rafaelmardojai / forge-sparks

Get git forges notifications
MIT License
73 stars 10 forks source link

GitLab less permissions for the token #44

Open abitrolly opened 1 month ago

abitrolly commented 1 month ago

Why write api permissions is needed for GitLab? Would read_api be enough?

image

Or maybe it is possible to add ForgeFed protocol to GitLab and api tokens won't be required?

rafaelmardojai commented 1 month ago

Write access is needed to mark as read (actually mark the todo as done). Ideally GitLab would have a more fine grained scopes but is not the case.

abitrolly commented 1 month ago

@rafaelmardojai I've seen ongoing work to change how access tokens are managed, still not sure how fine grained the controls would be.

If I don't want to mark things as read from the app, and my profile is public, do I need the token at all?

rafaelmardojai commented 1 month ago

@abitrolly It should fail silently and the notification will stay in the app window, the app should be smart enough to not re-send a notification, so yeah, the app should work without mayor problems if you just use the read_api scope.