Implement authorization with the team repository

Question

Implement authorization with the team repository

Closed this issue 5 years ago · 2 comments

We want to centralize authorization in the rust-lang/team repository, so this bot should use it to detect which users are authorized to interact with it. This should be implemented before deploying the bot.

Changes in rust-lang/team:

Replace the existing discord = "username" field with discord-id = 1234567890123.
Add discord_ids to Permission in the static API, to allow querying which Discord IDs implement a permission.
Implement a crates_io_ops_bot.APP_NAME permission. We'll want it to work similarly to the bors permission, where the list of applications allowed is encoded in the permissions! macro, to allow strict checking during validation.

Changes in the bot:

Every time we need to check whether a user is allowed or not, the following URL needs to be queried:

https://team-api.infra.rust-lang.org/v1/permissions/crates_io_ops_bot.APP_NAME.json

This way, changes in the team repo are instantly relected in the bot without needing any restart.

cc @nellshamrell

Answer 1 · 2020-05-15T19:04:52.000Z

Replace the existing discord = "username" field with discord-id = 1234567890123.
Add discord_ids to Permission in the static API, to allow querying which Discord IDs implement a permission.
Implement a crates_io_ops_bot.APP_NAME permission. We'll want it to work similarly to the bors permission, where the list of applications allowed is encoded in the permissions! macro, to allow strict checking during validation.
Query team api url when checking whether a user is allowed to do something or not

Answer 2 · 2020-05-18T18:21:51.000Z

Changes to the teams repo have been implemented in rust-lang/team#340