As far as I can tell at the moment, the only way to see the push policy is to go to the edit page, which will usually be more restricted than the visibility policy of the repository. I suspect there is some other stuff on that edit page that the same applies to.
Description
Description
Related Objects
Related Objects
- Mentioned In
- T10748: Implement `diffusion.repository.edit`, for creating and editing repositories via the API
- Mentioned Here
- T10748: Implement `diffusion.repository.edit`, for creating and editing repositories via the API
T10337: Implement `diffusion.search` and think about `diffusion.edit`
D12170: Censor response bodies from Mercurial error messages
Event Timeline
Comment Actions
Yeah, I think the existing "Edit" page should really be more like the "Manage" page in Projects that anyone who can see the repository can see.
The page is currently restricted because the "errors" section (particularly historically) can contain somewhat-sensitive information (paths, HTTP passwords, arbitrary HTTP content in Mercurial usable in SSRF attacks prior to D12170). But we can separate this out into an "errors" page, say "hey there is an error, click here to see it if you have permission", and let normal users see everything else.
T10337 has some similar discussion about the future of this interface, more from an administrator viewpoint.
Comment Actions
I'm going to merge this into T10748 because that's clearly the pathway forward now. You can view the new UI at /diffusion/X/manage/, although it mostly doesn't work yet and there are no links to it in the UI.
I made the "errors" section conditional on being able to edit the repository. Everything else only requires permission to view the repository.
Once this UI is ready, "Edit Repository" will take you to it instead, with appropriate permissions and a label more like "Manage Repository" or similar.