Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bug] Settings tab not available for organisation-owned projects which I administer #1445

Open
rtyley opened this issue Aug 19, 2024 · 6 comments · Fixed by #1521
Open

[Bug] Settings tab not available for organisation-owned projects which I administer #1445

rtyley opened this issue Aug 19, 2024 · 6 comments · Fixed by #1521
Labels

Comments

@rtyley
Copy link
Contributor

rtyley commented Aug 19, 2024

Current behavior

Although the Settings tab is displayed for projects which I directly own, eg:

...it is not showing on projects which are owned by organisations, and are administered by me, eg:

The guardian organisation is very large, holding over 2000 public repos (I have write access to extensive numbers of these), but the scanamo organisation is much smaller, holding just 2 repos.

Based off @adpi2's comment I've logged in to Scaladex, then waited half an hour before re-checking my access to the settings tab, which has not changed.

image image

Expected Behavior

I should be able to access the Settings tab for all repos which I administer, including ones that are organisation owned.

The Scaladex codebase regards any permission of WRITE, MAINTAIN, ADMIN as conferring sufficient permission to access the Settings:

val permissions = Seq("WRITE", "MAINTAIN", "ADMIN")

...and I do have that level of permission on those repos.

Extra comments

Access to the Settings tab is controlled by the scaladex.core.model.UserState.canEdit() method:

case class UserState(repos: Set[Project.Reference], orgs: Set[Project.Organization], info: UserInfo) {
def isAdmin(env: Env): Boolean = orgs.contains(Project.Organization("scalacenter")) || env.isLocal
def canEdit(githubRepo: Project.Reference, env: Env): Boolean =
isAdmin(env) || repos.contains(githubRepo)

It looks like there are missing repos that I should have in the UserState returned from the DB by scaladex.infra.SqlDatabase.getUser():

override def getUser(userId: UUID): Future[Option[UserState]] =
run(UserSessionsTable.selectById.option(userId))

This data, stored in the database, is fetched lazily (as per #1170) with information from scaladex.infra.GithubClientImpl.getUserState():

private def getUserState(userInfo: UserInfo): Future[UserState] = {
val permissions = Seq("WRITE", "MAINTAIN", "ADMIN")
for {
organizations <- getUserOrganizations(userInfo.login)
organizationRepos <- organizations.flatTraverse { org =>
getOrganizationRepositories(userInfo.login, org, permissions)
}
userRepos <- getUserRepositories(userInfo.login, permissions)
} yield UserState(repos = organizationRepos.toSet ++ userRepos, orgs = organizations.toSet, info = userInfo)

...which calls getOrganizationRepositories():

def getOrganizationRepositories(
user: String,
organization: Project.Organization,
filterPermissions: Seq[String]
): Future[Seq[Project.Reference]] =
for (repos <- getAllRecursively(getOrganizationProjectsPage(user, organization)))
yield {
val filtered =
if (filterPermissions.isEmpty) repos
else repos.filter(repo => filterPermissions.contains(repo.viewerPermission))
filtered.map(repo => Project.Reference.from(repo.nameWithOwner))
}

At the moment, the Scaladex is doing a GraphQL query per user-organisation. I don't know if it might be simpler/faster to use the REST API and hit the https://api.github.com/user/repos endpoint?

https://docs.github.com/en/rest/repos/repos?apiVersion=2022-11-28#list-repositories-for-the-authenticated-user

Is it necessary for the Scaladex to maintain its own datastore of repository admins?

So far as I can see, there are 3 places where the repos of UserState are used:

...only the middle one, providing the search list, really requires a full list of all repos the user administrates? If that feature was sacrificed, it's possible that the other two could be furnished by solely querying the users permissions on the repository in question - ie, if I'm visiting

Search terms

authentication

@adpi2
Copy link
Member

adpi2 commented Jan 3, 2025

I closed this issue because I believe that #1521 is enough to resolve it.

At the moment, the Scaladex is doing a GraphQL query per user-organisation. I don't know if it might be simpler/faster to use the REST API and hit the https://api.github.com/user/repos endpoint?

I remember that we tried that a few years ago but it did not work because we could not get all the repositories the user can access.

...only the middle one, providing the search list, really requires a full list of all repos the user administrates? If that feature was sacrificed, it's possible that the other two could be furnished by solely querying the users permissions on the repository in question - ie, if I'm visiting

That's a nice idea. However, I am pretty sure it would slow down the response time of the project page too much.

@rtyley
Copy link
Contributor Author

rtyley commented Jan 3, 2025

Ah, fair enough - I just retried a few repos, and got better results:

I'll try again in half an hour to see if I can get access to that Scanamo one too...!

@adpi2
Copy link
Member

adpi2 commented Jan 3, 2025

Just to be sure, have you tried unlogging and logging again? If yes and it is not working, it is probably not going to work better in half an hour.

@rtyley
Copy link
Contributor Author

rtyley commented Jan 3, 2025

Just to be sure, have you tried unlogging and logging again?

Ah, yes - still don't have access to settings on https://index.scala-lang.org/scanamo/scanamo after logging out & in again:

Screen.Recording.2025-01-03.at.12.47.44.mov

@adpi2 adpi2 reopened this Jan 3, 2025
@adpi2
Copy link
Member

adpi2 commented Jan 10, 2025

@rtyley I need your help to fix this.

Using the Graph API I can see that you have admin rights in rtyley/scanamo but I don't see anything about scanamo/scanamo. It does not even appear in the response. Also the scanamo org does not appear in the list of your organizations.

Are you a member of the scanamo organization? Do you have direct access to scanamo/scanamo and what's your role there?

@rtyley
Copy link
Contributor Author

rtyley commented Jan 10, 2025

Are you a member of the scanamo organization? Do you have direct access to scanamo/scanamo and what's your role there?

According to my https://github.com/settings/organizations, I'm an owner of the scanamo organization:

image

I'm the sole member of the active-maintainers team (https://github.com/orgs/scanamo/teams/active-maintainers) within the Scanamo organisation:

image

...and the active-maintainers team has Admin rights on the https://github.com/scanamo/scanamo :

image

I have also merged this PR to demonstrate that I have admin over the repo:

Is the fact that I have a fork of scanamo/scanamo at rtyley/scanamo a problem?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants