Limit guest access builds
This solves https://dev.gitlab.org/gitlab/gitlabhq/issues/2646 1. This MR simplifies CI permission model: - read_build: allows to read a list of builds, artifacts and trace - update_build: allows to cancel and retry builds - admin_build: allows to manage triggers, runners and variables - read_commit_status: allows to read a list of commit statuses (including the status of a build, but doesn't allow to see a build details) - create_commit_status: allows to create a new commit status using API 2. I do make sure that the proper permissions are used in all places where the CI can be shown. 3. Add the `read_build` ability if user is anonymous or guest and allow_guest_to_access_builds is enabled. 4. Add CI setting: public_builds. 5. The artifacts specific permission are removed, since they are covered by `*_build`.
Showing
Please register or sign in to comment