I have a repo in GitHub and I'm trying to get a handle on what permissions have been assigned to it. I am admin on the repo.
When I call gh api "https://api.github.com/repos/:org/:repo/teams" it returns the teams which have been assigned roles. Win!
However I know that some people have direct permissions applied to their users, not through a team. I want to see who these people are but can't find out how to do so through the API. I have nearly 300 repos to check so don't want to do it manually.
I know I could look through the contributors but my whole company has read rights to the repo so it's like to be hundreds of people and that sounds painful.
Is there a more direct way that I'm missing?
Related
I have an issue, I have a team (they are added into Github package's teams list with Write perm) of external developers, I want to restrict their ability to approve each other's PRs.
Meaning other team/users should be probably a different set of perms.
How can I do it? I wasn't able to find this on Github.
PS.
I tried adding this to .github/CODEOWNERS (also enabled require owner review)
* #company/company-devs some-special-developer
but #other_company/devs <- were still able to approve
I am using Github Enterprise and would like to give other teams access to my repository.
However I don't want those teams to see the repository content, I want them to be able to see ONLY a specific file or a subdirectory (and its content).
Is that possible ?
You'll find documentation on access permissions here. The access permission model is different for repositories owned by user accounts versus those owned by organization accounts. However, in neither of those models is there a provision for providing read access to only a part of a repository. Read permission grants read access to the entire repository.
There are probably a number of creative ways to achieve the effect you're after. One would be to set up an automated process that clones your first repository, copies the files or subdirectory of interest to a second local repository, and then pushes any changes in that second repository back to GitHub Enterprise. You'd provide your other teams read access to that second repository, but not the first.
I am newbie github users and mistakenly created two github user accounts. I'm wondering how can we merge two github users account into one, including their corresponding repositories? any idea?
A quick something search will give you this:
Transfer any repositories from the account you want to delete to the account you want to keep. Issues, pull requests, and wikis are transferred as well. Verify the repositories exist on the account you want to keep.
Update the remote URLs in any local clones of the repositories that were moved.
Delete the account you no longer want to use.
We have quite a few repositories in our organization, and we are constantly adding more. We also have a few different teams - Superusers, Developers, Contractors, etc. I want every newly created repository to automatically assume default permissions, like Superusers get automatic admin access to the repo, Contractors group gets just read access, etc. Is it possible to set that up? Is there a setting somewhere that I missed? And if there's not a way to do that, is there a way to batch apply a permission for one group to all repos within an account?
Update June 2017: with nested teams, you now can associate permissions to sub-teams, which could help group of users to have the correct right regarding a repo part of the organization.
Original answer (Apr. 2016)
Is it possible to set that up?
I did not see a way through the native GitHub web GUI administration pages.
And "permission" is deprecated when creating a team.
What you could consider though is a webhook listening for a an event, like a repository event.
That script listening to the event could then use the Team API to update the permission of the teams (according to their names) for the newly created repo.
I am trying to get the list of all users with push access to a repo in my organization. At first glance https://developer.github.com/v3/repos/collaborators/#list seemed like it would do the trick. Simply look through those users for permission=push. But that does not appear to return all of the users.
I am in fact using github.com/google/go-github/ to access the github API, so it is possible the problem is not in github, but in go-github. But I don't really know...
In my organization we have 2 teams. Say team1 and team2. Some people are in both team1 and 2. Some are only in one or the other. Both teams have the same (2) repositories. Team 1 has read/pull permission on the repos, team 2 has write/push.
When I call ListCollaborators() I only get those users in team1. Not the users in team2. (So when I cut that list down to only those with permission=push I end up with the intersection of team1 and 2, when in fact I want team2)
I also considered if it would be possible to just get all of the users in the organization (/v3/orgs/members/#members-list) but I could not find an API which would let me check if a user had write/push permission to a given repo. (I could also maybe list all of the teams and instead check if those had write/push access to the repo, but I don't know how to do that either)
[EDIT]
Maybe there is a better way, but I did find that I could get all of the teams in the organization, then use https://developer.github.com/v3/orgs/teams/#get-team-repo to find out if the team had write permission on the repo. I could then get the list of all users in those teams. Its ugly, but it's working.
[EDIT]
So getting all teams and all team-repos is actually insufficient. You can have "Outside contributors" with permission to push to repos which are not a member of the organization nor a member of a team. So this is still not completely answered.