I've encountered some strange behavior on the enterprise version when executing queries through GraphQL, using authorization via gh-app.
This behavior is only seen on GitHub EE (v2.22, v3.12).
The GitHub.com version does not have this problem. It is enough to specify read write permissions for pull requests.
If the permissions are insufficient, GitHub.com will complain, while GitHub EE will calmly execute the request and produce an empty response, which will be correct from a structural point of view.
If you use pat, this situation does not occur and the behavior is the same for both ee and com. That is, in case of insufficient rights the response will contain an error indicating this.
So I would like to understand if this behavior is correct or not.
My assumption is that since pull requests are a child class of issue, this is the reason for this behavior. However, the odd thing is that this behavior is different on the com and ee versions.
Reproduction Steps
GraphQL request example:
{
"query": "{ search(type: ISSUE, first: 100, query: \"repo:violetragan-org/repo-1 is:pr updated:>1970-01-01T00:00:00Z sort:updated-asc\") { nodes { ... on PullRequest { id number state title bodyText createdAt updatedAt mergedAt baseRefName headRefName url } } pageInfo { endCursor hasNextPage } } }"
}Example response for GitHub EE (v2.22, v3.12):
{
"data": {
"organization": {
"login": "violetragan-org"
},
"viewer": {
"email": "",
"pullRequests": {
"nodes": []
}
},
"search": {
"nodes": [],
"pageInfo": {
"endCursor": null,
"hasNextPage": false
}
}
}
}Example response for GitHub.com:
{
"data": {
"search": {
"nodes": [
null
],
"pageInfo": {
"endCursor": "Y3Vyc29yOjE=",
"hasNextPage": false
}
}
},
"errors": [
{
"type": "FORBIDDEN",
"path": [
"search",
"nodes",
0
],
"extensions": {
"saml_failure": false
},
"locations": [
{
"line": 1,
"column": 129
}
],
"message": "Resource not accessible by integration"
}
]
}With these permissions settings request for GitHub ee works:
{
"default_permissions": {
"contents": "write",
"issues": "read",
"pull_requests": "write"
}
}With these permissions settings request for GitHub ee doesn't works:
{
"default_permissions": {
"contents": "write",
"pull_requests": "write"
}
}Whereas.
With these permissions settings request for GitHub com works:
{
"default_permissions": {
"contents": "write",
"issues": "read",
"pull_requests": "write"
}
}With these permissions settings request for GitHub com, also works:
{
"default_permissions": {
"contents": "write",
"pull_requests": "write"
}
}
I've encountered some strange behavior on the enterprise version when executing queries through GraphQL, using authorization via gh-app.
This behavior is only seen on GitHub EE (v2.22, v3.12).
The GitHub.com version does not have this problem. It is enough to specify read write permissions for pull requests.
If the permissions are insufficient, GitHub.com will complain, while GitHub EE will calmly execute the request and produce an empty response, which will be correct from a structural point of view.
If you use pat, this situation does not occur and the behavior is the same for both ee and com. That is, in case of insufficient rights the response will contain an error indicating this.
So I would like to understand if this behavior is correct or not.
My assumption is that since pull requests are a child class of issue, this is the reason for this behavior. However, the odd thing is that this behavior is different on the com and ee versions.
Reproduction Steps
GraphQL request example:
{ "query": "{ search(type: ISSUE, first: 100, query: \"repo:violetragan-org/repo-1 is:pr updated:>1970-01-01T00:00:00Z sort:updated-asc\") { nodes { ... on PullRequest { id number state title bodyText createdAt updatedAt mergedAt baseRefName headRefName url } } pageInfo { endCursor hasNextPage } } }" }Example response for GitHub EE (v2.22, v3.12):
{ "data": { "organization": { "login": "violetragan-org" }, "viewer": { "email": "", "pullRequests": { "nodes": [] } }, "search": { "nodes": [], "pageInfo": { "endCursor": null, "hasNextPage": false } } } }Example response for GitHub.com:
{ "data": { "search": { "nodes": [ null ], "pageInfo": { "endCursor": "Y3Vyc29yOjE=", "hasNextPage": false } } }, "errors": [ { "type": "FORBIDDEN", "path": [ "search", "nodes", 0 ], "extensions": { "saml_failure": false }, "locations": [ { "line": 1, "column": 129 } ], "message": "Resource not accessible by integration" } ] }With these permissions settings request for GitHub ee works:
{ "default_permissions": { "contents": "write", "issues": "read", "pull_requests": "write" } }With these permissions settings request for GitHub ee doesn't works:
{ "default_permissions": { "contents": "write", "pull_requests": "write" } }Whereas.
With these permissions settings request for GitHub com works:
{ "default_permissions": { "contents": "write", "issues": "read", "pull_requests": "write" } }With these permissions settings request for GitHub com, also works:
{ "default_permissions": { "contents": "write", "pull_requests": "write" } }