No permission to execute `AddProjectNextItem`

Hi,

I’m trying to add many issues from a repository to a Github Project (beta). As there’s no way to do this in bulk through the website afaict, I tried using the API through the gh client as documented in Using the API to manage projects (beta) - GitHub Docs. I managed to retrieve the list of issue IDs using

gh issue list -L 500 --json id -q ".[].id"

and the project ID using

gh api graphql -f query='
  query{    
    organization(login: "inspirehep"){                                                           
      projectNext(number: 59) {
        id
      }
    }
  }'

but when I’m trying to add an issue to that project following the documentation,

gh api graphql -f query='
  mutation {
    addProjectNextItem(input: {projectId: "PN_kwDOAAVxOM1mYw" contentId: "I_kwDOCaIres47pUhQ"}) {
      projectNextItem {
        id
      }
    }
  }'

I receive a permission error:

{
  "data": {
    "addProjectNextItem": null
  },
  "errors": [
    {
      "type": "FORBIDDEN",
      "path": [
        "addProjectNextItem"
      ],
gh: michamos does not have the correct permissions to execute `AddProjectNextItem`
      "locations": [
        {
          "line": 3,
          "column": 5
        }
      ],
      "message": "michamos does not have the correct permissions to execute `AddProjectNextItem`"
    }
  ]
}

I’m an admin of the organization and am able to add issues to the project through the web interface, but for some reason I don’t have permission to do it through the API.

Am I doing something wrong or is this a bug in the project (beta) API?

4 Likes

Running into the same problem ;( Did you figure this out yet?

No, it looks like a bug to me. I’ve just opened a support ticket.

I ran into this and figured it out: the default permissions that the GitHub CLI requests don’t give write:org permissions. You can fix this by generating your own PAT and pasting it in when running gh auth login

1 Like

Indeed, generating a PAT with write:org permissions and passing that to the gh auth login did the trick. Thanks a lot @bouk!