Follow-up from "Optimize the package finder helper when dealing with deploy tokens [RUN ALL RSPEC] [RUN AS-IF-FOSS]"
The following discussion from !58497 (merged) should be addressed:
-
@sabrams started a discussion: (+1 comment) Very non-blocking: This is outside the scope of this MR, and more of a backend comment related to how we handle different credentials in package finders in general. I see an opportunity for some future refactoring here (maybe when the feature flag is removed). We have
#projects_visible_to_reporters
I assume becausereporter
is the minimum access level for users to access non-public packages. This made me have two thoughts:- Deploy tokens do not have an access level, so it seems strange to have the check for them be in this method (or at least be in a method with this name). I wonder if there is a way we could create a common interface so we can use the same method call for both
User
andDeployToken
(duck-typing)? - Maybe we should avoid coding the permission level into the method name (what if in the future we update packages to require a different permission level)?
- Deploy tokens do not have an access level, so it seems strange to have the check for them be in this method (or at least be in a method with this name). I wonder if there is a way we could create a common interface so we can use the same method call for both