Details
-
Suggestion
-
Resolution: Won't Do
-
None
-
None
Description
NOTE: This suggestion is for JIRA Server. Using JIRA Cloud? See the corresponding suggestion.
At the moment, JIRA activity stream will display commits from FishEye if:
- the repository's permission is configured to "anonymous". This can be prevented by configuring the repo's permission to specific group(s).
- user has permission to view the repository when each JIRA project is configured to retrieve information from different repository path using the Include/Exclude feature in FishEye.
It would be convenience for the users to have an additional configuration on the JIRA side to prevent commits messages on the Activity Stream.
One user suggests
My personal preference for the behaviour:
- global permission for "View Version Control" -> user can see commits from all projects, that he has permission for in fisheye (default: deactivated ). If activated, the system would behave as it does now..
- optional: project permission "View Version Control" => user can see only commits, that are targeted for his project ( fisheye permission is granted + jira has identified this commit as belonging to the project, i.e. commit contains issue id for this project)
This setup would avoid information leaks to jira due to anonymous access to fisheye.
In our scenario, jira is open to the internet and fisheye is not -> anonymous access to fisheye is ok for internal use, but jira should not show commits by default.
Attachments
Issue Links
- is cloned from
-
JRASERVER-27921 Users who do not have the View Version Control permission are able to see commits on the Activity Stream
-
- Closed
-
- relates to
-
- Closed