Check permissions of parent team

[sothebys-tommi]

Even though permissions are inherited from parents, GetPermissions() does not return inherited values so we need to check them specifically.

• Changed the teamExists function to orgTeam to later access the orgTeam.Parent.
• If the team doesn't have permissions and it has a parent team recurse with the parent team.

[chadxzs]

hi @mszostok, is this change something you are interested in? We'd love to remove our vendored version of this action and use the standard one. Is there anything you need us to do to get this PR merged?

[mszostok]

Hi @chadxzs @sothebys-tommi,

Thanks for your contribution!

I'm interested in that change and will merge it once I will add e2e tests for that 👍

Will try to close and release it this week. Sorry for the delay!

[mszostok]

Hi again @chadxzs @sothebys-tommi,

I started with the e2e test case:

1. I added Employees > Engineering > Application Engineering teams. Where only Employees have a write access
2. I added Application Engineering as code owners: https://github.com/gh-codeowners/codeowners-samples/blob/0b54e095befdcc74eac8546fcf1e7168b97a4eb5/CODEOWNERS#L12
3. Executed codeowners-validator: https://github.com/gh-codeowners/codeowners-samples/runs/7418773940?check_suite_focus=true

As you can see, there are no errors about missing permissions. I also checked the GitHub API:

Checks whether a team has admin, push, maintain, triage, or pull permission for a repository. Repositories inherited through a parent team will also be checked.

source: https://docs.github.com/en/rest/teams/teams#check-team-permissions-for-a-repository

Reference:

• https://docs.github.com/en/organizations/organizing-members-into-teams/about-teams#nested-teams
• https://docs.github.com/en/rest/teams/teams#check-team-permissions-for-a-repository

---

Could you check whether you still can reproduce this problem? Maybe the GitHub updated the API behavior.

[sothebys-tommi]

I ran this with the same version I was testing when opening the pull request which was version 0.6.0 and the same result.

==> Executing Duplicated Pattern Checker (209.701µs)
    Check OK
==> Executing File Exist Checker (204.392512ms)
    Check OK
==> Executing Valid Owner Checker (6.103127149s)
    [err] line 835: Team "Client" does not exist in organization "XXX".
3 check(s) executed, 1 failure(s)

Using v0.7.4 works great, thanks!

 ==> Executing Duplicated Pattern Checker (199.401µs)
    Check OK
==> Executing File Exist Checker (140.92488ms)
    Check OK
==> Executing Valid Owner Checker (3.455785633s)
    Check OK