enhancement
Implement permissions for repositories
The base should be the idea that there are:
- users (an account, possibly having ssh keys)
- organisations (having members and administrators)
- global access rights (i.e. a repository might be public or private)
It might be a good idea to give permissions to a organisation's members only and not to the organisation's admins. However admins can be members too.
Permission mask
The following values (modelled after UNIX/POSIX) model the rights:
1 => Manage
2 => Write
3 => Manage, Write
4 => Read
5 => Manage, Read
6 => Read, Write
7 => Manage, Read, WriteEvery other value than (1-7) implies no access rights at all.
(I) public repositories
- allow write (push) access to organisations (and thus their members)
- allow management (administer a repository including permissions) access to organisations (and thus their members)
(II) private repositories
- allow read (browse, clone, clone to account (fork), pull) access to organisations (and thus their members)
- allow write (push) access to organisations (and thus their members)
- allow management (administer a repository including permissions) access to organisations (and thus their members)
Implementation notes
Because modelling after the classical owner:group:world permission set is too limited for the use case, either access control lists (ACLs) or role based access control (RBAC) should be implemented.
The most simple approach might be implementing ACLs for organisations only.