GitLab offers the project access levels "Guest", "Reporter", "Developer" and "Master" for "team members" co-operating with a specific project.
"Master" and "Guest" are self-explanatory, but the others aren't quite clear to me, in their extents as well as in their granularity. What is the difference between these levels?
2013: The project_security_spec.rb
test each profile capabilities, which are listed in ability.rb
:
(2017 GitLab 10.x: this would be more likely in app/policies/project_policy.rb
)
Those rules are quite explicit:
def public_project_rules
[
:download_code,
:fork_project,
:read_project,
:read_wiki,
:read_issue,
:read_milestone,
:read_project_snippet,
:read_team_member,
:read_merge_request,
:read_note,
:write_issue,
:write_note
]
end
def project_guest_rules
[
:read_project,
:read_wiki,
:read_issue,
:read_milestone,
:read_project_snippet,
:read_team_member,
:read_merge_request,
:read_note,
:write_project,
:write_issue,
:write_note
]
end
def project_report_rules
project_guest_rules + [
:download_code,
:fork_project,
:write_project_snippet
]
end
def project_dev_rules
project_report_rules + [
:write_merge_request,
:write_wiki,
:push_code
]
end
That means:
- a reporter is a guest who can also:
- download code,
- fork a project,
- write project snippet
- a developer is a reporter who can also:
- write merge request,
- write wiki pages,
- push code
These days, the access levels are well documented here: http://doc.gitlab.com/ce/permissions/permissions.html