From 97ea5e77b4d61d5d80ed08f7512847dee3ec9af5 Mon Sep 17 00:00:00 2001 From: Mario Campos Date: Tue, 1 Mar 2022 08:37:58 -0600 Subject: [PATCH] Fix obtained scope mapping to include implied scopes (#5256) * Fix obtained scope mapping to include missing scopes As is, `gotScopes` does not contain certain scopes because it doesn't check for the "special" scopes that imply other scopes. For example, the `repo` scope implies `repo:invite`. * Add a comment in ScopesSuggestion explaining branch statements * Delete whitespace to appease go-fmt --- api/client.go | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/api/client.go b/api/client.go index 3c95f6250..bfd526fbc 100644 --- a/api/client.go +++ b/api/client.go @@ -236,7 +236,23 @@ func ScopesSuggestion(resp *http.Response) string { for _, s := range strings.Split(tokenHasScopes, ",") { s = strings.TrimSpace(s) gotScopes[s] = struct{}{} - if strings.HasPrefix(s, "admin:") { + + // Certain scopes may be grouped under a single "top-level" scope. The following branch + // statements include these grouped/implied scopes when the top-level scope is encountered. + // See https://docs.github.com/en/developers/apps/building-oauth-apps/scopes-for-oauth-apps. + if s == "repo" { + gotScopes["repo:status"] = struct{}{} + gotScopes["repo_deployment"] = struct{}{} + gotScopes["public_repo"] = struct{}{} + gotScopes["repo:invite"] = struct{}{} + gotScopes["security_events"] = struct{}{} + } else if s == "user" { + gotScopes["read:user"] = struct{}{} + gotScopes["user:email"] = struct{}{} + gotScopes["user:follow"] = struct{}{} + } else if s == "codespace" { + gotScopes["codespace:secrets"] = struct{}{} + } else if strings.HasPrefix(s, "admin:") { gotScopes["read:"+strings.TrimPrefix(s, "admin:")] = struct{}{} gotScopes["write:"+strings.TrimPrefix(s, "admin:")] = struct{}{} } else if strings.HasPrefix(s, "write:") {