Skip to content

UI indicator when user permissions have not yet synced

Created by: mike-r-mclaughlin

Requested by: https://github.com/sourcegraph/accounts/issues/6716 via Slack thread

Feature request description

Add an indicator in the UI when the user logs in (or performs a search) and their permissions have not yet fully synced. This will indicate to the user that they should expect some matches to not be available in the search results until they see this indicator is gone.

Notes on our understanding of syncing (please correct if there is anything missing/wrong):

Sourcegraph gets user perms from GHE in two ways:

  • Background sync: Sourcegraph polls the GHE server periodically to update its cached permissions table from the perms defined in GHE. This is preferable, because it enables a seamless experience for the user.
  • User login sync: When a user logs into Sourcegraph using GHE Auth, Sourcegraph is able to read that user’s perms, and update its cached permissions table. This process can take a few minutes, so that user’s first login may not show repos to exist for that user until their perms are synced, and future logins will take a moment to update any added / removed perms.
  • For background sync to work / for GHE to respond to Sourcegraph with the list of users who have read access to a repo, any one of these need to be true:
    • The repo is Public
    • The service account is an Owner of the GHE org that owns the repo
    • The service account is assigned write access to the repo
  • The impact of background sync not working, is that users may need to wait a moment or two after logging in, to see code / search results from Private or Internal repos.
    • For example, User A shares a Sourcegraph link with User B, user B clicks on that link, logs into Sourcegraph, and sees an error message that the repo doesn’t exist.

Is your feature request related to a problem? If so, please describe.

The most obvious time when this matters is the first login. The user will login for the first time and potentially be missing results (for repositories that they have access to but have not yet synced). This means the user might have a bad first impression of Sourcegraph.

Describe alternatives you've considered.

Use a token that has access to all repositories. This allows all repository syncing to occur in background and not require a user token. However, this requires higher level permissions than most customers are comfortable with.

/cc @sourcegraph/iam