Skip to content

authz: perms syncing use `external_service_repos` for user code host connections

Warren Gifford requested to merge core/sync-user-repo-perms-COREAPP-142 into main

Created by: unknwon

Cloud customers should only see private repositories that they have added themselves through a customer-added code host connection, even if another customer added a repository via another code host connection that would normally permit visibility. This helps ensure that customers have confidence in the security of their repositories.

This change shifts toward using the external_service_repos table as a source of truth for repo permissions for user-added code host connections. For a <repo_id, user_id> pair to be present in the table, the customer by definition has proven that they have sufficient rights to read the repository. Relying on this table avoids a flip-flop situation where a repo would be visible but then be hidden when user permissions are synced from the code host using tokens of lower privilege (e.g. ones that can't see private repos).

fixes https://sourcegraph.atlassian.net/browse/COREAPP-142

Co-authored-by: flying-robot [email protected] Co-authored-by: Indradhanush Gupta [email protected]

Merge request reports

Loading