I am using the graphql api to query RepositoryCollaboratorEdge objects to see who has access to my repo and how. But I am noticing that some users with permissions have nothing in the permissionSources. (To be clear, I am seeing organizations, teams and repostiory objects returning in the same query for other repos/collaborators.) For example. This query: query {
viewer {
repositories ( first:1 affiliations:[OWNER, ORGANIZATION_MEMBER], ownerAffiliations:[OWNER, ORGANIZATION_MEMBER] ){
totalCount
pageInfo {
endCursor
hasNextPage
}
nodes {
name
nameWithOwner
collaborators ( first:1 ) {
totalCount
pageInfo {
endCursor
hasNextPage
}
edges {
node { login }
permission
permissionSources {
permission
source {
... on Organization { websiteUrl id name }
... on Repository { homepageUrl id name nameWithOwner }
... on Team { editTeamUrl id name combinedSlug }
}
}
}
}
}
}
}
} Has some results for collaborators that are looking like this snippet: "collaborators": {
"totalCount": 103,
"pageInfo": {
"endCursor": "Y3Vyc29yOnYyOpHNA8E=",
"hasNextPage": true
},
"edges": [
{
"permission": "WRITE",
"permissionSources": []
},
{
"permission": "ADMIN",
"permissionSources": []
}, So my questions is: What might cause these permission sources arrays to be empty? Maybe this is an issue with the permission levels of the caller? But it seems strange to me that I should be able to see the collaborators and there permission at all if i can't see the permissionSources. Or perhaps there is another way to become a collaborator beyond organization membership, team membership or direct repo assignment? I'm also noticing that this appears to be happening to repos as a whole so maybe there is something there as well?
... View more