14

I currently have a bot which automates a few GitHub operations, like merging pull requests, notifying staff on Slack when a PR is opened, that kind of thing (it's a custom flavored Hubot instance)

When staff give him the command to merge a pull request, he firstly checks to see if they belong to a team which has write access to that repository. It works, but the code isn't great.

First he gets all teams on the organization, loops through them, gets all users assigned to that team, if he finds the user issuing the merge command, he then checks to see if that team has write access. If not does, authentication is good.

Is this the best way to go about it? I feel like it could be much simpler.

lukerollans
  • 362
  • 1
  • 5
  • 13

2 Answers2

11

UPDATE: there is now a GitHub API endpoint for this:

https://docs.github.com/en/rest/reference/collaborators#check-if-a-user-is-a-repository-collaborator

OLD ANSWER: There isn't a much simpler way to do this currently (but I agree that it would be great if there was a more elegant way to get this information). You could perhaps reduce the number of requests by fetching the user's teams and the list of teams which have access to the repository (and not all teams in the organizations). The intersection of these two lists should allow you to answer the question, I think.

(Also, in your solution, note that you not only have to check that the user is a member of a push-access team -- you also need to check that this push-access team has access to the repository in question. The user could have been a member of a push-access team which doesn't have access to the repository in question, and a member of a pull-access team which does have access to the repository in question.)

ariv797
  • 43
  • 7
Ivan Zuzak
  • 18,068
  • 3
  • 69
  • 61
  • @lukerollins I just updated the answer with a link to a new endpoint which allows you to do this: https://developer.github.com/v3/repos/collaborators/#review-a-users-permission-level – Ivan Zuzak Dec 15 '16 at 14:27
1

My company uses Github enterprise.

This API Docs link helped

GET /repos/:owner/:repo/collaborators/:username

If user has access you would get a response similar to

Status: 204 No Content

X-RateLimit-Limit: 5000

X-RateLimit-Remaining: 4999

Community
  • 1
  • 1
suryakrupa
  • 3,852
  • 1
  • 25
  • 34
  • As noted in http://stackoverflow.com/questions/20733221/determine-a-collaborators-permissions-to-an-organization-repos-via-the-api this is not enough to distinguish access modes, in case some teams are given pull access and others greater access. For some applications it may not matter. – Jesse Glick Mar 07 '16 at 20:14
  • The workaround is to enumerate all `/repos/:owner/:repo/collaborators`, searching for a match with the given user and then checking `permissions`, but this is inefficient especially since paging might force you to make multiple requests. I contacted GitHub and a representative agreed that they might consider an API dedicated to this purpose. – Jesse Glick Mar 15 '16 at 17:18