From 08fdc37b41d32def049d2a89b92a6252e09a49b2 Mon Sep 17 00:00:00 2001 From: Nathan Broadbent Date: Tue, 5 Jun 2012 10:58:34 +1200 Subject: [PATCH] Allow configuration of GitHub permissions (turn on/off access to creating GitHub issues for public/private/no repos) --- README.md | 14 +++++++++++--- app/controllers/users/omniauth_callbacks_controller.rb | 19 ++++++++++++------- app/models/user.rb | 4 ++++ app/views/errs/_issue_tracker_links.html.haml | 2 +- config/config.example.yml | 5 +++++ config/initializers/_load_config.rb | 1 + config/initializers/devise.rb | 5 ++++- 7 files changed, 38 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 42f0192..5ea870a 100644 --- a/README.md +++ b/README.md @@ -202,9 +202,17 @@ After you have followed these instructions, you will be able to **Sign in with G You will also be able to link your GitHub profile to your user account on your **Edit profile** page. -If you have signed in with GitHub, or linked your GitHub profile, -you are able to create an issue on GitHub if the App has a GitHub repo configured. -You will also be able to create an issue on a configured issue trackers. +If you have signed in with GitHub, or linked your GitHub profile, and the App has a GitHub repo configured, +then you will be able to create issues on GitHub. +You will still be able to create an issue on the App's configured issue tracker. + +You can change the requested account permissions by setting `github_access_scope` to: + + + + + +
['repo'] Allow creating issues for public and private repos.
['public_repo'] Only allow creating issues for public repos.
[] No permission to create issues on any repos.
**Configuring LDAP authentication:** diff --git a/app/controllers/users/omniauth_callbacks_controller.rb b/app/controllers/users/omniauth_callbacks_controller.rb index 7b629e8..adfdf63 100644 --- a/app/controllers/users/omniauth_callbacks_controller.rb +++ b/app/controllers/users/omniauth_callbacks_controller.rb @@ -8,21 +8,17 @@ class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController if current_user # ... unless a user is already registered with same github login if github_user && github_user != current_user - flash[:error] = "User already registered with GitHub login '#{github_login}'" + flash[:error] = "User already registered with GitHub login '#{github_login}'!" else # Add github details to current user - current_user.update_attributes( - :github_login => github_login, - :github_oauth_token => github_token - ) + update_user_with_github_attributes(current_user, github_login, github_token) flash[:success] = "Successfully linked GitHub account!" end # User must have clicked 'link account' from their user page, so redirect there. redirect_to user_path(current_user) elsif github_user # Store OAuth token - github_user.update_attribute :github_oauth_token, github_token - + update_user_with_github_attributes(github_user, github_login, github_token) flash[:success] = I18n.t "devise.omniauth_callbacks.success", :kind => "GitHub" sign_in_and_redirect github_user, :event => :authentication else @@ -30,4 +26,13 @@ class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController redirect_to new_user_session_path end end + + private + + def update_user_with_github_attributes(user, login, token) + user.update_attributes( + :github_login => login, + :github_oauth_token => token + ) + end end diff --git a/app/models/user.rb b/app/models/user.rb index c1611b2..4a3034e 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -48,6 +48,10 @@ class User github_login.present? && github_oauth_token.present? end + def can_create_github_issues? + github_account? && Errbit::Config.github_access_scope.include?('repo') + end + protected def destroy_watchers diff --git a/app/views/errs/_issue_tracker_links.html.haml b/app/views/errs/_issue_tracker_links.html.haml index 9ca6d92..28f17ef 100644 --- a/app/views/errs/_issue_tracker_links.html.haml +++ b/app/views/errs/_issue_tracker_links.html.haml @@ -6,7 +6,7 @@ %span.disabled= link_to 'creating...', '#', :class => "#{@problem.issue_type}_inactive create-issue" = link_to 'retry', create_issue_app_err_path(@app, @problem), :method => :post - else - - if current_user.github_account? && @app.github_repo? + - if current_user.can_create_github_issues? && @app.github_repo? %span= link_to 'create issue', create_issue_app_err_path(@app, @problem, :tracker => 'user_github'), :method => :post, :class => "github_create create-issue" - if @app.issue_tracker_configured? && !@app.issue_tracker.is_a?(GithubIssuesTracker) %span= link_to 'create issue', create_issue_app_err_path(@app, @problem), :method => :post, :class => "#{@app.issue_tracker.label}_create create-issue" diff --git a/config/config.example.yml b/config/config.example.yml index 3edbfaf..09286a9 100644 --- a/config/config.example.yml +++ b/config/config.example.yml @@ -61,6 +61,11 @@ deployment: github_authentication: false github_client_id: 'GITHUB_CLIENT_ID' github_secret: 'GITHUB_SECRET' +# GitHub Permissions to request from user +# ['repo'] - Allow creating issues for public and private repos. +# ['public_repo'] - Only allow creating issues for public repos. +# [] - No permission to create issues on any repos. +github_access_scope: ['repo'] # Configure SMTP settings. If you are running Errbit on Heroku, # sendgrid will be configured by default. diff --git a/config/initializers/_load_config.rb b/config/initializers/_load_config.rb index b268e18..eff5941 100644 --- a/config/initializers/_load_config.rb +++ b/config/initializers/_load_config.rb @@ -17,6 +17,7 @@ unless defined?(Errbit::Config) Errbit::Config.github_authentication = ENV['GITHUB_AUTHENTICATION'] Errbit::Config.github_client_id = ENV['GITHUB_CLIENT_ID'] Errbit::Config.github_secret = ENV['GITHUB_SECRET'] + Errbit::Config.github_access_scope = ENV['GITHUB_ACCESS_SCOPE'].split(',').map(&:strip) if ENV['GITHUB_ACCESS_SCOPE'] Errbit::Config.smtp_settings = { :address => "smtp.sendgrid.net", diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb index d5fdb78..805b4c4 100644 --- a/config/initializers/devise.rb +++ b/config/initializers/devise.rb @@ -119,7 +119,10 @@ Devise.setup do |config| # config.sign_out_all_scopes = false if Errbit::Config.github_authentication || Rails.env.test? - config.omniauth :github, Errbit::Config.github_client_id, Errbit::Config.github_secret, :scope => 'repo' + config.omniauth :github, + Errbit::Config.github_client_id, + Errbit::Config.github_secret, + :scope => Errbit::Config.github_access_scope.join(",") end # ==> Navigation configuration -- libgit2 0.21.2