-
Notifications
You must be signed in to change notification settings - Fork 57
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Github Write Permissions? #192
Comments
@defensivedepth The online tools requires access in order to create an issue in the license-list-XML repository. I don't know if write access is required or if there is a lesser permission would allow for an issue to be created. If we can create issues without write access, I would be all for changing the permission request. |
@defensivedepth @rtgdk Any ideas if it is possible to create an issue without write access? If not, let's close the issue since the legal team requires the issue to be submitted with the user's github username. |
@goneall We definitely don't need "Deploy keys", "Webhooks and Services", "Wikis" and "Code" permissions to create an Issue in the license-list repo. Can you update the github app permission and try to create a dummy issue? |
Unfortunately I still don't see how I could give this app read/write access to the settings/issues/pull requests for all of my public repos - If you only need the email address, I would think you could just select that permission? |
@rtgdk @defensivedepth I will experiment with the permissions. Since we are creating an issue on behalf of the user, I believe we will need more than email permission, but I'll do some experiments and find out if there is a reduced set that will work. |
@rtgdk I did not find any settings for a finer grained access in the Github configuration. It looks like the scope of the request is set in the settings at spdx-online-tools/src/src/settings.py Line 158 in 0173b08
It is only asking for public repo and email. Let me know if you know of a way to request finer grained permissions. |
@goneall Yeah, I tried a bunch of combinations but "public_repo" access is needed for Github Oauth apps. If we move to Github Apps, they have finer-grained permissions but Oauth apps seem to have a limited no of fixed permission with no way to modify the read/write access: https://developer.github.com/apps/building-oauth-apps/understanding-scopes-for-oauth-apps/#available-scopes |
Thanks all for looking into this. You may want to consider modifying this particular workflow - you probably don't want to take on the risk of having your app have R/W access to user's public repos, just so that they can submit a request for inclusion of a new license. At this point, I will submit my request via email - |
@rtgdk Thanks for the research on this. @defensivedepth Agree with reducing the permissions. Rather than email, you could submit an issue directly to the SPDX License List XML repo rather than using the online tools app. |
@goneall Done, thanks! |
Hello there!
I am attempting to submit a new license for inclusion to the license list, using the web form at http://13.57.134.254/app/submit_new_license/
It appears that I am required to give the SPDX Online Tools app write access to all of my public repos? Can you clarify why this permission would be needed for me to submit a web form?
Thanks!
The text was updated successfully, but these errors were encountered: