Default Pages access levels inconsistent for existing projects
Problem to solve
The documentation lists the possible values for the pages access control depending on the different project visibilities:
- for private projects
PRIVATE = 10
PUBLIC = 30
- for internal projects
PRIVATE = 10
ENABLED = 20
PUBLIC = 30
- for public projects
PRIVATE = 10
ENABLED = 20
Here the inconsistency appears for the possible options of the UI select box:
- For new private projects, the default value in the DB is
ENABLED = 20
, but the UI does not offer that option. I guess it defaults to the first option which isPRIVATE = 10
, but that does not match what is stored. From what I can see in the code, this will anyway be correctly evaluated as "only members of the project", sincepublic_pages?
will returnfalse
. - For older public projects, the default value in the DB is
PUBLIC = 30
, but the UI also does not offer that option. The view defaults to the first option which isPRIVATE = 10
, but actually the code inpublic_pages?
will allow access since the pages access level isPUBLIC
. This makes no sense because it does not match the current behaviour, plus if you update the settings, then you will overwrite this and set it to private.
def public_pages?
return true unless Gitlab.config.pages.access_control
pages_access_level == PUBLIC || pages_access_level == ENABLED && project.public?
end
Proposal
See thread
Orignal description
This is partially a bug, partially a documentation update, and partially a feature request.
Problem to solve
Document or allow to be configured the default Pages access level.
I've empirically determined that, for newly-created projects, the default Pages access level is as follows:
Project visibility | Pages access |
---|---|
Public | Everyone With Access |
Internal | Everyone With Access |
Private | Only Project Members |
Unfortunately, when Pages (and Pages Authentication) are enabled, existing projects have the following Pages access level. (I confirmed each of these by checking >=3 old projects which had the given visibility when Pages was enabled):
Project visibility | Pages access |
---|---|
Public | Only Project Members |
Internal | Everyone |
Private | Everyone |
To me, these are clearly wrong.
Proposal
- Document the default Pages access level for newly-created projects
- Fix the default Pages access level for existing projects so that they are consistent with the newly-created projects
- Possibly provide an admin option to control this behavior
Edited by Vladimir Shushlin