I have a public Github App that I’m developing, and I’ve noticed something odd and unexpected about the permissions model.
I’ve installed the Github App selectively on a handful of Organization repositories and a couple of repositories that exist directly under my user.
All of these repositories are also “shared” with another user. This secondary has been manually added as a collaborator for the organization repositories, as well as my personal repositories.
Using the Github api, when I (on my AnalogJ account) query for all installations for my user, I get the correct number: my organizations + my personal account.
However, when I the secondary user queries for all installations, he is unable to see the AnalogJ installation (that even though he’s a collaborator on some repositories within) and can only see the Organizations where he’s been added as a collaborator (again, hes only a collaborator on a subset of repositories within the Org).
I hope that made sense.