-
Notifications
You must be signed in to change notification settings - Fork 129
[API] Can't add members to a team using token with write:org
permissions
#154
Comments
Reported to [email protected]:
|
Ah, got a reply and apparently the
Sent this reply:
Guess I can close this for now :P |
Got another reply from @izuzak that was super-helpful:
And my reply:
|
While work on gratipay/roobot#9 and using the API via personal access tokens, I'm pretty sure I discovered a bug:
Bug Summary
When trying to write a script that involved adding team members via API, I found that, as an owner, I could add them easily to the owner team when the token had
write:org
permissions. However, when trying to add a member to a non-owner team in that same org, I was got a 404. Elevating permissions toadmin:org
solved the issue temporarily, but that is much higher privileges than I would like to provide.Expected Behaviour
I would expect to be able to manage non-owner teams without having to provide
admin:org
access to a script.The description of
write:org
would lead me to believe that this should be possible:Steps to Reproduce
write:org
permissionsadmin:org
to access token.Notes
Oddly enough, I also saw this behaviour:
write:org
access.The text was updated successfully, but these errors were encountered: