search

typst / webapp-issues

Issue tracker for Typst's web app.
https://typst.app
12 stars 0 forks source link

Make more granular permissions for typst github sync #435

Open peekxc opened 2 weeks ago

peekxc commented 2 weeks ago

Description

I just got typst pro (yay!) mostly because I wanted version control via git.

Adding typst GH support required giving typst read/write access to all of my repositories, both public and private.

While I trust that typst will likely not alter/commit to any directory/project I configure, I can't help but feel like the permissions granted should be more granular.

Can you refine the write permissions requested to be local to a given repository? (And also to only public repos, unless otherwise configured)?

Use Case

This could help users adopt the GH synchronization feature without worrying about relinquishing control to typst their non-typst repos

pmazaitis commented 2 weeks ago

To add another case: In GitHub organizations that support communities, the owner of a repository may not have the privileges to grant access.

As an example, I'm doing some volunteer work for a non-profit at the moment, and we're keeping the document sources in a repository that's part of the non-profit's GitHub organization. While I have access to the repository I'm working in, I have no access to other repositories in the organization, or any administrative access to the organization itself (nor should I!).

laurmaedje commented 2 weeks ago

Unfortunately the standard OAuth protocol we can use across GitHub and GitLab does not support this, so we'll need to implement a GitHub-specific GitHub app. This is a fair amount of work, so I can't say when we'll get to it.