• Kamil Trzcinski's avatar
    Limit guest access builds · 447f1e30
    Kamil Trzcinski authored
    This solves https://dev.gitlab.org/gitlab/gitlabhq/issues/2646
    
    1. This MR simplifies CI permission model:
        - read_build: allows to read a list of builds, artifacts and trace
        - update_build: allows to cancel and retry builds
        - admin_build: allows to manage triggers, runners and variables
        - read_commit_status: allows to read a list of commit statuses (including the status of a build, but doesn't allow to see a build details)
        - create_commit_status: allows to create a new commit status using API
    
    2. I do make sure that the proper permissions are used in all places where the CI can be shown.
    
    3. Add the `read_build` ability if user is anonymous or guest and allow_guest_to_access_builds is enabled.
    
    4. Add CI setting: public_builds.
    
    5. The artifacts specific permission are removed, since they are covered by `*_build`.
    447f1e30
permissions.md 5.24 KB