floss-toolbox icon indicating copy to clipboard operation
floss-toolbox copied to clipboard

Published 20 hours ago verified publisher icon Orange-OpenSource

GitHub - Dump and diff of users

Open pylapp opened this issue 3 years ago • 1 comments

As a GitHub administrator, I want to dump and diff users of all repositories So that I can check if some unexpected users have been added or not, or have inconvenient permissions.

Dump and diff here means to have a record of users and permissions for each repo, to be able to load such records, and compare differences between iterations.

Inconvenient permissions here means to have to high privileges for example.

Unexpected users here means people outside the Group.

Pseudocode :

O = Organisation
OM = Organisation Members For O
OOC = Outside Collaborators For O

For Each Project P in O:
        PM = Get Membres For P 
        MPerm = Get Permissions Of PM

        For Each Membre M in PM:
                If M Is In OC:                                                // Partner, external contributor
                        Display Member And Warning
                Else If M Is Not In OM:                               // Someone who has left the Group but still in project
                        Display Member And Warning    
                Else:                                                            // Ok
                        Display Member

By Display Member* it means display the alias of the member and its permission for this project. Warning means use emoji or something visible to request attention

A JSON report can be produced in parallel of standard output, like:

[ /* Projects in array */
        {
                "project" : projectName,
                "warning": emoji,
                "members": [ /*Project members in arrays*/ 
                                {
                                                "alias": memberAlias,
                                                "company": memberCompany,
                                                "mail": memberEmail,
                                                "isOutsideOrganisation": yes/no,
                                                "isOutsideCollaboratorOfOrganisation": yes/no,
                                },
                                ...  
        }
        ...
]

pylapp avatar Oct 22 '21 16:10 pylapp

The need here is to be able to find contributors of projects who are not employees of the organisation owner. This feature is not so relevant and have a kind of low priority because GItHub exposes already a list of outside collaborators with references to the projects they work on.

Thus if someone has left the company and the organisation, but is still on a project, this person will appear in the list. If a subcontractor is not in the organisation, but contributes to projects, he or she will appear in the list.

So the pitfall is only to check sometimes that list and be sure only organisation owner employees are invited to join the organisation.

An exemple of the list for the Orange-OPenSource organisation: https://github.com/orgs/Orange-OpenSource/outside-collaborators

pylapp avatar May 17 '22 12:05 pylapp