Commit 08fdc37b41d32def049d2a89b92a6252e09a49b2
1 parent
ee1d6a07
Exists in
master
and in
1 other branch
Allow configuration of GitHub permissions (turn on/off access to creating GitHub…
… issues for public/private/no repos)
Showing
7 changed files
with
38 additions
and
12 deletions
Show diff stats
README.md
| @@ -202,9 +202,17 @@ After you have followed these instructions, you will be able to **Sign in with G | @@ -202,9 +202,17 @@ After you have followed these instructions, you will be able to **Sign in with G | ||
| 202 | 202 | ||
| 203 | You will also be able to link your GitHub profile to your user account on your **Edit profile** page. | 203 | You will also be able to link your GitHub profile to your user account on your **Edit profile** page. |
| 204 | 204 | ||
| 205 | -If you have signed in with GitHub, or linked your GitHub profile, | ||
| 206 | -you are able to create an issue on GitHub if the App has a GitHub repo configured. | ||
| 207 | -You will also be able to create an issue on a configured issue trackers. | 205 | +If you have signed in with GitHub, or linked your GitHub profile, and the App has a GitHub repo configured, |
| 206 | +then you will be able to create issues on GitHub. | ||
| 207 | +You will still be able to create an issue on the App's configured issue tracker. | ||
| 208 | + | ||
| 209 | +You can change the requested account permissions by setting `github_access_scope` to: | ||
| 210 | + | ||
| 211 | +<table> | ||
| 212 | + <tr><th>['repo'] </th><td>Allow creating issues for public and private repos.</td></tr> | ||
| 213 | + <tr><th>['public_repo'] </th><td>Only allow creating issues for public repos.</td></tr> | ||
| 214 | + <tr><th>[] </th><td>No permission to create issues on any repos.</td></tr> | ||
| 215 | +</table> | ||
| 208 | 216 | ||
| 209 | 217 | ||
| 210 | **Configuring LDAP authentication:** | 218 | **Configuring LDAP authentication:** |
app/controllers/users/omniauth_callbacks_controller.rb
| @@ -8,21 +8,17 @@ class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController | @@ -8,21 +8,17 @@ class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController | ||
| 8 | if current_user | 8 | if current_user |
| 9 | # ... unless a user is already registered with same github login | 9 | # ... unless a user is already registered with same github login |
| 10 | if github_user && github_user != current_user | 10 | if github_user && github_user != current_user |
| 11 | - flash[:error] = "User already registered with GitHub login '#{github_login}'" | 11 | + flash[:error] = "User already registered with GitHub login '#{github_login}'!" |
| 12 | else | 12 | else |
| 13 | # Add github details to current user | 13 | # Add github details to current user |
| 14 | - current_user.update_attributes( | ||
| 15 | - :github_login => github_login, | ||
| 16 | - :github_oauth_token => github_token | ||
| 17 | - ) | 14 | + update_user_with_github_attributes(current_user, github_login, github_token) |
| 18 | flash[:success] = "Successfully linked GitHub account!" | 15 | flash[:success] = "Successfully linked GitHub account!" |
| 19 | end | 16 | end |
| 20 | # User must have clicked 'link account' from their user page, so redirect there. | 17 | # User must have clicked 'link account' from their user page, so redirect there. |
| 21 | redirect_to user_path(current_user) | 18 | redirect_to user_path(current_user) |
| 22 | elsif github_user | 19 | elsif github_user |
| 23 | # Store OAuth token | 20 | # Store OAuth token |
| 24 | - github_user.update_attribute :github_oauth_token, github_token | ||
| 25 | - | 21 | + update_user_with_github_attributes(github_user, github_login, github_token) |
| 26 | flash[:success] = I18n.t "devise.omniauth_callbacks.success", :kind => "GitHub" | 22 | flash[:success] = I18n.t "devise.omniauth_callbacks.success", :kind => "GitHub" |
| 27 | sign_in_and_redirect github_user, :event => :authentication | 23 | sign_in_and_redirect github_user, :event => :authentication |
| 28 | else | 24 | else |
| @@ -30,4 +26,13 @@ class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController | @@ -30,4 +26,13 @@ class Users::OmniauthCallbacksController < Devise::OmniauthCallbacksController | ||
| 30 | redirect_to new_user_session_path | 26 | redirect_to new_user_session_path |
| 31 | end | 27 | end |
| 32 | end | 28 | end |
| 29 | + | ||
| 30 | + private | ||
| 31 | + | ||
| 32 | + def update_user_with_github_attributes(user, login, token) | ||
| 33 | + user.update_attributes( | ||
| 34 | + :github_login => login, | ||
| 35 | + :github_oauth_token => token | ||
| 36 | + ) | ||
| 37 | + end | ||
