Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] GraphQL queries for GH EE differs from GH COM #432

Open
violetragan opened this issue Apr 9, 2024 · 0 comments
Open

[BUG] GraphQL queries for GH EE differs from GH COM #432

violetragan opened this issue Apr 9, 2024 · 0 comments

Comments

@violetragan
Copy link

I've encountered some strange behavior on the enterprise version when executing queries through GraphQL, using authorization via gh-app.
This behavior is only seen on GitHub EE (v2.22, v3.12).
The GitHub.com version does not have this problem. It is enough to specify read write permissions for pull requests.
If the permissions are insufficient, GitHub.com will complain, while GitHub EE will calmly execute the request and produce an empty response, which will be correct from a structural point of view.

If you use pat, this situation does not occur and the behavior is the same for both ee and com. That is, in case of insufficient rights the response will contain an error indicating this.
So I would like to understand if this behavior is correct or not.
My assumption is that since pull requests are a child class of issue, this is the reason for this behavior. However, the odd thing is that this behavior is different on the com and ee versions.

Reproduction Steps

GraphQL request example:

{
  "query": "{ search(type: ISSUE, first: 100,  query: \"repo:violetragan-org/repo-1 is:pr updated:>1970-01-01T00:00:00Z sort:updated-asc\") { nodes { ... on PullRequest { id number state title  bodyText createdAt updatedAt mergedAt baseRefName headRefName url } } pageInfo { endCursor hasNextPage } } }"
}

Example response for GitHub EE (v2.22, v3.12):

{
  "data": {
    "organization": {
      "login": "violetragan-org"
    },
    "viewer": {
      "email": "",
      "pullRequests": {
        "nodes": []
      }
    },
    "search": {
      "nodes": [],
      "pageInfo": {
        "endCursor": null,
        "hasNextPage": false
      }
    }
  }
}

Example response for GitHub.com:

{
  "data": {
    "search": {
      "nodes": [
        null
      ],
      "pageInfo": {
        "endCursor": "Y3Vyc29yOjE=",
        "hasNextPage": false
      }
    }
  },
  "errors": [
    {
      "type": "FORBIDDEN",
      "path": [
        "search",
        "nodes",
        0
      ],
      "extensions": {
        "saml_failure": false
      },
      "locations": [
        {
          "line": 1,
          "column": 129
        }
      ],
      "message": "Resource not accessible by integration"
    }
  ]
}

With these permissions settings request for GitHub ee works:

{
  "default_permissions": {
    "contents": "write",
    "issues": "read",
    "pull_requests": "write"
  }
}

With these permissions settings request for GitHub ee doesn't works:

{
  "default_permissions": {
    "contents": "write",
    "pull_requests": "write"
  }
}

Whereas.
With these permissions settings request for GitHub com works:

{
  "default_permissions": {
    "contents": "write",
    "issues": "read",
    "pull_requests": "write"
  }
}

With these permissions settings request for GitHub com, also works:

{
  "default_permissions": {
    "contents": "write",
    "pull_requests": "write"
  }
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@violetragan