Github plugin and access control
41 views
Skip to first unread message
Shahim Essaid
Apr 19, 2014, 10:52:01 PM4/19/14
to repo-d...@googlegroups.com
Hello,
I have a working installation of Gerrit with the Github plugin but I can't figure out how to prevent logged in users from importing their own Github projects. This installation is for my own use but other users (after going through the Github login) should be able to contribute, review, etc. but not import all their own projects into my Gerrit instance. I am testing with a test user and this user does not have the usual "create new project" link on the project tab but when they go to the "Github" tab they are allowed to import all their projects from Github which effectively means that they can create new projects.
How can I control this? I can chown the "git" directory on the server to prevent the creation of new directories by the "gerrit" user but that makes it more difficult to create new projects when needed.
Thanks,
Shahim
I have a working installation of Gerrit with the Github plugin but I can't figure out how to prevent logged in users from importing their own Github projects. This installation is for my own use but other users (after going through the Github login) should be able to contribute, review, etc. but not import all their own projects into my Gerrit instance. I am testing with a test user and this user does not have the usual "create new project" link on the project tab but when they go to the "Github" tab they are allowed to import all their projects from Github which effectively means that they can create new projects.
How can I control this? I can chown the "git" directory on the server to prevent the creation of new directories by the "gerrit" user but that makes it more difficult to create new projects when needed.
Thanks,
Shahim
Luca Milanesio
Apr 20, 2014, 11:20:46 AM4/20/14
to Shahim Essaid, repo-d...@googlegroups.com
Hi Shahim,
the github plugin has two components:
a) OAuth authentication
b) Repos and Pull requests import
Just install the component a) without installing the plugin.
(github-oauth.jar)
Luca.
--
--
To unsubscribe, email repo-discuss...@googlegroups.com
More info at http://groups.google.com/group/repo-discuss?hl=en
---
You received this message because you are subscribed to the Google Groups "Repo and Gerrit Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to repo-discuss...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Shahim Essaid
Apr 20, 2014, 1:42:25 PM4/20/14
to repo-d...@googlegroups.com, Shahim Essaid
Thank you for the tip Luca. If I disable the "repos and pull" plugin I will not be able to import the pull requests anymore. Right?
A possibly related issue. I am trying this with 2.9-rc1 and a checkout of the Github plugin (after cherry picking all master commits other than the version bumps) and for some reason I don't see all the default groups in the Gerrit web UI. I only see the administrator and non-interactive groups and there is no way to see the "github" created/registered users. I have two related questions:
1. Do you know if there is an issue with showing registered users in rc1 in the UI and if that group is shown, with the Github authenticated users be listed in this group?
2. Would it be possible for the Github plugin to have an "import/pull request" group so that users can only import and pull if they are in this group. Having both 1 and 2 will allow me to see new users and then decide which ones should be able to import and pull to my instance.
Best,
Shahim
A possibly related issue. I am trying this with 2.9-rc1 and a checkout of the Github plugin (after cherry picking all master commits other than the version bumps) and for some reason I don't see all the default groups in the Gerrit web UI. I only see the administrator and non-interactive groups and there is no way to see the "github" created/registered users. I have two related questions:
1. Do you know if there is an issue with showing registered users in rc1 in the UI and if that group is shown, with the Github authenticated users be listed in this group?
2. Would it be possible for the Github plugin to have an "import/pull request" group so that users can only import and pull if they are in this group. Having both 1 and 2 will allow me to see new users and then decide which ones should be able to import and pull to my instance.
Best,
Shahim
Luca Milanesio
Apr 20, 2014, 5:36:55 PM4/20/14
to Shahim Essaid, repo-d...@googlegroups.com
On 20 Apr 2014, at 18:42, Shahim Essaid <sha...@essaid.com> wrote:
Thank you for the tip Luca. If I disable the "repos and pull" plugin I will not be able to import the pull requests anymore. Right?
Yep.
A possibly related issue. I am trying this with 2.9-rc1 and a checkout of the Github plugin (after cherry picking all master commits other than the version bumps) and for some reason I don't see all the default groups in the Gerrit web UI.
GitHub plugin cannot have any influence on Gerrit groups. What's the difference with Gerrit plain vanilla without plugins ?
I only see the administrator and non-interactive groups and there is no way to see the "github" created/registered users.
GitHub plugin does not create any group: relies on 'singleusergroup' plugin for assigning access permissions.
I have two related questions:
1. Do you know if there is an issue with showing registered users in rc1 in the UI and if that group is shown, with the Github authenticated users be listed in this group?
Registered users are never shown in the Gerrit UX.
2. Would it be possible for the Github plugin to have an "import/pull request" group so that users can only import and pull if they are in this group. Having both 1 and 2 will allow me to see new users and then decide which ones should be able to import and pull to my instance.
Not at the moment, but contributions are welcome :-)
Luca.
Reply all
Reply to author
Forward
0 new messages