Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Read-only users #855

Open
amoutaux opened this issue Apr 23, 2024 · 2 comments
Open

Read-only users #855

amoutaux opened this issue Apr 23, 2024 · 2 comments

Comments

@amoutaux
Copy link

Hello there !

First of all thanks for your work 馃檱

I use Docat to host my team documentation. All projects have a CI/CD pipeline in charge of uploading new versions of docs to Docat.

However, any user can push a new version to any project. And since the 'latest' tag is automatically applied to the last upload, it is very easy for anyone to break a project this way. This is especially true since the buttons on the Home page makes it very easy to upload a documentation, even on an already claimed project.

In other words, I want the users of the platform to be able to look through existing documentation and prevent them from doing any administrative operation.

It would be very useful to:

  • Prevent uploads on a claimed project (do not require the token only for existing tags but for the whole project)
  • Make it possible to remove the administrative components from the UI (maybe through an environment variable and a conditional JSX rendering ?)

If you feel like this would be a good addition, I would gladly try to implement it myself and open a pull request (else I can always use the Fork 馃檲)

Thank you.
amoutaux pushed a commit to amoutaux/docat that referenced this issue Apr 23, 2024
[DRAFT] Remove admin views
2ccf91b 
Remove administrative stuff from the UI while we agree on a clean
solution.

See docat-org#855
amoutaux pushed a commit to amoutaux/docat that referenced this issue Apr 23, 2024
[DRAFT] Remove admin views
301080f 
Remove administrative stuff from the UI while we agree on a clean
solution.

See docat-org#855
amoutaux pushed a commit to amoutaux/docat that referenced this issue Apr 23, 2024
[DRAFT] Prevent unauthorized upload
c088329 
See docat-org#855
@reglim
Copy link
Contributor

reglim commented Apr 30, 2024
edited

I like the idea. I think the easiest way to fix this would be to just require the user to provide a token for uploading a new version, as you mentioned.
Otherwise I think you'd need to have some authentication / authorization system which would drive up the complexity a lot.

@fliiiix, @randombenj What do you think about that?

@randombenj
Copy link
Member

I think this feature is quite similar/the same as this one: #618
One alternative as mentioned in the issue is to use nginx basic auth: #618 (comment)

@fliiiix @reglim maybe we could even make this configurable for our docker continuer.

However I am also not entirely against merging vorausrobotik@abf8499 as I think the implementation would not add more complexity and this is by far the most requested feature.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@randombenj @amoutaux @reglim