| 33 | end | 38 | end |
app/models/user.rb
| @@ -48,6 +48,10 @@ class User | @@ -48,6 +48,10 @@ class User | ||
| 48 | github_login.present? && github_oauth_token.present? | 48 | github_login.present? && github_oauth_token.present? |
| 49 | end | 49 | end |
| 50 | 50 | ||
| 51 | + def can_create_github_issues? | ||
| 52 | + github_account? && Errbit::Config.github_access_scope.include?('repo') | ||
| 53 | + end | ||
| 54 | + | ||
| 51 | protected | 55 | protected |
| 52 | 56 | ||
| 53 | def destroy_watchers | 57 | def destroy_watchers |
app/views/errs/_issue_tracker_links.html.haml
| @@ -6,7 +6,7 @@ | @@ -6,7 +6,7 @@ | ||
| 6 | %span.disabled= link_to 'creating...', '#', :class => "#{@problem.issue_type}_inactive create-issue" | 6 | %span.disabled= link_to 'creating...', '#', :class => "#{@problem.issue_type}_inactive create-issue" |
| 7 | = link_to 'retry', create_issue_app_err_path(@app, @problem), :method => :post | 7 | = link_to 'retry', create_issue_app_err_path(@app, @problem), :method => :post |
| 8 | - else | 8 | - else |
| 9 | - - if current_user.github_account? && @app.github_repo? | 9 | + - if current_user.can_create_github_issues? && @app.github_repo? |
| 10 | %span= link_to 'create issue', create_issue_app_err_path(@app, @problem, :tracker => 'user_github'), :method => :post, :class => "github_create create-issue" | 10 | %span= link_to 'create issue', create_issue_app_err_path(@app, @problem, :tracker => 'user_github'), :method => :post, :class => "github_create create-issue" |
| 11 | - if @app.issue_tracker_configured? && !@app.issue_tracker.is_a?(GithubIssuesTracker) | 11 | - if @app.issue_tracker_configured? && !@app.issue_tracker.is_a?(GithubIssuesTracker) |
| 12 | %span= link_to 'create issue', create_issue_app_err_path(@app, @problem), :method => :post, :class => "#{@app.issue_tracker.label}_create create-issue" | 12 | %span= link_to 'create issue', create_issue_app_err_path(@app, @problem), :method => :post, :class => "#{@app.issue_tracker.label}_create create-issue" |
config/config.example.yml
| @@ -61,6 +61,11 @@ deployment: | @@ -61,6 +61,11 @@ deployment: | ||
| 61 | github_authentication: false | 61 | github_authentication: false |
| 62 | github_client_id: 'GITHUB_CLIENT_ID' | 62 | github_client_id: 'GITHUB_CLIENT_ID' |
| 63 | github_secret: 'GITHUB_SECRET' | 63 | github_secret: 'GITHUB_SECRET' |
| 64 | +# GitHub Permissions to request from user | ||
| 65 | +# ['repo'] - Allow creating issues for public and private repos. | ||
| 66 | +# ['public_repo'] - Only allow creating issues for public repos. | ||
| 67 | +# [] - No permission to create issues on any repos. | ||
| 68 | +github_access_scope: ['repo'] | ||
| 64 | 69 | ||
| 65 | # Configure SMTP settings. If you are running Errbit on Heroku, | 70 | # Configure SMTP settings. If you are running Errbit on Heroku, |
| 66 | # sendgrid will be configured by default. | 71 | # sendgrid will be configured by default. |
config/initializers/_load_config.rb
| @@ -17,6 +17,7 @@ unless defined?(Errbit::Config) | @@ -17,6 +17,7 @@ unless defined?(Errbit::Config) | ||
| 17 | Errbit::Config.github_authentication = ENV['GITHUB_AUTHENTICATION'] | 17 | Errbit::Config.github_authentication = ENV['GITHUB_AUTHENTICATION'] |
| 18 | Errbit::Config.github_client_id = ENV['GITHUB_CLIENT_ID'] | 18 | Errbit::Config.github_client_id = ENV['GITHUB_CLIENT_ID'] |
| 19 | Errbit::Config.github_secret = ENV['GITHUB_SECRET'] | 19 | Errbit::Config.github_secret = ENV['GITHUB_SECRET'] |
| 20 | + Errbit::Config.github_access_scope = ENV['GITHUB_ACCESS_SCOPE'].split(',').map(&:strip) if ENV['GITHUB_ACCESS_SCOPE'] | ||
| 20 | 21 | ||
| 21 | Errbit::Config.smtp_settings = { | 22 | Errbit::Config.smtp_settings = { |
| 22 | :address => "smtp.sendgrid.net", | 23 | :address => "smtp.sendgrid.net", |
config/initializers/devise.rb
| @@ -119,7 +119,10 @@ Devise.setup do |config| | @@ -119,7 +119,10 @@ Devise.setup do |config| | ||
| 119 | # config.sign_out_all_scopes = false | 119 | # config.sign_out_all_scopes = false |
| 120 | 120 | ||
| 121 | if Errbit::Config.github_authentication || Rails.env.test? | 121 | if Errbit::Config.github_authentication || Rails.env.test? |
| 122 | - config.omniauth :github, Errbit::Config.github_client_id, Errbit::Config.github_secret, :scope => 'repo' | 122 | + config.omniauth :github, |
| 123 | + Errbit::Config.github_client_id, | ||
| 124 | + Errbit::Config.github_secret, | ||
| 125 | + :scope => Errbit::Config.github_access_scope.join(",") | ||
| 123 | end | 126 | end |
| 124 | 127 | ||
| 125 | # ==> Navigation configuration | 128 | # ==> Navigation configuration |