new feature - adding mapping of predefined repositories to confluence user groups

[turgutbaumann]

Hi,

there is an addition to the plugin, which would enable us to use it more flexible and in a more secure manner. When we are defining "Predefined Repositories" in Git4C we would be able to assign a confluence user group to it, in order to ensure that only members of the defined groups inside the confluence space can use it. The benefit of this feature could be, that our admins can setup these Predefined Repositories and customers of our company which are only part of the group can only use the Predefined Repositories, they are allowed to. So, there would be no possibility to escalate access rights on code repositories which are not part of the project and our admin team can introduce functional plugin users. When we are using personal accounts of developers to configure the access of the plugin, then as soon as the developer is leaving the company and the account is disabled in our LDAP the confluence page won't render and the plugin will stop working. In order to avoid this behavior and to leave the control over the usage of the plugin to our admin team, this feature would be a great benefit.

[gkopij]

Hi,
good Idea.
Question: how would the page look like, when the user has access to the page but not to the repository? Would you prefer to have an error message or leave the place blank? Or just render to nothing?

[turgutbaumann]

Hi,

since the predefined repo will be configured to map to an user group in confluence, there don't have to be an error message necessarily. The idea is that user groups, which have access to a confluence space and are allowed to edit this space, can only choose files from the repos, nothing more. Users, which have the right to read pages can only see the content of the files, which are rendered by the plugin. The predefined repos shall be configured by an admin only and the rights on the repos will come from a function user in GitHub or GitLab. Mapping these predefined repos to a user group in confluence avoids an escalation of user rights and prevent user, which are not part of an group to read files from Github or GitLab, despite of the fact, that the functional user have these rights. That is the idea behind that request.