code-annotation icon indicating copy to clipboard operation
code-annotation copied to clipboard
verified publisher icon src-d

Teams API and ID

Open smacker opened this issue 8 years ago • 2 comments

Currently to implement ACL we use github organizations & teams API.

Teams API is unstable:

Warning: The API may change without advance notice during the preview period. Preview features are not supported for production use. If you experience any issues, contact GitHub support. https://developer.github.com/v3/orgs/teams/

and it requires team-id instead of name. There is no way to get this ID without api call (though it's simple).

We can write more code to resolve team-id by name (teams can belong to other teams). But because the API is unstable for the first version I left it as is.

Possible solutions:

  • Workaround with addition api calls for id resolving despite the fact api is unstable
  • Use GraphQL api
  • Use something else to implement ACL instead of github teams
  • You can suggest more!

smacker avatar Feb 08 '18 14:02 smacker

I think we can use the "only-for-development" gh api, that suits our necessities for this internal tool. To retrieve the team-id we can:

  1. GET /orgs/:org/teams, to obtain the two teams in the org,
  2. filter the list obtained by (1), to get the team-id of the team we're searching,
  3. GET /teams/:team-id/members, and check if the user is in the list of members,

an alternative of (3), it could be

  1. GET /teams/:eam-id/memberships/:username to guess if the user is in the team, and is active

dpordomingo avatar Feb 08 '18 19:02 dpordomingo

Plus this comments: https://github.com/src-d/code-annotation/pull/60#pullrequestreview-95210895

dpordomingo avatar Feb 08 '18 20:02 dpordomingo