Address `read_namespace` semantic disjoint
Problem
Surfaced in #414993 (comment 1471084680) - a public namespace shouldn't have their name hidden even when an anonymous user is making the API call. However, due to a historical blip, read_namespace
really means has_access
which is anyone with a defined access, even Minimal
. Anonymous access is not included.
Solution
Since read_namespace
has a different meaning than its name, we should re-define read_namespace
as "able to read", (even anonymously for public projects). But because this is a widely-used ability on a central GitLab object, we need to do so carefully so we don't allow anonymous access where it was not intended.
Suggested steps
- alias
read_namespace
asread_namespace_via_membership
and change the policy calls toauthorize :read_namespace_via_membership
- to show that access is really what's meant.👉 !126625 (merged) - Introduce another policy
read_namespace
that simply means read only. Move allread_namespace_via_membership
calls to this one as appropriate. This is on a case-by-case basis so will have to be done carefully.- For example, #414993 (closed) would be one such move.
Edited by Niklas van Schrick