Why does galaxy need write access to github repositories?

[nusenu]

Hi,

when logging in into galaxy.ansible.com,
galaxy asks for write access to repositories, why is that?

Is it possible to have a role on galaxy without giving galaxy write
access to github repositories?

thanks,
nusenu

[Chris Houseknecht]

Galaxy asks for the following scopes used to access the GitHub API:

- user:email

- public_repo

- read:org

These are defined here: https://developer.github.com/v3/oauth/#scopes

The last two allow us to see the orgs you belong to and the repos you have access to, which is needed when building the list of role repositories on My Roles page.

--Chris

[nusenu]

Chris Houseknecht:

> Galaxy asks for the following scopes used to access the GitHub API:
>
> - user:email
> - public_repo
> - read:org
>
> These are defined here: https://developer.github.com/v3/oauth/#scopes
>
> The last two allow us to see the orgs you belong to and the repos you have
> access to, which is needed when building the list of role repositories on
> My Roles page.

Ok, so you actually do not need _write_ access but github does not
provide a read-only version of "public_repo", correct?

If the user accepts
> - user:email
> - read:org

but does not authorize
> - public_repo

you would still be able to build that list (My Roles page) IFF his role
is directly listed "under his account" - is that correct?


I have not seen an option in the UI to selectively authorize access but
according to:
https://developer.github.com/v3/oauth/#requested-scopes-vs-granted-scopes

this will "soon" be possible (pointing to a entry from 2013?
https://developer.github.com/changes/2013-10-04-oauth-changes-coming/ )