proposal: API for querying collaborator permissions #6980

Closed
opened 2025-11-02 07:12:46 -06:00 by GiteaMirror · 3 comments
Owner

Originally created by @nome on GitHub (Mar 9, 2021).

Description

Context: I have defined a team with can_create_org_repo and write permission to all repos. Team members are considered maintainers/contacts for the repositories they have admin privileges on. Now I want other members of the same team to be able to query (via a custom client) the admin(s) of a given repo.

In the GitHub API, GET /repos/{owner}/{repo}/collaborators returns the permissions of each collaborator along with the user info, e.g. "permissions": { "pull": true, "push": true, "admin": false }. I think this would be the preferred way of implementing this feature.

Possible alternatives:

  • GET /repos/{owner}/{repo}/collaborators/{username}/permission - less efficient in this use case, because it would require multiple requests
  • Filter collaborators returned in GET /repos/{owner}/{repo}/collaborators by their permissions using an optional parameter - would deviate from the GitHub API
  • Add a separate endpoint, e.g. GET /repos/{owner}/{repo}/permissions for querying collaborator permissions - would deviate from the GitHub API

Screenshots

Originally created by @nome on GitHub (Mar 9, 2021). <!-- NOTE: If your issue is a security concern, please send an email to security@gitea.io instead of opening a public issue --> <!-- 1. Please speak English, this is the language all maintainers can speak and write. 2. Please ask questions or configuration/deploy problems on our Discord server (https://discord.gg/gitea) or forum (https://discourse.gitea.io). 3. Please take a moment to check that your issue doesn't already exist. 4. Make sure it's not mentioned in the FAQ (https://docs.gitea.io/en-us/faq) 5. Please give all relevant information below for bug reports, because incomplete details will be handled as an invalid report. --> - Gitea version (or commit ref): 1.13.4 - Git version: N/A - Operating system: Linux (Official Docker Image) <!-- Please include information on whether you built gitea yourself, used one of our downloads or are using some other package --> <!-- Please also tell us how you are running gitea, e.g. if it is being run from docker, a command-line, systemd etc. ---> <!-- If you are using a package or systemd tell us what distribution you are using --> - Database (use `[x]`): - [ ] PostgreSQL - [ ] MySQL - [ ] MSSQL - [x] SQLite - Can you reproduce the bug at https://try.gitea.io: - [x] Yes (provide example URL) https://try.gitea.io/org/collab_perms/teams/users - [ ] No - Log gist: <!-- It really is important to provide pertinent logs --> <!-- Please read https://docs.gitea.io/en-us/logging-configuration/#debugging-problems --> <!-- In addition, if your problem relates to git commands set `RUN_MODE=dev` at the top of app.ini --> ## Description <!-- If using a proxy or a CDN (e.g. CloudFlare) in front of gitea, please disable the proxy/CDN fully and connect to gitea directly to confirm the issue still persists without those services. --> Context: I have defined a team with `can_create_org_repo` and write permission to all repos. Team members are considered maintainers/contacts for the repositories they have admin privileges on. Now I want other members of the same team to be able to query (via a custom client) the admin(s) of a given repo. In the GitHub API, [`GET /repos/{owner}/{repo}/collaborators`](https://docs.github.com/en/rest/reference/repos#list-repository-collaborators) returns the permissions of each collaborator along with the user info, e.g. `"permissions": { "pull": true, "push": true, "admin": false }`. I think this would be the preferred way of implementing this feature. Possible alternatives: * [`GET /repos/{owner}/{repo}/collaborators/{username}/permission`](https://docs.github.com/en/rest/reference/repos#get-repository-permissions-for-a-user) - less efficient in this use case, because it would require multiple requests * Filter collaborators returned in `GET /repos/{owner}/{repo}/collaborators` by their permissions using an optional parameter - would deviate from the GitHub API * Add a separate endpoint, e.g. `GET /repos/{owner}/{repo}/permissions` for querying collaborator permissions - would deviate from the GitHub API ## Screenshots <!-- **If this issue involves the Web Interface, please include a screenshot** -->
GiteaMirror added the type/proposalmodifies/api labels 2025-11-02 07:12:46 -06:00
Author
Owner

@Greg-NetDuma commented on GitHub (Mar 10, 2021):

GET /repos/{owner}/{repo}/collaborators/{collaborator} currently returns an empty response, it could return the permissions for that user if the user is a collaborator.

@Greg-NetDuma commented on GitHub (Mar 10, 2021): `GET /repos/{owner}/{repo}/collaborators/{collaborator}` currently returns an empty response, it could return the permissions for that user if the user is a collaborator.
Author
Owner

@zeripath commented on GitHub (Mar 11, 2021):

lol this was one of my first prs that was rejected as it changed the api...

@zeripath commented on GitHub (Mar 11, 2021): lol this was one of my first prs that was rejected as it changed the api...
Author
Owner

@6543 commented on GitHub (Apr 29, 2022):

-> #18761

@6543 commented on GitHub (Apr 29, 2022): -> #18761
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#6980