Skip to content

Commit e8bc2e1

Browse files
cartermckinnoncartermckinnon
committed
bot: require admin or maintain role for users
1 parent e9ed61b commit e8bc2e1

File tree

1 file changed

+26
-4
lines changed

1 file changed

+26
-4
lines changed

.github/actions/bot/index.js

+26-4
Original file line numberDiff line numberDiff line change
@@ -10,10 +10,7 @@ async function bot(core, github, context, uuid) {
1010
}
1111
console.log("Comment found in payload");
1212

13-
// user's org membership must be public for the author_association to be MEMBER
14-
// go to the org's member page, find yourself, and set the visibility to public
15-
const author = payload.comment.user.login;
16-
const authorized = ["OWNER", "MEMBER"].includes(payload.comment.author_association);
13+
const authorized = await isUserAuthorized(github, payload);
1714
if (!authorized) {
1815
console.log(`Comment author is not authorized: ${author}`);
1916
return;
@@ -52,6 +49,31 @@ async function bot(core, github, context, uuid) {
5249
}
5350
}
5451

52+
/**
53+
* @returns true if the author of this payload's comment has both:
54+
* - an OWNER or MEMBER of the repository's organization
55+
* - the admin or maintain roles in the repository
56+
*/
57+
async function isUserAuthorized(github, payload) {
58+
// user's org membership must be public for the author_association to be MEMBER
59+
// go to the org's member page, find yourself, and set the visibility to public
60+
const author = payload.comment.user.login;
61+
if (!["OWNER", "MEMBER"].includes(payload.comment.author_association)) {
62+
console.log(`Comment author association is not OWNER or MEMBER: ${author}`);
63+
return false;
64+
}
65+
const authorPermissionLevel = await github.rest.repos.getCollaboratorPermissionLevel({
66+
owner: payload.repository.owner.login,
67+
repo: payload.repository.name,
68+
username: author
69+
});
70+
if (!['admin', 'maintain'].includes(authorPermissionLevel.data.role_name)) {
71+
console.log(`Comment author does not have the admin or maintain role for the repository: ${author}`);
72+
return false;
73+
}
74+
return true;
75+
}
76+
5577
// replyToCommand creates a comment on the same PR that triggered this workflow
5678
function replyToCommand(github, payload, reply) {
5779
github.rest.issues.createComment({

0 commit comments

Comments
 (0)