What considerations about permissions should I consider? Who can create or edit a bug? I found a component that checks if the user is logged in to decide if comments can be added or not. About what kind of login are We talking about? 🤔

MichaelMure commented: At the moment, anyone can create and edit any bugs (including comments they are not the author of). This should change in the future once the identity system become smarter. For now, maybe it's best to match whatever is possible in git-bug core?

Regarding the authentication, there is three different scenario:

1. the user might might not have an identity yet (that is, Repository.userIdentity can be nil in GraphQL). In that case we want to have a read-only UI if we don't have a user yet.
2. in the future, the webUI might be used for a public portal (possibly with external auth like github OAuth where identities would be imported in git-bug at first login). Again, we want a read-only view when we don't have a user logged in yet.
3. the webUI can be started with --read-only to force a read-only view.

So in the react code, the write-enabled part of the UI are guarded with the IfLoggedIn component.

From the webUI perspective, all those scenario don't matter really (well, at least until external auth is accepted but we are not there yet). The only concern is if there is a logged used, as defined by Repository.userIdentity in GraphQL.

• if there is a user, the UI is read/write
• if there is no user, the UI is read-only

@MichaelMure at the present moment It´s not possible to run git-bug backend in a repo without a user identity. I tried with no success. 😄 So how can We get the situation where Repository.userIdentity would be nil in GraphQL backend? 🤔

I believe starting the backend with git-bug webui --read-only will give you that behavior. In the future this situation could be more common if we have external auth and no user logged yet.

Michael Muré (MichaelMure) closed the bug 5 years ago