Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cannot see org/group linked secrets on repo despite having write access #4543

Open
3 tasks done
tagnelli opened this issue Dec 9, 2024 · 8 comments
Open
3 tasks done
Labels
bug Something isn't working

Comments

@tagnelli
Copy link

tagnelli commented Dec 9, 2024

Component

web-ui

Describe the bug

Hi,

I am not able to see secrets assigned to an org or groups that I am a part of in a repository where I have write access.

I can see secrets if I'm set as a Woodpecker administrator, as a regular user, I can use those secrets but the list appears empty.

I should see secrets on the settings > secrets page of a repository which I am an admin of in the forge.

To note :
When I go to settings > secrets, there is an error popping up : ": user not authorized".
The repository is placed in an organization where I have write access permissions. When I try to go back to the org by clicking on its name, the ": user not authorized" pop-up again and the list is empty.

Steps to reproduce

  1. Create a repository in an organization where you have write access
  2. Enable it on woodpecker
  3. Go to settings then secrets

Expected behavior

I should be able to see secrets linked to organizations and groups that I am a part of without being a Woodpecker admin on repositories that I'm a administrator of.

System Info

Woodpecker 2.8.0

Additional context

No response

Validations

  • Read the docs.
  • Check that there isn't already an issue that reports the same bug to avoid creating a duplicate.
  • Checked that the bug isn't fixed in the next version already [https://woodpecker-ci.org/faq#which-version-of-woodpecker-should-i-use]
@tagnelli tagnelli added the bug Something isn't working label Dec 9, 2024
@qwerty287
Copy link
Contributor

Are you an admin of the org?

@tagnelli
Copy link
Author

tagnelli commented Dec 9, 2024

No, but I do have write access on this org.

@qwerty287
Copy link
Contributor

Afaik you need org admin settings to view the org's secrets. Just write is not enough. I can check that again later

@tagnelli
Copy link
Author

If that's how it works right now, alright but shouldn't I (even as a reader) be able to see the secrets available on a repo ?

@zc-devs
Copy link
Contributor

zc-devs commented Dec 10, 2024

Cannot reproduce on next-21755bef4e.

I should see secrets on the settings > secrets page of a repository which I am an admin of in the forge.

I am an admin in the forge
Screenshot 2024-12-10 1
Screenshot 2024-12-10 2

of a repository
Screenshot 2024-12-10 3

I can see secrets on the settings page
Screenshot 2024-12-10 4

@qwerty287
Copy link
Contributor

qwerty287 commented Dec 10, 2024

@zc-devs You must not be an admin of the forge nor the organisation

@zc-devs
Copy link
Contributor

zc-devs commented Dec 10, 2024

You must not be an admin of the forge

Sure
Screenshot 2024-12-10 1

You must not be an admin of the organization

Sure. lucius is not in owners team or any team with org wide administration access.

lucius is in the team-bravo only (I've checked again)

Screenshot 2024-12-10 2

The members of team-bravo (lucius) have an admin access only to the flixnet/eureka repository: ⬆️ see specific repositories, ⬇️ added team-bravo to specific flixnet/eureka repository.

Screenshot 2024-12-10 3

lucius is not an admin in Woodpecker either

woodpecker=# select login, admin from users;
     login     | admin
---------------+-------
 admin         | t
 kate          | f
 john          | f
 lucius        | f
 user1         | f
(5 rows)

Therefore, I believe this perfectly matches the requirements

I should see secrets on the settings > secrets page of a repository which I am an admin of in the forge
repository which I am an admin of in the forge


I am not able to see secrets assigned to an org or groups that I am a part of in a repository where I have write access

And if we are going to analyze this sentence ⬆️ (which is kinda controversial to the previous one, BTW), then I do not have access to the repo settings (and the secrets part obviously) at all #4516 (which is right, IMO).

@tagnelli
Copy link
Author

Hi !
What I don't understand is that, as long as I'm able to access settings of a repository on woodpecker, I think I should be allowed to see all the secrets that are available to this repository.

Which isn't the case for me :
screenshot-11-12-24-16-19-10

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

3 participants