diff options
author | Milo Casagrande <milo@ubuntu.com> | 2013-02-04 14:55:12 +0100 |
---|---|---|
committer | Milo Casagrande <milo@ubuntu.com> | 2013-02-04 14:55:12 +0100 |
commit | 7564128555a1714911aee2e73a0da5184a4eb52e (patch) | |
tree | b325bd60e5ccda5608fb3b99623166f948edc1d2 | |
parent | d1b28a11944fb049fe008849db3ba907a6bf3e57 (diff) |
Added info about private repositories.
-rw-r--r-- | SETUP | 69 |
1 files changed, 68 insertions, 1 deletions
@@ -62,4 +62,71 @@ each user via the .ssh/authorized_keys file. command="git-shell -c $SSH_ORIGINAL_COMMAND" ssh-rsa AAAAB3NzaC***...*** For more info on git-shell and what commands it supports please refer to the -manual.
\ No newline at end of file +manual. + + +Private Repositories +==================== + +RhodeCode supports private repositories out-of-the-box. + +It should not be necessary to setup a separate domain to handle private +repositories, RhodeCode can handle access level through its users and groups +database. + +Repositories can be marked private, and access can be granted either at group +and/or user level. A user can create repositories and set them private as well. +Access to the repository is granted by its creator to other user. A user is admin +of the repositories she creates. + +All configurations happen from the RhodeCode web interface, when logged in as +the 'admin' user, or as an user with the 'admin' status ('admin' status in this +case is web-site wise, not per-repository). + +In order for a group to be set up as private, it is necessary to change its +'default' setting to 'none', so that only explicitly added groups or users can +view it. Anonymous users will not see it either. + +When a user that does not have access to a repository try to access it via its +URL, a 403 page is returned if the user is logged in, or the login interface +is shown if the user is anonymous. + + +Scenarios +--------- + + * Private group called 'linaro-private', a logged in user called 'johndoe': + * User has no permissions on the 'linaro-private' group: + - Does not see the repository + - If he tries to access the repository URL, 403 page is shown + * User has 'read' permissions on the group: + - Can see and browse the 'linaro-private' group repositories + - Cannot add new repositories under 'linaro-private' + * User has 'write' permissions on the group: + - Can see and browse the 'linaro-private' group repositories + - Can add new repositories under 'linaro-private' + * Anonymous user: + - She sees nothing on the home page + - If she tries to access the repository, the login interface is shown + + * Private group called 'linaro-private', a sub group called 'sub-linaro-private', + a user 'johndoe': + * User has no permissions on the parent group nor the sub-group: + - Does not see the repositories + - If he tries to access the repository URL, 403 page is shown + * User has no permissions on the parent group, has 'read' access on the sub-group: + - Cannot see the parent group + - Can access the sub-group only via its URL: domain/group/sub-group + * User has 'read' permissions on the parent group, and none in sub-group: + - Does see the parent group repositories + - Cannot access the sub-group + * User has 'write' permissions on the parent group, 'read' on the sub-group: + - Does see parent and sub-group repositories + - Can access sub-group + - Can create new repositories in the parent group, but not in the sub-group + + +Open Questions +-------------- + + * How will this cope with SSH access to repositories? |