Read-only users

[amoutaux]

Hello there !

First of all thanks for your work 🙇

I use Docat to host my team documentation. All projects have a CI/CD pipeline in charge of uploading new versions of docs to Docat.

However, any user can push a new version to any project. And since the 'latest' tag is automatically applied to the last upload, it is very easy for anyone to break a project this way. This is especially true since the buttons on the Home page makes it very easy to upload a documentation, even on an already claimed project.

In other words, I want the users of the platform to be able to look through existing documentation and prevent them from doing any administrative operation.

It would be very useful to:

• Prevent uploads on a claimed project (do not require the token only for existing tags but for the whole project)
• Make it possible to remove the administrative components from the UI (maybe through an environment variable and a conditional JSX rendering ?)

If you feel like this would be a good addition, I would gladly try to implement it myself and open a pull request (else I can always use the Fork 🙈)

Thank you.

[reglim]

I like the idea. I think the easiest way to fix this would be to just require the user to provide a token for uploading a new version, as you mentioned.
Otherwise I think you'd need to have some authentication / authorization system which would drive up the complexity a lot.

@fliiiix, @randombenj What do you think about that?

[randombenj]

I think this feature is quite similar/the same as this one: #618
One alternative as mentioned in the issue is to use nginx basic auth: #618 (comment)

@fliiiix @reglim maybe we could even make this configurable for our docker continuer.

However I am also not entirely against merging vorausrobotik@abf8499 as I think the implementation would not add more complexity and this is by far the most requested feature.

[qwc]

I would love to see this. Most important part is the fact that if you put DOCAT internet facing, you do not want god and the world being able to upload/claim anything on your instance.

If it would be only for the technical documentation, i could hide all this behind a nginx authentication for the three people probably needing access. But I also want to serve the user docs through CI/CD there and I cannot expect any user of the app to enter some arbitrary credentials just to read the how-tos.

Thank you that you are already doing something for this issue.

[larrycai]

One solution I used now in k8s is to add nginx reverse-proxy as side-car for docat app.

• Simple solution: CI/CD bypass this proxy and update backend docat app directly, nginx only allow GET method to access docat. for management, u can use port-forwarding to access backend
• Auth solution: use nginx-ldap or nginx-sso solution for authentication.