You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
While writing documentation in #858 , I thought that the token model is a bit strange.
Tokens are good when used in invitation links: people can connect without knowing the private code, and so they can't change the private code in the web interface.
However, the same token can be used to change the private code through the API!
I like the feature "get access to a project without the power to change the private code", so to keep it we could:
use a different token for invitation links and for the API
when trying to change the private code through the API, ask for the current private code
The text was updated successfully, but these errors were encountered:
While writing documentation in #858 , I thought that the token model is a bit strange.
Tokens are good when used in invitation links: people can connect without knowing the private code, and so they can't change the private code in the web interface.
However, the same token can be used to change the private code through the API!
I like the feature "get access to a project without the power to change the private code", so to keep it we could:
The text was updated successfully, but these errors were encountered: