fix: lowered user permissions on registration #48
Conversation
|
This is a proposal to fix the permissions requested for newcomers, as requesting full access on public / private repos seems excessive and scary for new users. It's a bit complicated to solve, since knowing the data related to a user requires that user to be logged in, where scopes have already been requested. So here is a draft proposal on how to handle it:
Everything is read-only, and the Org will help us later on determine if that user if part of Ubiquity's Org.
When clicked, we get redirected to the GitHub OAuth permission page requesting higher privileges 
If allowed, the "lock" button is gone. If that workflow is satisfactory, I can spend some time on the CSS to make it look better. |
|
I think it's a great proposal thanks for figuring this out. I am unsure that a lock is the best icon but until I have time to look through icon libraries I am unsure which is better. Try using Google material design icons I normally stick with those for all of our UIs. |
|
I think you should also set a time estimate. |
|
Oh I just realized this is a pull sorry! |
|
@0x4007 Thanks for the feedback. Seems that Ubiquibot still doesn't like me: #41 (comment) For the lock icon I actually pulled it out from Material UI icons. Maybe an opened lock would make more sense anyway. |
|
Current looks of the button in the navbar: |
|
Looks good! I also reviewed from my side. |
We discourage multiple associated issues in a single pull. This is so that we can audit changes (git blame) more efficiently if problems are discovered later. In the future I would branch off and open two pulls separately. This can be done retroactively after all the code is complete as long as you use the git "cherry pick" feature @gentlementlegen |
|
@0x4007 Yep makes sense, very accidentally fixed two by doing this one. Thought it would not make much sense to have another PR with the same exact code as this one, will keep this in mind and open two different PRs next time. |
Resolves #41
Resolves #47