feat: Add support for repository fine-grained permissions (#4032)

shuv0id · web-flow · commit b346dece7691 · 2026-02-25T20:03:29.000-05:00
diff --git a/github/orgs_custom_repository_roles.go b/github/orgs_custom_repository_roles.go
@@ -38,6 +38,12 @@ type CreateOrUpdateCustomRepoRoleOptions struct {
 	Permissions []string `json:"permissions"`
 }
 
+// RepoFineGrainedPermission represents a fine-grained permission that can be used in a custom repository role.
+type RepoFineGrainedPermission struct {
+	Name        string `json:"name"`
+	Description string `json:"description"`
+}
+
 // ListCustomRepoRoles lists the custom repository roles available in this organization.
 // In order to see custom repository roles in an organization, the authenticated user must be an organization owner.
 //
@@ -152,3 +158,26 @@ func (s *OrganizationsService) DeleteCustomRepoRole(ctx context.Context, org str
 
 	return resp, nil
 }
+
+// ListRepositoryFineGrainedPermissions lists the fine-grained permissions that can be used in custom repository roles for an organization.
+// The authenticated user must be an administrator of the organization or of a repository of the organization to use this endpoint.
+//
+// GitHub API docs: https://docs.github.com/enterprise-cloud@latest/rest/orgs/custom-roles#list-repository-fine-grained-permissions-for-an-organization
+//
+//meta:operation GET /orgs/{org}/repository-fine-grained-permissions
+func (s *OrganizationsService) ListRepositoryFineGrainedPermissions(ctx context.Context, org string) ([]*RepoFineGrainedPermission, *Response, error) {
+	u := fmt.Sprintf("orgs/%v/repository-fine-grained-permissions", org)
+
+	req, err := s.client.NewRequest("GET", u, nil)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	var perms []*RepoFineGrainedPermission
+	resp, err := s.client.Do(ctx, req, &perms)
+	if err != nil {
+		return nil, resp, err
+	}
+
+	return perms, resp, nil
+}
diff --git a/github/orgs_custom_repository_roles_test.go b/github/orgs_custom_repository_roles_test.go
@@ -283,3 +283,56 @@ func TestOrganizationsService_DeleteCustomRepoRole(t *testing.T) {
 		return err
 	})
 }
+
+func TestOrganizationsService_ListRepositoryFineGrainedPermissions(t *testing.T) {
+	t.Parallel()
+	client, mux, _ := setup(t)
+
+	mux.HandleFunc("/orgs/o/repository-fine-grained-permissions", func(w http.ResponseWriter, r *http.Request) {
+		testMethod(t, r, "GET")
+		fmt.Fprint(w, `[
+			{
+				"name": "add_assignee",
+				"description": "Assign or remove a user"
+			},
+			{
+				"name": "add_label",
+				"description": "Add or remove a label"
+			}
+		]`)
+	})
+
+	ctx := t.Context()
+	perms, _, err := client.Organizations.ListRepositoryFineGrainedPermissions(ctx, "o")
+	if err != nil {
+		t.Errorf("Organizations.ListRepositoryFineGrainedPermissions returned error: %v", err)
+	}
+
+	want := []*RepoFineGrainedPermission{
+		{
+			Name:        "add_assignee",
+			Description: "Assign or remove a user",
+		},
+		{
+			Name:        "add_label",
+			Description: "Add or remove a label",
+		},
+	}
+	if !cmp.Equal(perms, want) {
+		t.Errorf("Organizations.ListRepositoryFineGrainedPermissions returned %+v, want %+v", perms, want)
+	}
+
+	const methodName = "ListRepositoryFineGrainedPermissions"
+	testBadOptions(t, methodName, func() (err error) {
+		_, _, err = client.Organizations.ListRepositoryFineGrainedPermissions(ctx, "\no")
+		return err
+	})
+
+	testNewRequestAndDoFailure(t, methodName, client, func() (*Response, error) {
+		got, resp, err := client.Organizations.ListRepositoryFineGrainedPermissions(ctx, "o")
+		if got != nil {
+			t.Errorf("testNewRequestAndDoFailure %v = %#v, want nil", methodName, got)
+		}
+		return resp, err
+	})
+}
