[Jenkins-infra] Handling GitHub Apps Requests
Daniel Beck
ml at beckweb.net
Fri Sep 7 07:20:02 UTC 2018
> On 7. Sep 2018, at 05:01, R. Tyler Croy <tyler at monkeypox.org> wrote:
>
> What makes this even *more* annoying is that it looks like the user can request
> to install the App into repositories for which they're not even administrators.
This should be a bug based on my reading of the docs[1].
> You must be an organization owner or have admin permissions in a repository to request a GitHub App installation.
Additionally, it seems the _requests_ are limited to just GitHub Apps that "[require] organization permissions", whatever that is. Otherwise they would just be installed. I went through this a few weeks ago after a contributor installed an app, and I was wondering out why that was possible.
IOW, requests should generally be limited to GitHub apps with org-wide permission requests, and I hope those are rather rare (and need additional scrutiny).
So our problem should be mostly limited to installation requests to all repos, per your screenshot.
1: https://developer.github.com/apps/differences-between-apps/#who-can-install-github-apps-and-authorize-oauth-apps
More information about the Jenkins-infra
mailing list