Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

能否最小化权限? #95

Closed
wafer-li opened this issue Jan 14, 2018 · 7 comments

Comments

@wafer-li
Copy link

commented Jan 14, 2018

目前请求的 public_repo 权限过于强大和危险。能够获取所有公有仓库的 读写权限

image

有没有办法把这个权限缩小到只有 Issue 呢?能否更进一步的将其缩小到仅针对某特定 repo 的 Issue 权限?

相关的 Issue imsun/gitment#77

@booxood

This comment has been minimized.

Copy link
Member

commented Jan 15, 2018

如果接口支持的话 很好修改。可以增加一个配置来设置 scope

目前的 oauth 接口还不支持吧?

@zhebinhu

This comment has been minimized.

Copy link

commented Mar 14, 2018

感觉像是github本身的问题,不支持更细粒度的权限划分

@ainopara

This comment has been minimized.

Copy link

commented Jun 9, 2018

可否考虑增加「评论只读,回复跳转到对应 GitHub issue」的模式,作为 GitHub 目前不支持细粒度权限的过渡方案?
现在这个权限列表太吓人了。

@bequt

This comment has been minimized.

Copy link

commented Jul 15, 2018

确实获取权限太高了,都不敢用了。

@booxood

This comment has been minimized.

Copy link
Member

commented Jul 16, 2018

目前 Github 的权限设计就是这样,具体介绍看这里:https://developer.github.com/apps/building-oauth-apps/scopes-for-oauth-apps/

@zjuturtle

This comment has been minimized.

Copy link

commented Jul 31, 2018

我有一个比较鸡贼的解决方案。就是直接新注册一个Github账号,并开一个空的项目,使用该项目的issue作为gitalk评论载体。

我的博客本体托管在 github.com/zjuturtle/zjuturtle.github.io下面。但是 gitalk 引用的则是 github.com/AnotherZjuturtle/Gitalk

@elvisw

This comment has been minimized.

Copy link

commented Jan 29, 2019

我有一个比较鸡贼的解决方案。就是直接新注册一个Github账号,并开一个空的项目,使用该项目的issue作为gitalk评论载体。

我的博客本体托管在 github.com/zjuturtle/zjuturtle.github.io下面。但是 gitalk 引用的则是 github.com/AnotherZjuturtle/Gitalk

这样根本没有意义,因为是网站获取访客的public_repo权限,不是访客获取网站的public_repo权限。你开个小号给网站托管评论,小号依然会获得访客的public_repo权限,这样访客反而会更加担心你用小号获得的权限干坏事。

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
7 participants
You can’t perform that action at this time.