Commit 08fdc37b41d32def049d2a89b92a6252e09a49b2
1 parent
ee1d6a07
Exists in
master
and in
1 other branch
Allow configuration of GitHub permissions (turn on/off access to creating GitHub…
… issues for public/private/no repos)
Showing
7 changed files
with
38 additions
and
12 deletions
Show diff stats
README.md
| ... | ... | @@ -202,9 +202,17 @@ After you have followed these instructions, you will be able to **Sign in with G |
| 202 | 202 | |
| 203 | 203 | You will also be able to link your GitHub profile to your user account on your **Edit profile** page. |
| 204 | 204 | |
| 205 | -If you have signed in with GitHub, or linked your GitHub profile, | |
| 206 | -you are able to create an issue on GitHub if the App has a GitHub repo configured. | |
| 207 | -You will also be able to create an issue on a configured issue trackers. | |
| 205 | +If you have signed in with GitHub, or linked your GitHub profile, and the App has a GitHub repo configured, | |
| 206 | +then you will be able to create issues on GitHub. | |
| 207 | +You will still be able to create an issue on the App's configured issue tracker. | |
| 208 | + | |
| 209 | +You can change the requested account permissions by setting `github_access_scope` to: | |
| 210 | + | |
| 211 | +<table> | |
| 212 | + <tr><th>['repo'] </th><td>Allow creating issues for public and private repos.</td></tr> | |
| 213 | + <tr><th>['public_repo'] </th><td>Only allow creating issues for public repos.</td></tr> | |
| 214 | + <tr><th>[] </th><td>No permission to create issues on any repos.</td></tr> | |
| 215 | +</table> | |
| 208 | 216 | |
| 209 | 217 | |
| 210 | 218 | **Configuring LDAP authentication:** | ... | ... |
app/controllers/users/omniauth_callbacks_controller.rb
| ... | ... | @@ -8,21 +8,17 @@ class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController |
| 8 | 8 | if current_user |
| 9 | 9 | # ... unless a user is already registered with same github login |
| 10 | 10 | if github_user && github_user != current_user |
| 11 | - flash[:error] = "User already registered with GitHub login '#{github_login}'" | |
| 11 | + flash[:error] = "User already registered with GitHub login '#{github_login}'!" | |
| 12 | 12 | else |
| 13 | 13 | # Add github details to current user |
| 14 | - current_user.update_attributes( | |
| 15 | - :github_login => github_login, | |
| 16 | - :github_oauth_token => github_token | |
| 17 | - ) | |
| 14 | + update_user_with_github_attributes(current_user, github_login, github_token) | |
| 18 | 15 | flash[:success] = "Successfully linked GitHub account!" |
| 19 | 16 | end |
| 20 | 17 | # User must have clicked 'link account' from their user page, so redirect there. |
| 21 | 18 | redirect_to user_path(current_user) |
| 22 | 19 | elsif github_user |
| 23 | 20 | # Store OAuth token |
| 24 | - github_user.update_attribute :github_oauth_token, github_token | |
| 25 | - | |
| 21 | + update_user_with_github_attributes(github_user, github_login, github_token) | |
| 26 | 22 | flash[:success] = I18n.t "devise.omniauth_callbacks.success", :kind => "GitHub" |
| 27 | 23 | sign_in_and_redirect github_user, :event => :authentication |
| 28 | 24 | else |
| ... | ... | @@ -30,4 +26,13 @@ class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController |
| 30 | 26 | redirect_to new_user_session_path |
| 31 | 27 | end |
| 32 | 28 | end |
| 29 | + | |
| 30 | + private | |
| 31 | + | |
| 32 | + def update_user_with_github_attributes(user, login, token) | |
| 33 | + user.update_attributes( | |
| 34 | + :github_login => login, | |
| 35 | + :github_oauth_token => token | |
| 36 | + ) | |
| 37 | + end | |
| 33 | 38 | end | ... | ... |
app/models/user.rb
app/views/errs/_issue_tracker_links.html.haml
| ... | ... | @@ -6,7 +6,7 @@ |
| 6 | 6 | %span.disabled= link_to 'creating...', '#', :class => "#{@problem.issue_type}_inactive create-issue" |
| 7 | 7 | = link_to 'retry', create_issue_app_err_path(@app, @problem), :method => :post |
| 8 | 8 | - else |
| 9 | - - if current_user.github_account? && @app.github_repo? | |
| 9 | + - if current_user.can_create_github_issues? && @app.github_repo? | |
| 10 | 10 | %span= link_to 'create issue', create_issue_app_err_path(@app, @problem, :tracker => 'user_github'), :method => :post, :class => "github_create create-issue" |
| 11 | 11 | - if @app.issue_tracker_configured? && !@app.issue_tracker.is_a?(GithubIssuesTracker) |
| 12 | 12 | %span= link_to 'create issue', create_issue_app_err_path(@app, @problem), :method => :post, :class => "#{@app.issue_tracker.label}_create create-issue" | ... | ... |
config/config.example.yml
| ... | ... | @@ -61,6 +61,11 @@ deployment: |
| 61 | 61 | github_authentication: false |
| 62 | 62 | github_client_id: 'GITHUB_CLIENT_ID' |
| 63 | 63 | github_secret: 'GITHUB_SECRET' |
| 64 | +# GitHub Permissions to request from user | |
| 65 | +# ['repo'] - Allow creating issues for public and private repos. | |
| 66 | +# ['public_repo'] - Only allow creating issues for public repos. | |
| 67 | +# [] - No permission to create issues on any repos. | |
| 68 | +github_access_scope: ['repo'] | |
| 64 | 69 | |
| 65 | 70 | # Configure SMTP settings. If you are running Errbit on Heroku, |
| 66 | 71 | # sendgrid will be configured by default. | ... | ... |
config/initializers/_load_config.rb
| ... | ... | @@ -17,6 +17,7 @@ unless defined?(Errbit::Config) |
| 17 | 17 | Errbit::Config.github_authentication = ENV['GITHUB_AUTHENTICATION'] |
| 18 | 18 | Errbit::Config.github_client_id = ENV['GITHUB_CLIENT_ID'] |
| 19 | 19 | Errbit::Config.github_secret = ENV['GITHUB_SECRET'] |
| 20 | + Errbit::Config.github_access_scope = ENV['GITHUB_ACCESS_SCOPE'].split(',').map(&:strip) if ENV['GITHUB_ACCESS_SCOPE'] | |
| 20 | 21 | |
| 21 | 22 | Errbit::Config.smtp_settings = { |
| 22 | 23 | :address => "smtp.sendgrid.net", | ... | ... |
config/initializers/devise.rb
| ... | ... | @@ -119,7 +119,10 @@ Devise.setup do |config| |
| 119 | 119 | # config.sign_out_all_scopes = false |
| 120 | 120 | |
| 121 | 121 | if Errbit::Config.github_authentication || Rails.env.test? |
| 122 | - config.omniauth :github, Errbit::Config.github_client_id, Errbit::Config.github_secret, :scope => 'repo' | |
| 122 | + config.omniauth :github, | |
| 123 | + Errbit::Config.github_client_id, | |
| 124 | + Errbit::Config.github_secret, | |
| 125 | + :scope => Errbit::Config.github_access_scope.join(",") | |
| 123 | 126 | end |
| 124 | 127 | |
| 125 | 128 | # ==> Navigation configuration | ... | ... |