I have a main repo that students are forking to do their homework. From the student's view of the repo, the list of collaborating teams is small (their individual team and my teacher team). However, from my view (as admin), there is a long list of teams with access. As a result, students are able to see within other students' private repos.
What is the correct way to manage this so that teams can fork a main repo, and limit access to that repo among teams.
Related
Is there a way to list all repositories within an organization, created or contributed to by a specific user?
For concreteness, I am a member of the organization and I am the user in question.
The organization page has a ton of repos listed and I just want to see the ones that I made.
I have 10+ teams and 50+ repos in an organization account. The goal is to group selected repos into a management unit so I can grant access to teams with fine permission.
The members of the teams will keep changing roughly monthly.
Question
Is this possible?
If not, what's the best practice?
An organization is itself a group of repositories.
You can manage team access to an organization repository or to all repositories, not to a group of repositories inside that organization.
You would need to define one organization per group of repositories in order to grant access for said groups.
On GitHub, a user can belong to multiple organizations. Is it possible for a repository to be part of multiple organizations as well?
According to this blog post by GitHub, a repository can only belong to one organization.
Creating an organization helps you centralize your organization’s code. All repositories live under the organization, and billing goes through a central organization account.
You can fork one organization's repository into another organization's space, but the original belongs to just a single organization.
When you remove a user from an organization, GitHub warns you that all their forks of the organisation's private repos will be deleted
Removing people from the XX organization will also delete their forks of any private XX-owned repositories.
And GitHub tells you how many private forks the user has but it does not tell you the repo names (even though I have permission to see them!)
It would be useful to see the repos so that I can check that they really have no outstanding, potentially useful, work left on branches (that they have not opened pull-request for).
To do it from the Web U:
Go to the people tab of the organization (https://github.com/orgs/myorg/people).
Filter/find the person.
Click their name; this will take you to https://github.com/orgs/myorg/people/theirusername, which lists all repos they have access to, including repos in the organization and forks the user has made of them.
Filter the list by their username; this will show just the forks.
This requires owner permissions for the organization.
There's a GitHub API to list all the forks. I haven't tested the API but I assume that you will get ONLY the public forks for other users and all the forks if you're the authenticated user.
If you wanted to query this on behalf of other users you can work on a GitHub Integration that would get users' permissions via OAuth and then you could store that information on your side for a whole group of people.
I don't think this is what you were asking for but additionally there's a WEB UI filter for forked repositories, e.g., https://github.com/defunkt?utf8=%E2%9C%93&tab=repositories&q=&type=fork.
I am trying to get the list of all users with push access to a repo in my organization. At first glance https://developer.github.com/v3/repos/collaborators/#list seemed like it would do the trick. Simply look through those users for permission=push. But that does not appear to return all of the users.
I am in fact using github.com/google/go-github/ to access the github API, so it is possible the problem is not in github, but in go-github. But I don't really know...
In my organization we have 2 teams. Say team1 and team2. Some people are in both team1 and 2. Some are only in one or the other. Both teams have the same (2) repositories. Team 1 has read/pull permission on the repos, team 2 has write/push.
When I call ListCollaborators() I only get those users in team1. Not the users in team2. (So when I cut that list down to only those with permission=push I end up with the intersection of team1 and 2, when in fact I want team2)
I also considered if it would be possible to just get all of the users in the organization (/v3/orgs/members/#members-list) but I could not find an API which would let me check if a user had write/push permission to a given repo. (I could also maybe list all of the teams and instead check if those had write/push access to the repo, but I don't know how to do that either)
[EDIT]
Maybe there is a better way, but I did find that I could get all of the teams in the organization, then use https://developer.github.com/v3/orgs/teams/#get-team-repo to find out if the team had write permission on the repo. I could then get the list of all users in those teams. Its ugly, but it's working.
[EDIT]
So getting all teams and all team-repos is actually insufficient. You can have "Outside contributors" with permission to push to repos which are not a member of the organization nor a member of a team. So this is still not completely answered.