This is an automated email from the ASF dual-hosted git repository.
mappjzc pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/incubator-devlake.git
The following commit(s) were added to refs/heads/main by this push:
new b0195ba57 feat: add coarse-grained permission checking (#4739)
b0195ba57 is described below
commit b0195ba57792c861a1b6e5598150a50e788fb096
Author: abeizn <[email protected]>
AuthorDate: Wed Mar 22 16:50:02 2023 +0800
feat: add coarse-grained permission checking (#4739)
---
backend/plugins/github/api/connection.go | 20 ++++++++++++++++++--
1 file changed, 18 insertions(+), 2 deletions(-)
diff --git a/backend/plugins/github/api/connection.go
b/backend/plugins/github/api/connection.go
index 4c7697b98..b7c636125 100644
--- a/backend/plugins/github/api/connection.go
+++ b/backend/plugins/github/api/connection.go
@@ -29,7 +29,7 @@ import (
"github.com/apache/incubator-devlake/server/api/shared"
)
-var RequirePermission = []string{"repo:status", "repo_deployment",
"read:user", "read:org"}
+var requirePermission = []string{"repo:status", "repo_deployment",
"read:user", "read:org"}
type GithubTestConnResponse struct {
shared.ApiBody
@@ -75,8 +75,24 @@ func TestConnection(input *plugin.ApiResourceInput)
(*plugin.ApiResourceOutput,
// for github classic token, check permission
if strings.HasPrefix(conn.Token, "ghp_") {
scopes := res.Header.Get("X-OAuth-Scopes")
- for _, permission := range RequirePermission {
+ for _, permission := range requirePermission {
if !strings.Contains(scopes, permission) {
+ if permission == "repo:status" || permission ==
"repo_deployment" {
+ // If the missing permission is
repo:status or repo_deployment, check if the repo permission is present
+ if strings.Contains(scopes, "repo") {
+ continue
+ }
+ }
+ if permission == "read:user" {
+ if strings.Contains(scopes, "user") {
+ continue
+ }
+ }
+ if permission == "read:org" {
+ if strings.Contains(scopes,
"admin:org") {
+ continue
+ }
+ }
return nil, errors.BadInput.New("insufficient
token permission")
}
}
