4

I want to configure access rights in a gitlab project so that everybody can view/clone/download files, but only I can write any file in the project.

In my understanding there is the role Guest, which should be configured to have readonly access. How? Second, somewhere should be configured that all users (except me) has role Guest. How?

I don't get it. In project configuration I can switch "View and edit files in this project", which is clearly not what I want, since I want to distinguish read and write access.

jonrsharpe
  • 115,751
  • 26
  • 228
  • 437
Frank Endriss
  • 120
  • 3
  • 10
  • 2
    If the project is public, that's what you already have. – jonrsharpe Jan 16 '19 at 08:01
  • If my project is public, I can choose to switch "View and edit files in this projekt" to on or of. I i switch to on, I can edit/commit files without login, if I switch to off I cannot see any file without logging in. What I want is _seeing_ files whithout login, but not being able to edit/comit files without login. – Frank Endriss Jan 16 '19 at 12:35
  • If you want to make only one user read-only, the ["Reporter" access level](https://docs.gitlab.com/ee/user/permissions.html) may work for you. It gives read permissions but not the ability to push to non-protected branches, for example. – Josiah Yoder Jan 11 '22 at 15:15

2 Answers2

3

Try following these steps to restrict write access to you:

  1. Settings > General > Visibility, project features, permissions > Project visibility: public
  2. Settings > General > Visibility, project features, permissions > Repository > View and edit files in this project. Non-project members have only read access: Everyone With Access
  3. Settings > Repository > Protected branches > Protect a branch:
    • Branch: select all branches via the * wildcard
    • Allowed to merge: Maintainers
    • Allowed to push: Maintainers

Step 1 makes your repository discoverable, but no files are shown.
Step 2 makes your files visible to everyone (no need to login to view files) but a logged user can make edits (being a guest user).
Step 3 restricts editing to the repository maintainers (just you, by default).

Tilt
  • 647
  • 1
  • 10
  • 23
0

Set the project as public. Only members will be able to push content if you select "View and edit files in this project" to "Only Project Members".

Guest members are still members, and you control who you add to your project.

Ref. https://gitlab.com/help/user/permissions

djuarezg
  • 2,307
  • 2
  • 20
  • 34
  • See above. Project is set to public. Then I have the choice of "View and edit files in this project" set to on or off. Case on Guest can read _and_ write files, case off Guest can not read nor write files. Both cases is not what I want. – Frank Endriss Jan 16 '19 at 12:42
  • Guest members are still members of your project. Set the "View and edit files in this project" to Only members of this project. – djuarezg Jan 16 '19 at 12:55
  • No, there are no other members, just me. All others users are logged into the platform or not. In my understanding a Guest is somebody who is not logged in, but that may be wrong. However, I want somebody who is not logged in to be able to _see_ the files in my project, but not beeing able to _edit_ files in my project. – Frank Endriss Jan 16 '19 at 12:59
  • A Guest is a member of the project, check the reference link I provided. This means that the only member will be you, while the rest of the users will not be part of your project but since it is public they are able to see it. With the configuration I proposed you get what you want, that is how I actually configure my project. – djuarezg Jan 16 '19 at 14:33
  • 1
    My first understanding was the same as @Frank: If you grant `Everyone with Access` the right to `View and edit files in this project`, then everyone will be able to change that project, even users not logged in. But that description is misleading. Non-members (in @Frank's case everyone except him) will only have guest rights, that means they will not be able to write to @Frank's repo. – Jakob Mar 05 '20 at 15:03