Require less permissions for Zappr

[prayerslayer]

It should be possible to give Zappr only a minimal set of permissions initally and then upgrade.

Braindumping how it could work

• Store consented scopes in a new column in User (first* db migration!)
• Change config options to accomodate new premium/advanced/god mode.
• Set cookie to indicate that god mode is used.
• Dropdown in nav header to change mode.
• Bonus points: When a check is enabled, it should then show a) who the token belongs to and b) what scopes it has / which mode it was created for and c) if it's valid (see below).
• Figure out how to obtain consented scopes, should somehow work with the passport plugin: Does not currently work with the passport plugin. Workaround: Make HTTP request to Github API with token, read X-OAuth-Scopes response header.
• Figure out how we can change consented scopes: Just do another login with more scopes. This won't work for removing scopes though, the users will have to revoke access (effectively invalidating all previously issued tokens) and log in again.
• Figure out what happens to the old token when a user changes modes: Nothing, stays valid.

[ePaul]

I agree with this ... I don't really feel comfortable with giving some application write access to all my repositories, or admin access to hooks (for all my repositories). (Even if that application is hosted by Zalando, which I know is trustworthy.)

It should be possible to request the permissions just for those repositories for which they are needed (I'm not installing zappr for all my private repos, just some Zalando ones), and just for the time it is needed. (The admin permissions are only needed while installing/uninstalling, right?)

Do we really need write access to the repo to get the list of contributors? Could I remove that permission when not using this feature in my .zappr.yaml, and not using the branch creation feature? (I don't really see this branch creation thing as valuable – not every issue needs a branch, and often those branches should have a different name anyways, or will be on some forked repository.)

[prayerslayer]

It should be possible to request the permissions just for those repositories for which they are needed

Yeah, but the Github API doesn't work that way. Either we get access to all public repos or all public and private repos.

Could I remove that permission when not using this feature in my .zappr.yaml

Yes, that would work.

The main obstacle is that it would take some work to get the UX of all this right.

[ePaul]

It should be possible to request the permissions just for those repositories for which they are needed

Yeah, but the Github API doesn't work that way. Either we get access to all public repos or all public and private repos.

Hmm, so Github has a too limited permission model here :-(

(I did have a look to find if there is some public feature request tracker for Github, but didn't find any.)