Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] Settings tab not available for organisation-owned projects which I administer #1445

Open
rtyley opened this issue Aug 19, 2024 · 0 comments
Open

[Bug] Settings tab not available for organisation-owned projects which I administer #1445

rtyley opened this issue Aug 19, 2024 · 0 comments
Labels
bug

Comments

@rtyley
Copy link
Contributor

rtyley commented Aug 19, 2024
edited
Loading

Current behavior

Although the Settings tab is displayed for projects which I directly own, eg:

...it is not showing on projects which are owned by organisations, and are administered by me, eg:

The guardian organisation is very large, holding over 2000 public repos (I have write access to extensive numbers of these), but the scanamo organisation is much smaller, holding just 2 repos.

Based off @adpi2's comment I've logged in to Scaladex, then waited half an hour before re-checking my access to the settings tab, which has not changed.

image image

Expected Behavior

I should be able to access the Settings tab for all repos which I administer, including ones that are organisation owned.

The Scaladex codebase regards any permission of WRITE, MAINTAIN, ADMIN as conferring sufficient permission to access the Settings:

scaladex/modules/infra/src/main/scala/scaladex/infra/GithubClientImpl.scala

Line 335 in 1d02a3b

val permissions = Seq("WRITE", "MAINTAIN", "ADMIN")

...and I do have that level of permission on those repos.

Extra comments

Access to the Settings tab is controlled by the scaladex.core.model.UserState.canEdit() method:

scaladex/modules/core/shared/src/main/scala/scaladex/core/model/UserInfo.scala

Lines 14 to 17 in 7b1e2d0

case class UserState(repos: Set[Project.Reference], orgs: Set[Project.Organization], info: UserInfo) {
def isAdmin(env: Env): Boolean = orgs.contains(Project.Organization("scalacenter")) || env.isLocal
def canEdit(githubRepo: Project.Reference, env: Env): Boolean =
isAdmin(env) || repos.contains(githubRepo)

It looks like there are missing repos that I should have in the UserState returned from the DB by scaladex.infra.SqlDatabase.getUser():

scaladex/modules/infra/src/main/scala/scaladex/infra/SqlDatabase.scala

Lines 195 to 196 in 1d02a3b

override def getUser(userId: UUID): Future[Option[UserState]] =
run(UserSessionsTable.selectById.option(userId))

This data, stored in the database, is fetched lazily (as per #1170) with information from scaladex.infra.GithubClientImpl.getUserState():

scaladex/modules/infra/src/main/scala/scaladex/infra/GithubClientImpl.scala

Lines 334 to 342 in 1d02a3b

private def getUserState(userInfo: UserInfo): Future[UserState] = {
val permissions = Seq("WRITE", "MAINTAIN", "ADMIN")
for {
organizations <- getUserOrganizations(userInfo.login)
organizationRepos <- organizations.flatTraverse { org =>
getOrganizationRepositories(userInfo.login, org, permissions)
}
userRepos <- getUserRepositories(userInfo.login, permissions)
} yield UserState(repos = organizationRepos.toSet ++ userRepos, orgs = organizations.toSet, info = userInfo)

...which calls getOrganizationRepositories():

scaladex/modules/infra/src/main/scala/scaladex/infra/GithubClientImpl.scala

Lines 227 to 238 in 1d02a3b

def getOrganizationRepositories(
user: String,
organization: Project.Organization,
filterPermissions: Seq[String]
): Future[Seq[Project.Reference]] =
for (repos <- getAllRecursively(getOrganizationProjectsPage(user, organization)))
yield {
val filtered =
if (filterPermissions.isEmpty) repos
else repos.filter(repo => filterPermissions.contains(repo.viewerPermission))
filtered.map(repo => Project.Reference.from(repo.nameWithOwner))
}

At the moment, the Scaladex is doing a GraphQL query per user-organisation. I don't know if it might be simpler/faster to use the REST API and hit the https://api.github.com/user/repos endpoint?

https://docs.github.com/en/rest/repos/repos?apiVersion=2022-11-28#list-repositories-for-the-authenticated-user

Is it necessary for the Scaladex to maintain its own datastore of repository admins?

So far as I can see, there are 3 places where the repos of UserState are used:

...only the middle one, providing the search list, really requires a full list of all repos the user administrates? If that feature was sacrificed, it's possible that the other two could be furnished by solely querying the users permissions on the repository in question - ie, if I'm visiting

Search terms

authentication
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rtyley