Internal Projects (Public or Private)
When reviewing some documentation on "Internal" project visability, it seems that Internal projects can be cloned by any logged in user, but that any logged in user will have Guest permissions on the project. See the following:
To me this is a bit confusing, since Guest permissions don't allow cloning/viewing source code. See permissions:
So if Internal projects are open source to everyone who can authenticate, it seems a bit cumbersome to set up a project that I want to be made available with guest access only (i.e can create issues, but not view source code) to all users who can authenticate.
The only way to make my project open to everyone to create issues and without providing source code is to create a Private project and then add a Group Access with Guest Permissions for the AD group who can access GitLab, which seems a bit non-intuitive and should likely just be part of the visability level.
It would be beneficial to allow for decoupling the open source aspect from the visability level, maybe like the following:
- Private projects always require explict permissions to grant access.
- Internal (Private/Closed Source)
- Anyone that can authenicate to GitLab has guest access only to this project, so they can create issues, but can not see source code unless given explicit permissions.
- Internal (Public/Open Source)
- This is the current Internal visability setting
- Public (Private/Closed Source)
- Anyone can view project and create issues, but can not review source code unless granted explicit permissions.
- Public (Public/Open Source)
- This is the current Public visability setting
Thoughts on this?