Non-owner users can't issue access tokens on repositories
Bug #2039669 reported by
Andrei Gherzan
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Launchpad itself |
New
|
Undecided
|
Unassigned | ||
Bug Description
I am interested in a setup where users can issue access tokens for HTTPS authentication even if they do not own a specific repository (they have read access, for example).
Here is a clear use case. User A owns a private repository R, A adds user B to subscribers (for access to Merge requests, for example), and sets a permission rule in R for B to write to a specific branch. Once this is done, user B cannot set its own access token to take advantage of authentication with access tokens. Navigating +access-tokens as user B in the UI returns:
Not allowed here
Sorry, you don't have permission to access this page or the information in this page is not shared with you.
You are logged in as B.
To post a comment you must log in.
