From 039415c8c496e043f27ef271aca190d1c3666ec5 Mon Sep 17 00:00:00 2001
From: Achilleas Pipinellis <axilleas@axilleas.me>
Date: Thu, 22 Sep 2016 15:04:57 +0300
Subject: [PATCH] Move document on CI build permissions to new location

---
 doc/ci/README.md                               |  1 +
 doc/user/permissions.md                        | 13 ++++++-------
 .../project/new_ci_build_permissions_model.md} | 18 +++++++++---------
 3 files changed, 16 insertions(+), 16 deletions(-)
 rename doc/{ci/dependent_projects/README.md => user/project/new_ci_build_permissions_model.md} (95%)

diff --git a/doc/ci/README.md b/doc/ci/README.md
index a52277e582a..cce77c655b6 100644
--- a/doc/ci/README.md
+++ b/doc/ci/README.md
@@ -20,3 +20,4 @@
 - [Access dependent projects](dependent_projects/README.md)
 - [API](../api/ci/README.md)
 - [CI services (linked docker containers)](services/README.md)
+- [**New CI build permissions model**](../user/project/new_ci_build_permissions_model.md)
diff --git a/doc/user/permissions.md b/doc/user/permissions.md
index d1156127a00..76e7a100545 100644
--- a/doc/user/permissions.md
+++ b/doc/user/permissions.md
@@ -143,13 +143,11 @@ instance and project. In addition, all admins can use the admin interface under
 
 > Changed in GitLab 8.12.
 
-GitLab 8.12 has completely redesigned build permission system.
-You can find all discussion and all our concerns when choosing the current approach:
-https://gitlab.com/gitlab-org/gitlab-ce/issues/18994
+GitLab 8.12 has a completely redesigned build permission system.
+Read all about the [new model and its implications][new-mod].
 
-### Build privileges
-
-This table shows granted privileges for builds triggered by specific types of users:
+This table shows granted privileges for builds triggered by specific types of
+users:
 
 | Action                                      | Guest, Reporter | Developer   | Master   | Admin  |
 |---------------------------------------------|-----------------|-------------|----------|--------|
@@ -168,4 +166,5 @@ This table shows granted privileges for builds triggered by specific types of us
 
 [^3]: Only if user is not external one.
 [^4]: Only if user is a member of the project.
-
+[ce-18994]: https://gitlab.com/gitlab-org/gitlab-ce/issues/18994
+[new-mod]: project/new_ci_build_permissions_model.md
diff --git a/doc/ci/dependent_projects/README.md b/doc/user/project/new_ci_build_permissions_model.md
similarity index 95%
rename from doc/ci/dependent_projects/README.md
rename to doc/user/project/new_ci_build_permissions_model.md
index 3e91f82e2d4..29677fee421 100644
--- a/doc/ci/dependent_projects/README.md
+++ b/doc/user/project/new_ci_build_permissions_model.md
@@ -1,8 +1,8 @@
-# New CI build permission model
+# New CI build permissions model
 
 > Introduced in GitLab 8.12.
 
-GitLab 8.12 has a completely redesigned build permission system. You can find
+GitLab 8.12 has a completely redesigned [build permissions] system. You can find
 all discussion and all our concerns when choosing the current approach in issue
 [#18994](https://gitlab.com/gitlab-org/gitlab-ce/issues/18994).
 
@@ -107,13 +107,12 @@ to checkout project sources.
 The project's Runner's token was a token that you could find under the
 project's **Settings > CI/CD Pipelines** and was limited to access only that
 project.
+It could be used for registering new specific Runners assigned to the project
+and to checkout project sources.
+It could also be used with the GitLab Container Registry for that project,
+allowing pulling and pushing Docker images from within the CI build.
 
-The project's Runner's token was used for registering new specific Runners
-assigned to project and to checkout project sources.
-
-The project Runners token could also be used with the GitLab Container Registry
-for that project, allowing pulling and pushing Docker images from within the
-CI build.
+---
 
 GitLab would create a special checkout URL like:
 
@@ -128,7 +127,7 @@ commands to interact with GitLab Container Registry. For example:
 docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN registry.gitlab.com
 ```
 
-Using single token had multiple security implications
+Using single token had multiple security implications:
 
 - The token would be readable to anyone who had developer access to a project
   that could run CI builds, allowing the developer to register any specific
@@ -279,3 +278,4 @@ test:
 ```
 
 [git-scm]: https://git-scm.com/book/en/v2/Git-Tools-Submodules
+[build permissions]: ../permissions.md#builds-permissions
-- 
2.30.9