The access management in GitLab (and the GitSearch Application) is as follows:
1. All projects in GitLab are inspected on meta data information and indexed accordingly.
a. If the project is in the sharing-hierachy, the meta data is obligatory and the committing user get's an error message mail in this case
b. If the project is not part of the sharing-hierachy, the meta data is voluntary. The committing user only get's an error message mail if the data is inconsistent. The project is indexed, if correct meta data is available.
2. All **public** projects are directly presented to the user.
3. There is an extra group "teacher", which contains all verified teachers (as guests). This group can be added to any project / group to give the read access to the respective projects.
- Also other groups can be added to groups and individual projects
4. During indexing all groups that have at least guest access to the project are collected and stored additionally to the meta data.
- It is still open, whether we also want to support personal (user) access to the project.
5. During search, the request is filtered by the groups assigned to the user.
- Additionally the user id may be used during search for access rights (if personal access is supported).
