GraphQL API v4 are not able to fetch private repositories inside organizations

fenix-hub · January 14, 2021, 11:31pm

Hi,
As the title says, GraphQL APIs are not able to fetch private repositories inside organizations.
I don’t know if this is intended with new APIs, but with REST one I could.
I don’t think my query is wrong, but anyway, here it is:

'{user(login: "%s"){repositories(ownerAffiliations:%s, first:%s, orderBy: {field: NAME, direction: ASC}){ nodes { diskUsage name owner { login } description url isFork isPrivate forkCount stargazerCount isInOrganization collaborators(affiliation: DIRECT, first: 100) { nodes {login name avatarUrl} } mentionableUsers(first: 100){ nodes{ login name avatarUrl } } defaultBranchRef { name } refs(refPrefix: "refs/heads/", first: 100){ nodes{ name target { ... on Commit { oid tree { oid } zipballUrl tarballUrl } } } } } } } }'

("%s" is replaced by users’ info in code)

I am the owner of 2 organizations, and member of another 2. In one of them there is only one repository (non-empty) and it is private. I cannot see this one repository.

The token I’m using has full permissions, and the organization in question doesn’t have specific privacy settings.

byrneh · January 15, 2021, 1:07am

@fenix-hub you have a first:%s in your query the first argument should be an integer, which looks odd
You can probably debug your query by simplifying your query to ita simplear form listing of all repositories and their name ainky if it then give you want you want, add back in the additional fields and filtering you explicitly require.

fenix-hub · January 15, 2021, 9:25am

Hi @byrneh ,
Thank you very much for answering.
Don’t worry about the %s, the language I’m using properly substitues all string placeholders with int, so the query works.
Anyway, I followed your suggestion, and here it is a simplified query:

query {
 viewer {
  repositories(ownerAffiliations:[ORGANIZATION_MEMBER], first:100) { 
   nodes { owner {login} name }
   }
  }
}

And here’s the response:

{
  "data": {
    "viewer": {
      "repositories": {
        "nodes": [
          {
            "owner": {
              "login": "godot-italia"
            },
            "name": "Lyskar"
          },
          {
            "owner": {
              "login": "godot-italia"
            },
            "name": "Lyskar-Prototype"
          },
          {
            "owner": {
              "login": "godot-italia"
            },
            "name": "Game-of-Darios-life"
          },
          {
            "owner": {
              "login": "godot-italia"
            },
            "name": "asset-game-jam"
          },
          {
            "owner": {
              "login": "godot-italia"
            },
            "name": "2D-InverseKinematic"
          },
          {
            "owner": {
              "login": "godot-italia"
            },
            "name": "linee-guida-traduzione-italiana-godot"
          }
        ]
      }
    }
  }
}

Here’s my organizations.

The second one (fenixhub-org) only contains a private repository. That’s exactly the one not being listed.

fenix-hub · January 16, 2021, 11:52pm

Should I open an issue about this?

byrneh · January 18, 2021, 1:05am

I found you need to query the organization in GraphQL and you can then get any repository or other details related to the organization that you have permissions.
Example below querying two org and various details, amend for whatever org/repository data you want.

query{
Org1: organization(login: "ORG1-NAME) {
…OrgInfo
}
Org2: organization(login: “ORG2-NAME”) {
…OrgInfo
}
}

fragment OrgInfo on Organization {
login
name
description
repositories (first:100) {
totalCount
nodes {
owner {login}
name
description
createdAt
diskUsage
forkCount
isArchived
isDisabled
isEmpty
isInOrganization
isLocked
lockReason
isMirror
mirrorUrl
isPrivate
isTemplate
isUserConfigurationRepository
parent {
name
}
#labels (first:100){nodes {name}}
mentionableUsers (first:100){
totalCount
nodes {
login
name
}
}
viewerPermission
assignableUsers (first:100){
totalCount
nodes {
login
}
}
defaultBranchRef {
name
}
branchProtectionRules (first:100) {
totalCount
nodes {
databaseId
pattern
isAdminEnforced
}
}
collaborators (first:100) {
totalCount
nodes {
login
name
}
}
deployKeys (first:100){
totalCount
nodes {
id
}
}
repositoryTopics (first:100){
totalCount
nodes {
topic {
id
}
}
}
forks (first:100) {
totalCount
nodes {
owner {
id
login
}
name
description
}
}

}
}

}

fenix-hub · January 18, 2021, 11:00am

Hi and thank you.
I actually managed to find a workaround for this:

query { 
  viewer { 
    organizations(first:100) {
      nodes {
        repositories(first: 100) {
          nodes {
            name
          }
        }
      } 
    }
  }
}

This will give me each single repository, private and public.
Still it is a little bit odd that just querying all user’s repositories you will get every single one, but not the private ones from organizations.

Komal7209 · August 29, 2021, 3:58pm

Hi @everyone involved in this conversation thread.

Just wanted to add my concern here also,
I was unable to find out that how we can access private repositories of other users using github graphql apis and github oauth