We would like to setup a Gitlab installation where the majority of users can see each other repositories (like if they were internal), but some other users (think at them as guests) are only able to see the repositories he has been granted membership on.
I don’t see how this can be achieved with the default sets of permissions, but maybe I overlooked them.
Here is a more concrete example.
Assume 10 users: user1, …, user10
And two guest users: guest1, guest2
Every user has some (let’s say 3 repositories):
user1/repoA, user1/repoB, user1/repoC
user2/repoA, …
…
I would like that user1-10 have read-access to all repositories. If I got it right one possibility is to set the repositories as internal.
Additionally. guest1 and guest2 shouldn’t all the repos, but only the one they have been explicitly added to.
For example guest1 is a Developer in guest5/repoA and guest2 is Developer in guest3/repoC.
If I make internal repositories I think that also guest1 and guest2 will see all the repositories of all users, right?
You can do this not with internal repositories. But you can do it by creating a group that contains all your company users and inviting group to all repo’s. Invite a group to a repo is an EE feature.
Thanks, I didn’t know of this EE feature.
But I think that this wouldn’t be optimal either, because the owner of the project has to invite the group. The internal status we can automatically enforce in the admin interface.
Do you have an idea of how much effort would it be to add this feature ourself (in the community edition)?
I think it could be a property like “can create group” and “is admin”, but then it must be checked when permissions are checked. Is it just a single file to be modified or it might be something propagating a lot?