OpenUserJS.org Allow importing from GH organization repos

Currently we can only import from user accounts. Would be nice if we could import repos from organizations.

Thanks in advance.

Jun 30 '14 11:06 vBm

https://openuserjs.org/users/Zren/github/repos?user=OpenUserJS https://openuserjs.org/users/Zren/github/repo?user=OpenUserJs&repo=OpenUserJS.org

https://openuserjs.org/libs/Zren/jquery-1.10.2.min

Nope. We just don't document those query parameters, which I guess is the same thing from a user's prospective.

Jun 30 '14 14:06 Zren

Nice, thanks for letting me know. Works like a charm :)

Jun 30 '14 15:06 vBm

Changing issue subject from:

Allow importing from GH organization repos

to current based off of https://github.com/OpenUserJs/OpenUserJS.org/issues/231#issuecomment-47546649 of success and https://github.com/OpenUserJs/OpenUserJS.org/issues/231#issuecomment-47537408 indicating that it can be with a QSP.

Jun 30 '14 18:06 Martii

Probably need to also test the import pages with a user that isn't authed with GitHub. We can add a GET form with an <input name="user"> box on the "Not Authed with GitHub" import page, and on the top of the /github/repos page.

Jun 30 '14 20:06 Zren

I really don't want to let users import scripts from repos that aren't theirs. The only exception I'd make is for organization repos. Anyone can import from those.

Jun 30 '14 21:06 sizzlemctwizzle

Also, I don't think it's unreasonable to require authentication with GitHub before you can import from GitHub.

Jun 30 '14 21:06 sizzlemctwizzle

We don't even need a user to auth to GitHub if we have an input box. All we do when the user is authed is find out their ghUsername.

Edit: Just remembered you mentioning that awhile ago. Perhaps instead of Labeling it as GitHub Username, label it as GitHub Orginization on the input form. Most users wouldn't think to put a regular username there probably.

On 6/30/14, Mike Medley [email protected] wrote:

Also, I don't think it's unreasonable to require authentication with GitHub before you can import from GitHub.

Reply to this email directly or view it on GitHub: https://github.com/OpenUserJs/OpenUserJS.org/issues/231#issuecomment-47587184

/ Chris

Jun 30 '14 21:06 Zren

Putting on a security label as #236 is being encountered... It is a little vague between the:

Nope

and the...

Works like a charm

comments and the ensuing conversation here.

Jul 01 '14 19:07 Martii

I really don't want to let users import scripts from repos that aren't theirs.

Is there a way to read in the "teams" like we have for our project at https://github.com/orgs/OpenUserJs/teams and allow only those ppl to import to our OUJS accounts for other organizations? If so this may entail @vBm to add a public team to his project, if not present, since https://github.com/orgs/OmertaBeyond/teams seems to have issues resolving here on GH and redirects to GH account page at https://github.com/OmertaBeyond ... EDIT: or perhaps "members" at https://github.com/orgs/OmertaBeyond/members ??

Jul 01 '14 19:07 Martii

@vBm Are you able to auto sync to your vBm account on OUJS with Omerta Beyond or do you have to do it manually with upload/paste/reimport?

Mar 11 '15 21:03 Martii

@Martii I made a fork on my account and gave access to members so they push to my fork and that fork has OUJS hook which properly syncs script.

Mar 11 '15 21:03 vBm

@Martii This should work for finding out whether a user owns an organization or not.

Mar 11 '15 21:03 devnoname120

@devnoname120 Seems to be a newer API function... I'll see what I dig up in our code... 'til then you might try vBm's suggestion as the work-around... we do have some other more serious fires that I'm working with sizzle on getting done with higher priority... I wasn't aware that forks could be sync'd to OUJS... my bad.

Thanks @vBm.

Mar 11 '15 21:03 Martii

@Martii I will wait, because I think that this workaround is hacky, and I don't want to keep a fork up-to-date.

Mar 11 '15 21:03 devnoname120

Well no promises on a time-table but I appreciate the assistance on the v3 API for Organizations... that's a GH RSS feed I should probably be following as this is the first I've heard of it.

Mar 11 '15 21:03 Martii

I think it should be okay for anyone to import a userscript, if the license allows it; OUJS allows forking, as does GitHub, GitLab and Bitbucket. The catch would be that only users or organizations that set up a webhook^† that matches the userscript @updateURL should get an auto-update.

† Webhooks documentation:

Jun 22 '17 10:06 Mottie

... if the license allows it;

This being one of the keys... related of #438 and probable https://spdx.org/licenses/ usage ... then perhaps. The other logistical changes need to take priority over this for a while though.

The catch...

Isn't there always one of those? ;)

Btw the current dep we utilize for GH is https://github.com/mikedeboer/node-github but it's still good to have the other links too. :)

Thanks for those and your feedback.

Jun 26 '17 11:06 Martii

@sizzlemctwizzle

I really don't want to let users import scripts from repos that aren't theirs. The only exception I'd make is for organization repos. Anyone can import from those.

Not without a total rework even beyond GH import routines. This is disabled for the the time being. We'll talk in private in a while.

Renamed the issue back to it's original subject.

Jul 11 '18 11:07 Martii

Btw for those listening/watching here... each of you needs to relogin to OUJS with GH auth to enable browsing your own repository lists... otherwise the webhook will reject your script updates from GH. e.g. you have to resync this yourself with a login. You shouldn't have to reimport but that's always an option if your webhook doesn't get processed.

Jul 11 '18 21:07 Martii