How to get user permissions for a repo?


#1

I’m trying to find out how to fetch user permissions for a specific repository. For OAuth apps, the user permissions are part of the response for the get repo (GET /repos/:owner/:repo).

For GitHub Apps, I imagine that that endpoint is accessible authenticating on behalf of the installation, but if that’s the case, there is no user context. Is this correct? How can I fetch the permissions for a user on a specific repo?


#2

:wave:

"permissions" is a top level attribute for that response, so I think you should be to able to request this as a GitHub App (using an installation token or on behalf of a user) and the "permissions" attribute for the installation will be returned the same as it would for OAuth apps.

However, GitHub Apps only ever have the permissions that are requested by the App, even when making requests on behalf of a user, so I’m not sure this is the answer you’re looking for :grinning:

If your app has access to a Repo granted to it during installation it will have the permissions you set the app up with.


#3

Thanks for jumping in @jakewilkins! I guess the easiest way to know is just to test it. If the request can be made on behalf of both the user and the installation, this is how I imagine it could work:

  • If the request is made using a user token, I expect the permissions field to have the user permissions object (for example, { push: true, pull: true, admin: false }).

  • If the request is made using the installation token, the permissions field could include the permissions of the app on that repo, but given how GitHub Apps work, those permissions would just be the permissions of the App.

I will try to test this next week and update this issue unless someone from the GitHub staff can clarify this for us.