Cannot see org/group linked secrets on repo despite having write access
Opened this issue · 8 comments
Component
web-ui
Describe the bug
Hi,
I am not able to see secrets assigned to an org or groups that I am a part of in a repository where I have write access.
I can see secrets if I'm set as a Woodpecker administrator, as a regular user, I can use those secrets but the list appears empty.
I should see secrets on the settings > secrets page of a repository which I am an admin of in the forge.
To note :
When I go to settings > secrets, there is an error popping up : ": user not authorized".
The repository is placed in an organization where I have write access permissions. When I try to go back to the org by clicking on its name, the ": user not authorized" pop-up again and the list is empty.
Steps to reproduce
- Create a repository in an organization where you have write access
- Enable it on woodpecker
- Go to settings then secrets
Expected behavior
I should be able to see secrets linked to organizations and groups that I am a part of without being a Woodpecker admin on repositories that I'm a administrator of.
System Info
Woodpecker 2.8.0
Additional context
No response
Validations
- Read the docs.
- Check that there isn't already an issue that reports the same bug to avoid creating a duplicate.
- Checked that the bug isn't fixed in the
next
version already [https://woodpecker-ci.org/faq#which-version-of-woodpecker-should-i-use]
Are you an admin of the org?
No, but I do have write access on this org.
Afaik you need org admin settings to view the org's secrets. Just write is not enough. I can check that again later
If that's how it works right now, alright but shouldn't I (even as a reader) be able to see the secrets available on a repo ?
You must not be an admin of the forge
You must not be an admin of the organization
Sure. lucius
is not in owners
team or any team with org wide administration access.
lucius
is in the team-bravo
only (I've checked again)
The members of team-bravo
(lucius
) have an admin access only to the flixnet/eureka
repository: ⬆️ see specific repositories
, ⬇️ added team-bravo
to specific flixnet/eureka
repository.
lucius
is not an admin in Woodpecker either
woodpecker=# select login, admin from users;
login | admin
---------------+-------
admin | t
kate | f
john | f
lucius | f
user1 | f
(5 rows)
Therefore, I believe this perfectly matches the requirements
I should see secrets on the settings > secrets page of a repository which I am an admin of in the forge
repository which I am an admin of in the forge
I am not able to see secrets assigned to an org or groups that I am a part of in a repository where I have write access
And if we are going to analyze this sentence ⬆️ (which is kinda controversial to the previous one, BTW), then I do not have access to the repo settings (and the secrets part obviously) at all #4516 (which is right, IMO).