forgejo/discussions
49
43

Adding people to a Forgejo org: switching to invitations? #441

Open
opened 2026年01月27日 14:07:29 +01:00 by wetneb · 1 comment
Member
Copy link

At the moment, when adding someone to an organization in a Forgejo instance:

  • if they are added by username, they get added directly to the organization
  • if they are added by email (which is a bit of a hidden feature), they get an invitation by email that they can accept or decline (whether or not they already have an account on the Forgejo instance)

I'm wondering if there would be consensus to switch to sending invitations in all cases. I'm not sure where to gather such a consensus, so I thought I would ask here. It would be a significant change, and I am not sure how to get an agreement on something like this.

I've made a small poll on Mastodon and there seemed to be a preference for sending expiring invitations.

The main issue with adding someone directly to an organization is that they did not consent to being added to the organization. If their membership is visible from the outside (which the owner of the organization can enforce), then they can be seen as part of a project that they do not support (potentially endorsing a nefarious project against their will). This also allows the org owner to view whether they have enabled 2FA, which can be seen as a privacy concern.

If this overall goal is shared among project members, then I would work towards it with incremental PRs.

At the moment, when adding someone to an organization in a Forgejo instance: * if they are added by username, they get added directly to the organization * if they are added by email (which is a bit of a hidden feature), they get an invitation by email that they can accept or decline (whether or not they already have an account on the Forgejo instance) I'm wondering if there would be consensus to switch to sending invitations in all cases. I'm not sure where to gather such a consensus, so I thought I would ask here. It would be a significant change, and I am not sure how to get an agreement on something like this. I've made [a small poll on Mastodon](https://mamot.fr/deck/@pintoch/115859913262035226) and there seemed to be a preference for sending expiring invitations. The main issue with adding someone directly to an organization is that they did not consent to being added to the organization. If their membership is visible from the outside (which the owner of the organization can enforce), then they can be seen as part of a project that they do not support (potentially endorsing a nefarious project against their will). This also allows the org owner to view whether they have enabled 2FA, which can be seen as a privacy concern. If this overall goal is shared among project members, then I would work towards it with incremental PRs.

When AUTO_WATCH_NEW_REPOS is true, it also means that one can use the current behaviour as a trick to force anyone to watch repositories, which doesn't seem ideal.

When `AUTO_WATCH_NEW_REPOS` is `true`, it also means that one can use the current behaviour as a trick to force anyone to watch repositories, which doesn't seem ideal.
Sign in to join this conversation.
No Branch/Tag specified
No results found.
No results found.
Labels
Clear labels
User research - Accessibility
Requires input about accessibility features, likely involves user testing.
User research - Blocked
Do not pick as-is! We are happy if you can help, but please coordinate with ongoing redesign in this area.
User research - Community
Community features, such as discovering other people's work or otherwise feeling welcome on a Forgejo instance.
User research - Config (instance)
Instance-wide configuration, authentication and other admin-only needs.
User research - Errors
How to deal with errors in the application and write helpful error messages.
User research - Filters
How filter and search is being worked with.
User research - Future backlog
The issue might be inspiring for future design work.
User research - Git workflow
AGit, fork-based and new Git workflow, PR creation etc
User research - Labels
Active research about Labels
User research - Moderation
Moderation Featuers for Admins are undergoing active User Research
User research - Needs input
Use this label to let the User Research team know their input is requested.
User research - Notifications/Dashboard
Research on how users should know what to do next.
User research - Rendering
Text rendering, markup languages etc
User research - Repo creation
Active research about the New Repo dialog.
User research - Repo units
The repo sections, disabling them and the "Add more" button.
User research - Security
User research - Settings (in-app)
How to structure in-app settings in the future?
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Reference
forgejo/discussions#441
Reference in a new issue
forgejo/discussions
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?