Bryan
12/03/2021, 7:18 PMdelete_issue
). A user can be a member of that role and a repo can be related to various roles.
The Problem
This a rough approximation of the intended behavior, but falls apart pretty quickly. Consider the scenario where two users monalisa
and geoff
are to be granted the repo_manager
role on repo1
and repo2
, respectively. In real life, monalisa
gets repo_manager
on repo1
, but has no permissions over repo2
and vice-versa for geoff
. However, as the assertions show with this model, any member of repo_manager
gets the repo_manager
permissions on ALL repos that have a relationship with repo_manager
. If there were a third user jeeves
who was given membership of the repo_manager
role, they would get permissions on repo1
and repo2
instantly.
I read the blog post on user defined roles (https://authzed.com/blog/user-defined-roles/). It's almost what I need, but is structurally different from how roles at GitHub work. Repos don't "own" the roles. In the blog post, a role is defined on a per-project basis. The admin
role "belongs" to the pied_piper
project. It couldn't be re-used in a different project.