Comments (8)
UdaySagar-Git
commented on July 21, 2024
@rithviknishad can you please assign this to me !
from leaderboard.
rithviknishad
commented on July 21, 2024
This may be an opt-in feature. To be disabled by default and would be disabled for this org's deployment too.
How would you validate a user is allowed to access the deployment?
from leaderboard.
UdaySagar-Git
commented on July 21, 2024
How would you validate a user is allowed to access the deployment?
- The feature will be disabled by default, and all routes related to authentication (/api/auth) will redirect to the home page if it's disabled.
- The user needs to manually change a flag like (ENABLE_AUTHENTICATION=true) in the environment variables to enable authentication.
- If a user has enabled this flag, they need to provide a client ID and secret from their own OAuth.
from leaderboard.
rithviknishad
commented on July 21, 2024
Let's say an organization A that has private repositories and their leaderboard is set to include those information, how would you validate if a person is from org. A?
from leaderboard.
UdaySagar-Git
commented on July 21, 2024
That might be a bit tricky!
- One thing we can do is domain specific validation ([email protected]).
- Only the users present in the data repository will be validated or allowed.
- We can add something like a request for access, which creates a PR similar to what we have for updating profiles. If and only if the pr gets merged, then the user will get access.
from leaderboard.
dgparmar14
commented on July 21, 2024
I have one suggestion,
Instead of implementing register/login functionality, let's consider adding a toggle on the homepage to switch between private and public repositories. When a visitor toggles to view private repositories, we'll then validate whether the visitor is allowed access.
It is less complicated i guess.
from leaderboard.
UdaySagar-Git
commented on July 21, 2024
@rithviknishad , can we have a separate endpoint that is only accessible to the owner? The owner's email will be placed in the env , and the user with that email can access a route where the owner can add users' emails to allow them access to the website. I think we can somehow have write access permissions for the data repository directly using GitHub's new fine-grained PAT and update the data repository using Octokit.
, Also, we can directly update a specific file, such as allowedUsers, from the web using Octokit.
from leaderboard.
UdaySagar-Git
commented on July 21, 2024
@dgparmar14 we need authentication to verify the users who will have access to private repositories, right?
The problem here is how we're going to allow which users will have access to private repositories
Let me know if you have any ideas on how this can be achieved
from leaderboard.
Related Issues (20)
- Readme Update HOT 2
- Footer doesn't respect the theme. HOT 2
- Lets skill the scroll for activity HOT 1
- We should have an option to make the pages optional; HOT 1
- Implement Lazy load in contributers profile page HOT 2
- Incorrect week summary in leaderboard
- Optimizing /people route HOT 7
- Issue with rendering relative time in server side (ISR/pre-render)
- FIlter Events In Feed Page HOT 1
- Page for new contributors to contribute to OHC HOT 5
- Feature of Issue-froms
- Search icon misaligned in leaderboard search bar HOT 1
- Redesign Footer to Include More Information about the Organization
- Support for Loading Animation when filters are updated HOT 1
- Enhancements to Slack Activities Bot
- Ensure a general update is only added once, and prevent duplicate entries due to Slack's unpredictable retires.
- Ensure App Home update requests are rate-limited to avoid exhaustion of github's rate limit.
- Ensure app home updates are not triggered only for home tab
- Activities Bot: User/Channel Mentions and emoji's are not formatted in Rich Text Section
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from leaderboard.