Privileges and Roles¶
In Repocribro, there are defined roles that can be assigned to user accounts. Each account can have several roles and role can be assigned to several accounts. Some pages and actions can be accessible just to some roles.
On top of that, to allow higher granularity of permissions, each role has a list of action privileges. Some actions can be restricted with such privilege instead of whole role.
Roles and privileges can be simply managed in the administration web
interface of repocribro. As administrator, you can define new roles with
different privileges and assign user to them. Repocribro implements simple
wildcarding of action privileges, so * for role admin means that
the role can perform all actions defined now or in the future.
Core roles¶
It is recommended to have three roles described in the table below - for not-logged users, default for users and for administrators.
| Name | Privileges | Description |
|---|---|---|
| admin | * |
Service administrators |
| user | TBD | Regular users |
| anonymous | search*:login |
Not-logged users |
Core action privileges¶
There action privileges are defined in the core and can be used.
| Name | Description |
|---|---|
| search | use search engine |
| login | login to Repocribro via GitHub to app |
| logout | logout from Repocribro |
| browse | visit basic pages like landing |
| browse_user | visit detail of user |
| browse_org | visit detail of organization |
| browse_repo | visit detail of repository that is public or owned-private |
| browse_repo_hidden | visit detail of repository that is hidden |
| manage_dashboard | access to account management dashboard |
| manage_profile_update | update profile information from GitHub |
| manage_repos | list GitHub repositories |
| manage_repo | manage single repository within Repocribro |
| manage_repo_update | update repository information from GitHub |
| manage_repo_delete | delete repository from Repocribro |
| manage_repo_activate | activate repository within Repocribro |
| manage_repo_deactivate | deactivate webhook for Repocribro |
| manage_orgs | list GitHub organizations |
| manage_org | manage single organization |
| manage_org_update | update organization information from GitHub |
| manage_org_delete | delete organization from Repocribro |