Allow limited oauth scopes #45
Conversation
1ced0b7 to
67eb146
Compare
|
I amended the commit message for grammar. |
|
Thank you for a pull request! Please check this document for how the Jenkins project handles pull requests |
|
Peer review is welcome. |
|
👍 Thanks! |
67eb146 to
9ff2882
Compare
| GithubSecurityRealm myRealm = (GithubSecurityRealm) Jenkins.getInstance().getSecurityRealm(); | ||
| String[] myScopes = myRealm.getOauthScopes().split(","); | ||
| Arrays.sort(myScopes); | ||
| if(Arrays.binarySearch(myScopes, "read:org") >= 0 || Arrays.binarySearch(myScopes, "admin:org") >= 0 || Arrays.binarySearch(myScopes, "user") >= 0) { |
There was a problem hiding this comment.
This conditional needs a comment.
If I were to come across this line while working on the code, I wouldn't have any idea what's being checked here.
To figure it out, I'd have to reach for the GitHub API docs and work backwards from "What are the common properties of these scopes?"
Probably something like "Check to see if we can read organizational and team memberships" would do the trick
9ff2882 to
65eecb0
Compare
|
@sirosen I've updated the pull request to contain an additional scope as well as comments for what it is doing. |
|
Awesome, that's exactly what I wanted. 👍 |
|
This should be merged after #47 to make use of the |
|
Perhaps make |
65eecb0 to
f51842d
Compare
If using the GitHub OAuth plugin for authentication only, then it doesn't make sense to query GitHub for Organization membership since it will not be using GitHub OAuth for authorization. This stems from a discussion in pull request #39.
f51842d to
6ed061a
Compare
If using the GitHub OAuth plugin for authentication only, then it doesn't make sense to query GitHub for Organization membership since it will not be using GitHub OAuth for authorization.
This stems from a discussion in pull request #39.
cc @s0undt3ch, @sirosen, @cloudbeesci