fix: the user role is determined from the repo when unavailable from …

…organization
ubiquity-os-marketplace · Dec 29, 2024 · fa4692b · fa4692b
1 parent 94d773f
commit fa4692b
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 9 deletions.
diff --git a/src/handlers/shared/get-user-task-limit-and-role.ts b/src/handlers/shared/get-user-task-limit-and-role.ts
@@ -7,7 +7,7 @@ interface MatchingUserProps {
 
 export async function getUserRoleAndTaskLimit(context: Context, user: string): Promise<MatchingUserProps> {
   const orgLogin = context.payload.organization?.login;
-  const { config, logger } = context;
+  const { config, logger, octokit } = context;
   const { maxConcurrentTasks } = config;
 
   const minUserTaskLimit = Object.entries(maxConcurrentTasks).reduce((minTask, [role, limit]) => (limit < minTask.limit ? { role, limit } : minTask), {
@@ -21,15 +21,40 @@ export async function getUserRoleAndTaskLimit(context: Context, user: string): P
       throw new Error("Invalid organization name");
     }
 
-    const response = await context.octokit.rest.orgs.getMembershipForUser({
-      org: orgLogin,
+    let role = "contributor";
+    let limit;
+
+    try {
+      const response = await octokit.rest.orgs.getMembershipForUser({
+        org: orgLogin,
+        username: user,
+      });
+      role = response.data.role.toLowerCase();
+      limit = maxConcurrentTasks[role];
+    } catch (err) {
+      logger.error("Could not get user membership", { err });
+    }
+
+    // If we failed to get organization membership, narrow down to repo role
+    const permissionLevel = await octokit.rest.repos.getCollaboratorPermissionLevel({
       username: user,
+      owner: context.payload.repository.owner.login,
+      repo: context.payload.repository.name,
     });
+    role = permissionLevel.data.role_name?.toLowerCase();
+    context.logger.debug(`Retrieved collaborator permission level for ${user}.`, {
+      user,
+      owner: context.payload.repository.owner.login,
+      repo: context.payload.repository.name,
+      isAdmin: permissionLevel.data.user?.permissions?.admin,
+      role,
+      data: permissionLevel.data,
+    });
+    if (role && maxConcurrentTasks[role]) {
+      limit = maxConcurrentTasks[role];
+    }
 
-    const role = response.data.role.toLowerCase();
-    const limit = maxConcurrentTasks[role];
-
-    return limit ? { role, limit } : minUserTaskLimit;
+    return limit ? { role, limit } : { ...minUserTaskLimit, role };
   } catch (err) {
     logger.error("Could not get user role", { err });
     return minUserTaskLimit;

diff --git a/src/index.ts b/src/index.ts
@@ -1,6 +1,6 @@
 import { createPlugin } from "@ubiquity-os/plugin-sdk";
 import { Manifest } from "@ubiquity-os/plugin-sdk/manifest";
-import { LogLevel } from "@ubiquity-os/ubiquity-os-logger";
+import { LOG_LEVEL, LogLevel } from "@ubiquity-os/ubiquity-os-logger";
 import type { ExecutionContext } from "hono";
 import manifest from "../manifest.json";
 import { createAdapters } from "./adapters";
@@ -25,7 +25,7 @@ export default {
         envSchema: envSchema,
         postCommentOnError: true,
         settingsSchema: pluginSettingsSchema,
-        logLevel: env.LOG_LEVEL as LogLevel,
+        logLevel: (env.LOG_LEVEL as LogLevel) ?? LOG_LEVEL.INFO,
         kernelPublicKey: env.KERNEL_PUBLIC_KEY,
         bypassSignatureVerification: process.env.NODE_ENV === "local",
       }