is there anything like private code reviews or self-read code comments?

Hello,

I was wondering if there is any way in which more granular and restrictive permissions could be set for a specific project in order to be able to have something like a "private code review" or "self-read code comments" or "permissions by branches".

The idea would be to have a project with multiple users where they can all work on the code adding comments and doing reviews but be able to configure who can see them or having a sort of a private session where only the user that added the comment can see it (but of course admins could see everything).

In the Hub permission configuration I see a "self-read" permission, but such kind of permission does not exist for Upsource projects.

Since revisions could be done for example per branch, it would be great to be able to even set permission by branch so maybe a particular group/role/user could work there and all others would only see the code and not the comments and reviews.

Thanks in advance.

3 comments

Hi Roberto,

Thank you for your question.

There is no such opportunity in Upsource, but could you please clarify what is the purposes of such workflow? Are there any private information added in the review, that cannot be shared with other developers? I'm asking because one of the main Upsource ideas is a team collaboration and knowledge sharing.  

Thank you for clarifying. 

0

Hi Artem, sorry for such big delay on my response.

I understand that Upsource is meant for teams and collaboration while doing reviews, but I asked thinking may be in a particular scenario : "Security auditing code review".

In such case the person doing the security audit might want to keep track of the analysis while searching for vulnerability and does not want to share details with the whole development team yet.
A feature like a "private code review" could help to achieve that and would be kind of like this plugin https://plugins.jetbrains.com/plugin/8351-code-comments where you can add comments to part of the code.

When auditing source code for security issues you always want to keep notes and details that could be very well be kept using Upsource but you don't want all other users to be able to see them (or may be share with only a certain group of people that are part of the "security" team).

I imagined that features like "private code review" or "self-read code comments" or "permissions by branches" would help to setup things in a way where you could have that workflow for a "security code review".

Thanks

0

Hi Roberto,

That makes some sense, I've just created a request, please upvote it here - https://youtrack.jetbrains.com/issue/UP-8634

In meanwhile, you can create an additional project (for security auditing purposes) and limit access to this project to the correct group of users.

0

Please sign in to leave a comment.