GitHub API如何检查用户是否具有对存储库的写访问权 [英] GitHub API How to check if user has write access to a repository
问题描述
我目前有一个机器人可以自动执行一些GitHub操作,例如合并请求请求,在打开PR时通知Slack上的工作人员这种事情(这是自定义的Hubot实例)
I currently have a bot which automates a few GitHub operations, like merging pull requests, notifying staff on Slack when a PR is opened, that kind of thing (it's a custom flavored Hubot instance)
当员工向他发出合并合并请求的命令时,他首先检查他们是否属于有权访问该存储库的团队.可以,但是代码不是很好.
When staff give him the command to merge a pull request, he firstly checks to see if they belong to a team which has write access to that repository. It works, but the code isn't great.
首先,他获取组织中的所有团队,进行遍历,获取分配给该团队的所有用户,如果他发现发出合并命令的用户,则他检查该团队是否具有写权限.如果没有,那么身份验证就很好.
First he gets all teams on the organization, loops through them, gets all users assigned to that team, if he finds the user issuing the merge command, he then checks to see if that team has write access. If not does, authentication is good.
这是最好的方法吗?我觉得这可能会简单得多.
Is this the best way to go about it? I feel like it could be much simpler.
推荐答案
更新:现在有一个GitHub API端点:
UPDATE: there is now a GitHub API endpoint for this:
https://developer.github. com/v3/repos/collaborators/#review-a-users-permission-level
老答案:目前没有比这更简单的方法了(但是我同意,如果有一种更优雅的方式来获取这些信息,那将是很好的选择).您可以通过获取用户团队来减少请求的数量和有权访问存储库的团队列表(和并非组织中的所有团队).我认为,这两个列表的交集应该可以让您回答这个问题.
OLD ANSWER: There isn't a much simpler way to do this currently (but I agree that it would be great if there was a more elegant way to get this information). You could perhaps reduce the number of requests by fetching the user's teams and the list of teams which have access to the repository (and not all teams in the organizations). The intersection of these two lists should allow you to answer the question, I think.
(此外,在您的解决方案中,请注意,您不仅需要检查用户是否是推送访问团队的成员,还需要检查此推送访问团队是否
(Also, in your solution, note that you not only have to check that the user is a member of a push-access team -- you also need to check that this push-access team has access to the repository in question. The user could have been a member of a push-access team which doesn't have access to the repository in question, and a member of a pull-access team which does have access to the repository in question.)
这篇关于GitHub API如何检查用户是否具有对存储库的写访问权的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
