Graphql api Repo contributer permissions bug/feature

GitHub Ecosystem
#1

I’m trying to make a query, that shows a specific user’s permissions to a specific repository.
example of the query:

  {
    organization(login: "Org123123") {
      name,
      repository(name: "Repo123123") {
        name
        id
        u0: collaborators(query: "user1") {
          ...CollabiratorData
        }
        u1: collaborators(query: "user2") {
          ...CollabiratorData
        }
      }
    }
  }
  
  fragment CollabiratorData on RepositoryCollaboratorConnection {
    edges {
      node {
        name
        id
        login
      }
      permission
    }
  }

When a member/collaborator is a member of the repository or a member of a team which has access to the repository, everything works as expected, but when a member is a part of a team which in itself is a part of a team, I get an empty response like this:

"u1": {
  "edges": []
}

The u1 user is part a member of the repository when searching through the api, but due to the complex access right path (repo <- team1 <- team2 <- member) I get no permissions to the repository.

I’m not sure if this is intentional or not, but my question is, how to get a certain repository contributors access level to the repository, if the member is part of a team that’s in an another team.

#2

Hello @AlbertKostusev and welcome to the community.

As far as I can see, there isn’t a way to directly connect a user to their permissions on a specific repository. The best route I can see is to:

  1. Query the list of teams in the organization for which ones grant permissions on the specific repository
  2. Query those teams to see if the specific user is a member of any of them
  3. Check the repository to see if the specific user is a direct collaborator (separate from team permissions)
  4. Determine the specific user’s permissions by selecting the highest applicable permission level found

I’m not sure if all of this could be built into one query but I hope it helps get you where you need to go. Let us know if you have more questions.