feature: add the GitHub user to permission groups

Previously only the username, e.g. `USERNAME`, was added as a permission group during login. However, this can also be made available by other plugins. To ensure access is limited to a GitHub user, the username is now also available as `github/owner/USERNAME`.
n4bb12 · Nov 27, 2021 · 1b48183 · 1b48183
1 parent 9cc14f2
commit 1b48183
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -102,6 +102,7 @@ Set this if you are using GitHub Enterprise. Example: `https://github.example.co
 The following groups are added during login and can be used to configure package permissions:
 
 - `$authenticated`
+- `github/owner/GITHUB_USER` for the user's personal GitHub account
 - `github/owner/GITHUB_ORG` for every GitHub org the user is a member of
 - `github/owner/GITHUB_ORG/team/GITHUB_TEAM` for every GitHub team the user is a member of
 - `github/owner/GITHUB_ORG/repo/GITHUB_REPO` for every GitHub repository the user has access to

diff --git a/src/server/github/AuthProvider.ts b/src/server/github/AuthProvider.ts
@@ -78,7 +78,8 @@ export class GitHubAuthProvider implements AuthProvider {
   }
 
   async getGroups(token: string) {
-    const [orgs, teams, repos] = await Promise.all([
+    const [username, orgs, teams, repos] = await Promise.all([
+      this.getUsername(token),
       this.client.requestUserOrgs(token),
       this.client.requestUserTeams(token),
       this.client.requestUserRepos(token),
@@ -103,6 +104,7 @@ export class GitHubAuthProvider implements AuthProvider {
       ...orgGroups,
       ...teamGroups,
       ...repoGroups,
+      userGroup,
       ...legacyOrgGroups,
       ...legacyTeamGroups,
     ]

diff --git a/test/utils.ts b/test/utils.ts
@@ -14,6 +14,8 @@ export const testLoginOrgGroup = `github/owner/${testLoginOrgName}`
 export const testOrgGroup = `github/owner/TEST_ORG`
 export const testTeamGroup = `${testOrgGroup}/team/TEST_TEAM`
 export const testRepoGroup = `${testOrgGroup}/repo/TEST_REPO`
+export const testUserName = "TEST_USER"
+export const testUserGroup = `github/owner/${testUserName}`
 export const testLegacyOrgGroup = "github/TEST_LEGACY_ORG"
 export const testLegacyTeamGroup = "github/TEST_LEGACY_ORG/TEST_LEGACY_TEAM"
 
@@ -30,6 +32,7 @@ export const testProviderGroups = [
   testOrgGroup,
   testTeamGroup,
   testRepoGroup,
+  testUserGroup,
   // legacy groups
   testLegacyOrgGroup,
   testLegacyTeamGroup,