Question: Permissions per project

[chkp-baselz]

Hey,

I have a question if I could grant view for projects only for specific users, My Opengrok already has LDAP authentaction.

[vladak]

Hi, could you expand a bit ? How would an example of such policy look like ?

It is definitely possible to restrict the users for given project to a set determined e.g. by LDAP filter or a whitelist but perhaps you have something different in mind.

[chkp-baselz]

Hey Vlad,
Thnx for your answer

Let's say I have 10 projects under OpenGrok.
_I want to restrict 3 of them someone(only he could see projects/src)
_2 other project to be restriced to somone else.
_5 projects can see by all.

[vladak]

With the LDAP authentication in place, I assume there are some headers available to Tomcat and therefore OpenGrok that carry the username/ID.

The authorization stack would look like this:

UserPlugin (with UserPrincipalDecoder)
  UserWhitelistPlugin (forProject A, using a whitelist that contains list of authorized users)
  ... more UserWhitelistPlugin instances, for each distinct set of authorized users / project
  TruePlugin (for projects that should be visible for everyone)

See https://github.com/oracle/opengrok/wiki/Authorization-plugins

[vladak]

Please continue in Discussions.