Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor scopes for user services #9159

Merged
merged 8 commits into from Nov 2, 2023
Merged

refactor scopes for user services #9159

merged 8 commits into from Nov 2, 2023

Conversation

aditya-mitra
Copy link
Collaborator

@aditya-mitra aditya-mitra commented Oct 27, 2023
edited

Summary

馃 Generated by Copilot at 6136ff2

The pull request updates the scope verification logic for various user-related services to improve security and consistency. It also adds some comments to flag potential issues with the 'admin:admin' scope. The affected files are avatar.hooks.ts, github-repo-access.hooks.ts, user.hooks.ts, accept-invite.class.ts, and identity-provider.hooks.ts.

References

refs #9161

Explanation

馃 Generated by Copilot at 6136ff2

  • Simplified scope verification logic for user service hooks using checkScope function (link, link)
  • Relaxed scope requirements for user service hooks to allow either admin or user permissions (link, link)
  • Changed scope requirements for avatar service hooks to use global avatar permissions instead of admin permissions (link, link)
  • Changed scope requirements for github-repo-access service hooks to use project permissions instead of admin permissions (link, link)
  • Added comments to accept-invite.class.ts and identity-provider.hooks.ts expressing doubts about scope logic for invitee users and users with admin scopes (link, link)

馃 Generated by Copilot at 6136ff2

We're checking scopes for every hook
We're making sure they're by the book
We're fixing bugs and cleaning code
We're heaving on the count of three

QA Steps

List any additional steps required to QA the changes of this PR, as well as any supplemental images or videos.

Checklist

  • If this PR is still a WIP, convert to a draft
  • When this PR is ready, mark it as "Ready for review"
  • ensure all checks pass
  • Changes have been manually QA'd
  • Changes reviewed by at least 2 approved reviewers

@aditya-mitra aditya-mitra marked this pull request as ready for review October 30, 2023 06:34
@barankyle barankyle added this pull request to the merge queue Nov 2, 2023
Merged via the queue into dev with commit aa4cfc1 Nov 2, 2023
13 checks passed
@barankyle barankyle deleted the refactor/user-scoping branch November 2, 2023 20:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@barankyle barankyle barankyle approved these changes

@hanzlamateen hanzlamateen Awaiting requested review from hanzlamateen

Assignees
No one assigned
Labels
verified-contributor
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@aditya-mitra @barankyle