lunny commented Jan 8, 2025

Looks like the user can watch or star the private repositories. Is that normal or should it be hidden?

image

@wxiaoguang
Copy link
Contributor Author

wxiaoguang commented Jan 9, 2025
edited
Loading

Looks like the user can watch or star the private repositories. Is that normal or should it be hidden?

There is no clear definition for that part.

For example: if a user is added into an org team, then they could only access "wiki" in a private repo, the user could still see "stars" and "watches", the same. So i think it is not a problem.

@lunny
Copy link
Member

lunny commented Jan 9, 2025

Looks like the user can watch or star the private repositories. Is that normal or should it be hidden?

There is no clear definition for that part.

For example: if a user is added into an org team, then they could only access "wiki" in a private repo, the user could still see "stars" and "watches", the same. So i think it is not a problem.

I think maybe there is an old bug when watching a repository. Users may receive emails which he should not be received.

@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Jan 9, 2025
@yp05327
Copy link
Contributor

yp05327 commented Jan 10, 2025
edited
Loading

IMO, this feature can be something like sharing a file from cloud drive: generate a unique share URL to access the repo with read permission, a pin code is optional.

The current solution will cause the repo public to all signed-in users. By my understand, the use case is sharing my private code with read permission to someone who is not a user or a user without permission, not all signed-in users.
If the share target is a user of this instance, then just add read permission to code and issue unit is enough? (it is not implemented) If the target is not a user, I can also share it with the share URL? (also we need to consider how to handle it when force login is enabled in this case)

Edited:
It seems that this PR is fixing #639, #8649 is a bit different feature.

@wxiaoguang
Copy link
Contributor Author

I do not understand what's your concern.

The current solution will cause the repo public to all signed-in users. By my understand, the use case is sharing my private code with read permission to someone who is not a user

It needs a new control like AnonymousAccess, this framework is designed well enough to support it in the future.

or a user without permission, not all signed-in users.

I do not understand what's your concern.

If the share target is a user of this instance, then just add read permission to code and issue unit is enough? (it is not implemented) If the target is not a user, I can also share it with the share URL? (also we need to consider how to handle it when force login is enabled in this case)

That's not the real use case. In many cases the site admin or org admin do not want to add users one by one.

It seems that this PR is fixing #639, #8649 is a bit different feature.

I don't understand why " #8649 is a bit different feature", this feature could fully satisfy that requirement.

@yp05327
Copy link
Contributor

yp05327 commented Jan 10, 2025
edited
Loading

My use case is i was applying for a job, they wanted to see source code from my previous projects. I did not want to open source the source code due to unrelated reasons... But i wanted the folks at the company to be able to read over my source code without having to have specific read/write permissions.

The request sounds like: I only want to public to some special people, not all signed-in users.
e.g. I'm using gitea.com, I have a private repo, I want to public it to the company for applying the job, but I don't want to public it to other users in gitea.com, as it is a public instance.
So I think this PR is not satisfied with #8649.

@wxiaoguang
Copy link
Contributor Author

So I think this PR is not satisfied with #8649.

#8649 (comment)

It satisfies. For anonymous access, it needs a new control like AnonymousAccess, this framework is designed well enough to support it in the future.

@wxiaoguang
Copy link
Contributor Author

@go-gitea/maintainers ready for long time.

@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Jan 13, 2025
@wxiaoguang wxiaoguang enabled auto-merge (squash) January 14, 2025 01:19
@wxiaoguang wxiaoguang merged commit a98a836 into go-gitea:main Jan 14, 2025
26 checks passed
@wxiaoguang wxiaoguang deleted the support-everyone-access branch January 14, 2025 01:57
zjjhot added a commit to zjjhot/gitea that referenced this pull request Jan 14, 2025
@zjjhot
Merge remote-tracking branch 'giteaofficial/main'
589d5fc 
* giteaofficial/main: (21 commits)
  Support public code/issue access for private repositories (go-gitea#33127)
  Validate that the tag doesn't exist when creating a tag via the web (go-gitea#33241)
  [skip ci] Updated translations via Crowdin
  Switch back to `vue-tsc` (go-gitea#33248)
  Let API create and edit system webhooks, attempt 2 (go-gitea#33180)
  Fix incorrect ref "blob" (go-gitea#33240)
  Refactor RefName (go-gitea#33234)
  Refactor context RefName and RepoAssignment (go-gitea#33226)
  [skip ci] Updated translations via Crowdin
  Fix upload file form (go-gitea#33230)
  Fix mirror bug (go-gitea#33224)
  Remove unused CSS styles and move some styles to proper files (go-gitea#33217)
  Refactor context repository (go-gitea#33202)
  [skip ci] Updated translations via Crowdin
  Fix unpin hint on the pinned pull requests (go-gitea#33207)
  fix(cache): cache test triggered by non memory cache (go-gitea#33220)
  Update README.md (go-gitea#33149)
  Fix editor markdown not incrementing in a numbered list (go-gitea#33187)
  Some small refactors (go-gitea#33144)
  Fix sync fork for consistency (go-gitea#33147)
  ...
@wxiaoguang wxiaoguang mentioned this pull request Jan 14, 2025
Draft
@SugarD-x
Copy link

SugarD-x commented Jan 14, 2025
edited
Loading

It seems that this PR is fixing #639, #8649 is a bit different feature.

I don't understand why " #8649 is a bit different feature", this feature could fully satisfy that requirement.

I think the idea with #639 is to have private repos remain private, but have their tracker and wiki access be public so the public can contribute to reporting issues or provide documented usage help without being able to see the private code. At least that's it from my understanding, as I've been begging for the same for years. It doesn't change the behavior of the repos themselves. It just opens up a portion of the system to the public while the rest remains private. (Think about how private repos commonly post their commits via bots in Discord and Slack servers that are viewable to the public so they can see what is being worked on, but they can't see the actual code being committed or modified. It adds a secure way to communicate with the public without releasing your core work for everyone to see).

#8649 appears to be more focused on "unlisting" repos, which makes them non-searchable, but still accessible via a controlled, provided link. That is quite a bit different in the sense of the feature from the former. Now I'm sure one PR could theoretically handle controls for both of these requests, but they are definitely not one in the same, if that makes sense.

@wxiaoguang
Copy link
Contributor Author

Thank you for your feedback.

Now I'm sure one PR could theoretically handle controls for both of these requests, but they are definitely not one in the same, if that makes sense.

Yes, the scenario is different while I think we can handle them by the same approach. After "WIP: Add anonymous access support #33257", I guess most cases should be able to be handled. Will try to improve it to make it usable in 1.24

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Zettat123 Zettat123 Zettat123 approved these changes

@silverwind silverwind silverwind approved these changes

@lunny lunny lunny approved these changes

Assignees
No one assigned
Labels
lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. modifies/go Pull requests that update Go code modifies/templates This PR modifies the template files modifies/translation size/L Denotes a PR that changes 100-499 lines, ignoring generated files. type/feature Completely new functionality. Can only be merged if feature freeze is not active.
Projects
None yet
Milestone
1.24.0
Development

Successfully merging this pull request may close these issues.

Feature request: Add unlisted repositories Public issue trackers and/or wikis for private repositories
7 participants
@wxiaoguang @lunny @yp05327 @SugarD-x @silverwind @Zettat123 @GiteaBot