[ZF] A couple of github issues

Jim Fulton jim at zope.com
Fri Feb 8 14:44:24 UTC 2013 

On Fri, Feb 8, 2013 at 12:13 AM, Matthew Wilkes
<matthew at matthewwilkes.co.uk> wrote:
> Hello all,
>
> I did some digging into GitHub permissions today and here are my findings:

Thanks a lot for looking into this!


>
> If you create a team with Pull, Push and Admin rights to no repositories its
> members can create repositories without having admin rights on the
> organization as a whole.
>
> There are two caveats to this.
>
> 1) Repositories that these users create are automatically added to that
> team, so all members of this team become able to delete this repo
>
> 2) Users can remove each other from that team, removing eachothers ability
> to create repositories.

Can't admin users also add users to the team, including users who
weren't already associated with the organization?

>
> I believe that this is still the best way of fixing our current problem of
> creating repositories, so to that end I've written a simple package that
> does github API calls. This assumes two teams exist, one that gives push and
> pull to its members and is administered in the normal way. The other will
> give push, pull and admin but have no repositories, and will have its
> members synchronised with the other by the scripts.
>
> Any repositories added to that team get moved to the other, which prevents
> non-admins being able to delete repositories.
>
> The package is called mr.sisyphus[1] and I'm currently converting Plone to
> use this, as it reduces the chance of people deleting repositories
> automatically. It can only be run by people in the admin team of an
> organization.

Let me see if I understand what you're suggesting:

- There are two teams, an admin team and a dev team.  The former
  having Pull, Push and Admin rights, and the later having Push and
  Pull rights.

- The admin team is smaller than the dev team.

- The admin team is responsible for creating repos, which they them
  move to the dev team.

- The dev can't delete repositories

- The admin team can't delete repositories they've transfered to the
  dev team.

Did I get that right?

You seem to be especially concerned about deleting repositories.  I
have to admit that I haven't been as concerned as I probably should
be.  I've gotten a bit spoiled by subversion, which makes it
impossible to truly delete anything.

In general, the property of subversion that makes it impossible to
delete data (other than by deleting the repo, which isn't possible by
committers) has allowed us to be pretty liberal about accepting
committers.

Jim

--
Jim Fulton
http://www.linkedin.com/in/jimfulton
Jerky is better than bacon! http://zo.pe/Kqm

More information about the foundation mailing list