Hello, I have been learning and using Tuist for a while, and a few days ago I was testing the preview feature.
First of all, I would like to share a suggestion. In the project settings, it says that preview access can only be viewed by authorized people, but there is no information about where or how these permissions can be managed.
Even if I share the preview link with another Tuist user, there is no option for them to request access. They only see that they do not have access or they get a 404 page. In this case, it would be helpful to have some explanation about how access permissions work, or an option for unauthorized users to request access when they open the preview link.
Because I could not find any information about permission management, I changed the preview to public access. After that, I noticed that when the preview is public, anyone can delete the preview, even if they are not logged in to Tuist.
Authorized across almost all of our platform means belonging to the same organization the resource is in, so the right place to invite someone to be authorized would be https://tuist.dev/{org}/members. This is already mentioned in an admonition in the documentation under “PREVIEWS’ VISIBILITY” but I’ll see if we can make it clearer across the dashboard as well.
After that, I noticed that when the preview is public, anyone can delete the preview, even if they are not logged in to Tuist.
This is most definitely a bug; public previews should be read-only. We’ll have a fix out shortly. Appreciate the report!
