Slack: Allow filtering of repositories by Public/Private repo status
馃憢 hey all!
I want to use the All repositories option for a rather large organization (Sensu-Plugins), but I would need to filter out comments from private repositories. Without doing so, we have a permissions leak when it comes to private conversations posted publicly. Could this be possible?
Asked another way, could it be possible to subscribe to future repositories while filtering out private ones?
Here's the interaction I'm thinking of:
And I'd love for it to have something clear here, maybe a radio button that has:
- All public repositories only
- All private repositories only
- Both
Or whatever your UI people would dig. I like the clarity of explicitly mentioning these options so people do make a similar permissions problem to me.
Note that I posted to the GitHub Apps team as well at the advice of GitHub Support. I hope this helps connect the dots between your awesome integration and their awesome platform.
mbbroberg
All 5 comments
Without doing so, we have a permissions leak when it comes to private conversations posted publicly. Could this be possible?
Even if you select All repositories, a user must have read access to the repository in order to subscribe to it in a Slack channel. Anyone in that channel will be able to see activity regardless of their permissions.
Asked another way, could it be possible to subscribe to future repositories while filtering out private ones?
This a request that would have to be implemented by the GitHub Apps team. We'll pass on this feedback to them, but I'm going to close this issue here since it's not a change we can implement in this repository.
bkeepers
on 1 Mar 2018
Even if you select All repositories, a user must have read access to the repository in order to subscribe to it in a Slack channel. Anyone in that channel will be able to see activity regardless of their permissions.
Yes, that's the problem. As an maintainer of a GitHub organization, I have the permissions to do subscribe. The challenge is a majority of repositories created are public with only a few that need to be filtered as private.
This a request that would have to be implemented by the GitHub Apps team.
Wouldn't filtering for visibility as private be possible using the V3 repos API?
It's fair to say you don't _want_ to implement it. But if you or any other contributor might, it's available.
mbbroberg
on 1 Mar 2018
Even if this is not a priority, it should be left open for anyone to contribute to as this is a valid use case. Just because you don't see the value does not mean there is none.
majormoses
on 2 Mar 2018
@mbbroberg @majormoses Sorry if my answer seemed short and was not clear.
Just to clarify, the "Install Slack" screen is provided by GitHub Apps and is built into GitHub itself. Our app has no control over what appears on that screen, and can't customize the permissions beyond what is provided there.
I definitely see the value of having more options for which repositories to give access to, it's just not something that can be implemented in this repository.
Does that make sense?
bkeepers
on 2 Mar 2018
That totally makes sense now. I was disappointed by the initial response tbh, which felt more dismissive than helpful. I know being a maintainer isn't always a cakewalk and I appreciate your clarification.
mbbroberg
on 3 Mar 2018
Related issues
flybd5
路
5Comments
jchuerva
路
5Comments
campbellssource
路
3Comments
ronjouch
路
4Comments
sean-ahn
路
5Comments
Most helpful comment
That totally makes sense now. I was disappointed by the initial response tbh, which felt more dismissive than helpful. I know being a maintainer isn't always a cakewalk and I appreciate your clarification.