Open vBm opened 10 years ago
Zren
commented
10 years ago https://openuserjs.org/users/Zren/github/repos?user=OpenUserJS https://openuserjs.org/users/Zren/github/repo?user=OpenUserJs&repo=OpenUserJS.org
https://openuserjs.org/libs/Zren/jquery-1.10.2.min
Nope. We just don't document those query parameters, which I guess is the same thing from a user's prospective.
vBm
commented
10 years ago Nice, thanks for letting me know. Works like a charm :)
Martii
commented
10 years ago Changing issue subject from:
Allow importing from GH organization repos
to current based off of https://github.com/OpenUserJs/OpenUserJS.org/issues/231#issuecomment-47546649 of success and https://github.com/OpenUserJs/OpenUserJS.org/issues/231#issuecomment-47537408 indicating that it can be with a QSP.
Zren
commented
10 years ago Probably need to also test the import pages with a user that isn't authed with GitHub. We can add a GET form with an <input name="user"> box on the "Not Authed with GitHub" import page, and on the top of the /github/repos page.
sizzlemctwizzle
commented
10 years ago I really don't want to let users import scripts from repos that aren't theirs. The only exception I'd make is for organization repos. Anyone can import from those.
sizzlemctwizzle
commented
10 years ago Also, I don't think it's unreasonable to require authentication with GitHub before you can import from GitHub.
Zren
commented
10 years ago We don't even need a user to auth to GitHub if we have an input box. All we do when the user is authed is find out their ghUsername.
Edit: Just remembered you mentioning that awhile ago. Perhaps instead of Labeling it as GitHub Username, label it as GitHub Orginization on the input form. Most users wouldn't think to put a regular username there probably.
On 6/30/14, Mike Medley notifications@github.com wrote:
Also, I don't think it's unreasonable to require authentication with GitHub before you can import from GitHub.
Reply to this email directly or view it on GitHub: https://github.com/OpenUserJs/OpenUserJS.org/issues/231#issuecomment-47587184
/ Chris
Martii
commented
10 years ago Putting on a security label as #236 is being encountered... It is a little vague between the:
Nope
and the...
Works like a charm
comments and the ensuing conversation here.
Martii
commented
10 years ago I really don't want to let users import scripts from repos that aren't theirs.
Is there a way to read in the "teams" like we have for our project at https://github.com/orgs/OpenUserJs/teams and allow only those ppl to import to our OUJS accounts for other organizations? If so this may entail @vBm to add a public team to his project, if not present, since https://github.com/orgs/OmertaBeyond/teams seems to have issues resolving here on GH and redirects to GH account page at https://github.com/OmertaBeyond ... EDIT: or perhaps "members" at https://github.com/orgs/OmertaBeyond/members ??
Martii
commented
9 years ago @vBm Are you able to auto sync to your vBm account on OUJS with Omerta Beyond or do you have to do it manually with upload/paste/reimport?
vBm
commented
9 years ago @Martii I made a fork on my account and gave access to members so they push to my fork and that fork has OUJS hook which properly syncs script.
devnoname120
commented
9 years ago @Martii This should work for finding out whether a user owns an organization or not.
Martii
commented
9 years ago @devnoname120 Seems to be a newer API function... I'll see what I dig up in our code... 'til then you might try vBm's suggestion as the work-around... we do have some other more serious fires that I'm working with sizzle on getting done with higher priority... I wasn't aware that forks could be sync'd to OUJS... my bad.
Thanks @vBm.
devnoname120
commented
9 years ago @Martii I will wait, because I think that this workaround is hacky, and I don't want to keep a fork up-to-date.
Martii
commented
9 years ago Well no promises on a time-table but I appreciate the assistance on the v3 API for Organizations... that's a GH RSS feed I should probably be following as this is the first I've heard of it.
Mottie
commented
7 years ago I think it should be okay for anyone to import a userscript, if the license allows it; OUJS allows forking, as does GitHub, GitLab and Bitbucket. The catch would be that only users or organizations that set up a webhook† that matches the userscript @updateURL should get an auto-update.
† Webhooks documentation:
Martii
commented
7 years ago ... if the license allows it;
This being one of the keys... related of #438 and probable https://spdx.org/licenses/ usage ... then perhaps. The other logistical changes need to take priority over this for a while though.
The catch...
Isn't there always one of those? ;)
Btw the current dep we utilize for GH is https://github.com/mikedeboer/node-github but it's still good to have the other links too. :)
Thanks for those and your feedback.
Martii
commented
6 years ago @sizzlemctwizzle
I really don't want to let users import scripts from repos that aren't theirs. The only exception I'd make is for organization repos. Anyone can import from those.
Not without a total rework even beyond GH import routines. This is disabled for the the time being. We'll talk in private in a while.
Renamed the issue back to it's original subject.
Martii
commented
6 years ago Btw for those listening/watching here... each of you needs to relogin to OUJS with GH auth to enable browsing your own repository lists... otherwise the webhook will reject your script updates from GH. e.g. you have to resync this yourself with a login. You shouldn't have to reimport but that's always an option if your webhook doesn't get processed.
Currently we can only import from user accounts. Would be nice if we could import repos from organizations.
Thanks in advance.