GitLab

Created by: sroth80021

There are several cases I've seen recently in which I think it would be helpful if GL had a default role (or access settings) for authenticated users known to Gitolite but otherwise unknown to GitLab.

For example, issue #1292 (closed) could be addressed by giving users read permissions at the Gitolite level, and having GitLab give these users Read access to the repo. (Reporter role or something like that)

Another example is the SSO support which GL now has -- this is a case in which users may not be known to GitLab, but can still login. The question is what role they should be mapped to for repo access.

I think this would provide a natural distinction between users 'on the team' -- listed as team members in GL, and external users 'that can see the repo' -- additional users in Gitolite.

So in short:

• if we provided a role for 'external' authenticated users (ie users listed with R access in GitoLite), Then we could:
• use this approach to distinguish between 'core team users' and 'external team members'
• have a place (a role) to specify permissions for 'external team members' as a group rather than on a per-user basis.
• have default permissions for users on login without explicitly having to give them permissions, as is the case now.

Overall, I think this option would add some nice capability in terms of distinguishing 'core' project members from 'external' people, which addresses the email issue in #1292 (closed). It also would allow for a concept of a 'default' user role (the external role). It integrates better with Gitolite-specified users/groups/@all. And it does this with very little in terms of excess configuration in GitLab (ie simple, easy-to-use).

Thoughts?