Comments (9)
@all-contributors/core what do you think?
I think it's within the scope of the app. I think we should transfer this issue to https://github.com/all-contributors/app. We will probably need to add a permission to the app in order to enable interacting with discussions
from app.
okay, I requested the read/write permission to discussions. Note current installations are not updated until the request is accepted by account owners. That means we have to account for the case that an installation might have the permission to read/write discussions or comments. I think this shouldn't be a problem in our case, because we would only interact with discussions when handling a discussion_comment
event, which we will only receive if the owner accepted the permission.
Let me know if you have any questions.
I did not yet subscribe the app to the discussion_comment
event. We can do that once we implement the functionality
from app.
@brylie - thanks for raising this. I have similar requirement for my project.
Currently as a workaround, we have created one issue where we link to a relevant contribution in discussions and evoke the All Contributors bot. It is less messy than converting each relevant discussion to an issue but still not ideal.
Reference: Atri-Labs/atrilabs-engine#332
from app.
Thanks, @darshitac11! That's a great idea 😎
Relatedly, I understand that All Contributors may not immediately, or ever, get this feature. However, I hope the issue will remain open as a placeholder for the possibility of being added.
from app.
I just got a request to enable this
What I don't understand about any of these permissions is why AllContributors needs write access to anything?
Read access should be sufficient.
What you wanna write to our discussions?
I think this opens the door to security holes and bugs, and I am not going to approve that permission.
I am actually thinking to disable AllContributors. It's cool, but I don't like it having write access to everything. If this gets hacked it can really mess up all our repos. So... why???
from app.
@brylie thanks for bringing this up. I think we can enable GH discussion in the future however I think we like to simply things out. @all-contributors/core what do you think?
from app.
Thanks @brylie!
Yes, I appreciate that you requested this feature. I'm sure many projects would love to use it whenever it is available. 💙
from app.
We will probably need to add a permission to the app in order to enable interacting with discussions
@gr2m great! shall we add now?
from app.
write access
in this context write access means it needs to be able to comment. There is not a more granular permission in order to write comments, you need full write access to all discussions.
and I am not going to approve that permission
You already approved it for repository contents, issues, and pull requests, but you do you 🤷🏼
I am actually thinking to disable AllContributors. It's cool, but I don't like it having write access to everything. If this gets hacked it can really mess up all our repos. So... why???
you don't need the app, you can probably set up your own automation using the CLI, the app is just for convenience and to lower the technical barrier to less technical users.
Reducing permissions is off topic for this issue, please open a separate discussion if you want to continue on that topic.
from app.
Related Issues (20)
- Gitea support HOT 1
- Is there a way to remove contributors from a project? HOT 2
- Bot errors if repo already has `all-contributors` branch HOT 2
- Bot both creates a PR and complains about no contributions when extra text in comment HOT 1
- Bot cannot deal with username "gu-does-git"
- Discord bot?
- All-contributors bot HOT 2
- Adding contributions through the bot when existing contributions do not validate lead to "trouble processing request" HOT 1
- Adding a contribution replaces some existing data, in specific case?
- Provide an opt-out mechanism to prevent a user from being added to any repo in the future
- Visibility into what CLI / underlying library version the app is using?
- Review
- Add to contributors in the current PR
- Auto-add contributors based on configuration
- Feature request: Bot solves merge conflicts via `rebase` or `merge`
- Improve bot error messaging on invalid commitType config (Example inside) HOT 5
- "wE hAd TrOuBlE pRoCeSsInG yOuR rEqUeSt. PlEaSe TrY aGaIn LaTeR." HOT 3
- The all-contributors bot only partially recognizes the contribution types "infra" and "doc" HOT 2
- "Trouble processing your request" for new contributions despite basic config
- Error message on "maintenance" type HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from app.