MokoConsulting/MokoGitea
1
0
Fork 0
Code Issues 151 Pull Requests Actions 3 Packages Licenses 2 Releases 66 Wiki Activity

feat(permissions): section-based visibility - public units on private repos #243

Merged
jmiller merged 1 commits from feat/section-based-visibility into dev 2026-05-30 17:29:50 +00:00
Conversation 0 Commits 1 Files Changed 3
+20 -1
jmiller commented 2026-05-30 17:29:43 +00:00
Owner
Copy Link
Copy Source

Summary

Fix three gaps preventing per-unit public access on private repos:

  1. Git HTTP - allow anonymous git pull when unit has AnonymousAccessMode >= Read
  2. Permission engine - populate anonymous access modes for private repo visitors
  3. Search/explore - include private repos with public units in results

The existing settings UI at /settings/public_access and home page redirect already work.

Test plan

  • Set a private repo wiki to anonymous-read via /settings/public_access
  • Verify anonymous user can see the wiki pages
  • Verify anonymous git clone of wiki repo works
  • Verify anonymous user cannot access code
  • Verify private repo with public wiki appears in explore for anonymous users
  • Verify home page redirects to wiki when code is not accessible

Closes #238

@MokoBot (Claude Opus 4.6)

## Summary Fix three gaps preventing per-unit public access on private repos: 1. **Git HTTP** - allow anonymous git pull when unit has AnonymousAccessMode >= Read 2. **Permission engine** - populate anonymous access modes for private repo visitors 3. **Search/explore** - include private repos with public units in results The existing settings UI at /settings/public_access and home page redirect already work. ## Test plan - [ ] Set a private repo wiki to anonymous-read via /settings/public_access - [ ] Verify anonymous user can see the wiki pages - [ ] Verify anonymous git clone of wiki repo works - [ ] Verify anonymous user cannot access code - [ ] Verify private repo with public wiki appears in explore for anonymous users - [ ] Verify home page redirects to wiki when code is not accessible Closes #238 @MokoBot (Claude Opus 4.6)
jmiller added 1 commit 2026-05-30 17:29:44 +00:00
feat(permissions): section-based visibility — public units on private repos
Universal: PR Check / Build RC Package (pull_request) Blocked by required conditions
Details
Branch Policy Check / Verify merge target (pull_request) Successful in 1s
Details
Universal: PR Check / Branch Policy (pull_request) Successful in 2s
Details
PR RC Release / Build RC Release (pull_request) Successful in 2s
Details
Universal: PR Check / Validate PR (pull_request) Failing after 6s
Details
Universal: Pre-Release / Build Pre-Release (${{ inputs.stability || 'development' }}) (pull_request) Successful in 1m7s
Details
7884e2f141 
Fix three gaps that prevented per-unit public access from working on
private repositories:

1. Git HTTP handler (githttp.go): allow anonymous git pull for private
   repos when the target unit (code or wiki) has AnonymousAccessMode
   set to read. Previously only checked repo.IsPrivate.

2. Permission engine (repo_permission.go): call
   finalProcessRepoUnitPermission for anonymous users on private repos
   so that unit-level anonymous access modes are populated. Previously
   returned early with AccessModeNone, skipping anonymous mode setup.

3. Search/explore (repo_list.go): include private repos that have at
   least one unit with anonymous_access_mode > 0 in search results,
   so anonymous users can discover repos with public sections.

The existing settings UI at /settings/public_access already allows
configuring per-unit visibility. The home page redirect to the first
readable unit (e.g. wiki) also already works via checkHomeCodeViewable.

Closes #238

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
jmiller merged commit c322bfae23 into dev 2026-05-30 17:29:50 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
breaking-change
Breaking API or behavior change
 ci-cd
CI/CD pipeline changes
 config
Configuration changes
 dependencies
Dependency updates
 deploy-failure
Deployment failed
 docker
Docker/container changes
 documentation
Documentation changes
 good first issue
Good for newcomers
 health-check
Repo health check result
 help wanted
Extra attention needed
 mokostandards
Related to MokoStandards framework
 pending: testing
Feature implemented but not yet tested with documented proof
 priority: critical
Must fix immediately
 priority: high
Important, fix soon
 priority: low
Nice to have
 priority: medium
Normal priority
 push-failure
Git push operation failed
 security
Security vulnerability or hardening
 size/l
200-500 lines changed
 size/m
50-200 lines changed
 size/s
10-50 lines changed
 size/xl
500+ lines changed
 size/xs
< 10 lines changed
 standards-drift
Deviates from MokoStandards
 standards-update
MokoStandards compliance update
 status: blocked
Blocked by dependency or decision
 status: in-progress
Actively being worked on
 status: needs-review
Awaiting code review
 status: on-hold
Paused intentionally
 status: wontfix
Will not be addressed
 sync-failure
Sync or mirror failed
 tech-debt
Technical debt and TODO/FIXME items
 type: bug
Something isn't working
 type: bug
type: chore
Maintenance, dependencies, cleanup
 type: enhancement
Improvement to existing feature
 type: feature
New functionality
 type: refactor
Code restructuring without behavior change
 type: version
Version bump or release
 upstream
upstream
Inherited from upstream Gitea
 work-in-progress
Draft or incomplete work
bug
Something is not working
 chore
Maintenance and housekeeping
 documentation
Documentation improvements
 enhancement
Improvement to existing functionality
 feature
New feature or request
 pending: dependency
Blocked by another issue or external dependency
 pending: deployment
Tested and approved, awaiting deployment to production
 pending: design
Needs UI/UX or architecture design before implementation
 pending: documentation
Feature works, needs documentation/wiki update
 pending: feedback
Awaiting feedback or decision from stakeholder
 pending: review
Implementation complete, awaiting code review
 pending: testing
Feature implemented but not yet tested
 priority: critical
Must fix immediately
 priority: high
Should fix soon
 priority: low
Nice to have
 priority: medium
Fix when convenient
 refactor
Code restructuring without behavior change
 roadmap
Planned feature or enhancement tracked on the roadmap
 scope: client
Client-specific work
 scope: dolibarr
Dolibarr modules and customizations
 scope: infrastructure
Server, CI, backups, monitoring
 scope: joomla
Joomla templates and extensions
 scope: waas
MokoWaaS platform
 security
Security vulnerability or hardening
 status: blocked
Waiting on external dependency
 status: duplicate
Duplicate of another issue
 status: in-progress
Being worked on
 status: needs-review
Ready for review
 status: wontfix
Will not be addressed
No labels
Milestone
No items
No Milestone
Assignees
Clear assignees
jmiller (Jonathan Miller) moko-deploy (Moko Deploy Bot)
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: MokoConsulting/MokoGitea#243
Delete Branch "feat/section-based-visibility"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?