gitcoinco · thelostone-mc · Nov 20, 2019 · Nov 13, 2019 · Nov 14, 2019 · Nov 14, 2019
@@ -140,7 +140,8 @@
 ROOT_URLCONF = env('ROOT_URLCONF', default='app.urls')
 
 AUTHENTICATION_BACKENDS = (
-    'social_core.backends.github.GithubOAuth2',  # for Github authentication
+    # 'social_core.backends.github.GithubOAuth2',  # for Github authentication
+    'app.utils.CustomGithubOAuth2',
     'django.contrib.auth.backends.ModelBackend',
 )
 
@@ -532,9 +533,15 @@
 SOCIAL_AUTH_GITHUB_SECRET = GITHUB_CLIENT_SECRET
 SOCIAL_AUTH_POSTGRES_JSONFIELD = True
 SOCIAL_AUTH_ADMIN_USER_SEARCH_FIELDS = ['username', 'first_name', 'last_name', 'email']
-SOCIAL_AUTH_GITHUB_SCOPE = ['read:user', 'user:email', 'read:org']
+SOCIAL_AUTH_GITHUB_SCOPE = ['read:user', 'user:email']
 SOCIAL_AUTH_SANITIZE_REDIRECTS = True
 
+#custom scopes
+SOCIAL_AUTH_GH_CUSTOM_KEY = GITHUB_CLIENT_ID
+SOCIAL_AUTH_GH_CUSTOM_SECRET = GITHUB_CLIENT_SECRET
+SOCIAL_AUTH_GH_CUSTOM_SCOPE = ['read:org', 'public_repo']
+
+
 SOCIAL_AUTH_PIPELINE = (
     'social_core.pipeline.social_auth.social_details', 'social_core.pipeline.social_auth.social_uid',
     'social_core.pipeline.social_auth.auth_allowed', 'social_core.pipeline.social_auth.social_user',

@@ -24,6 +24,7 @@
 from ipware.ip import get_real_ip
 from marketing.utils import get_or_save_email_subscriber
 from pyshorteners import Shortener
+from social_core.backends.github import GithubOAuth2
 from social_django.models import UserSocialAuth
 
 logger = logging.getLogger(__name__)
@@ -458,3 +459,15 @@ def get_profile(request):
         profile = sync_profile(request.user.username, request.user, hide_profile=False)
 
     return profile
+
+class CustomGithubOAuth2(GithubOAuth2):
+    EXTRA_DATA = [
+        ('scope', 'scope'),
+    ]
+    def get_scope(self):
+        scope = super(CustomGithubOAuth2, self).get_scope()
+        if self.data.get('extrascope'):
+            scope += ['public_repo', 'read:org']
+            from dashboard.management.commands.sync_orgs_repos import Command
+            Command().handle()
+        return scope
@@ -907,20 +907,17 @@ def get_orgs_perms(profile):
 
     response_data = []
     for org in orgs:
-        print(org)
         org_perms = {'name': org.name, 'users': []}
         groups = org.groups.all().filter(user__isnull=False)
         for g in groups: # "admin", "write", "pull", "none"
-            print(g)
             group_data = g.name.split('-')
             if group_data[1] != "role": #skip repo level groups
                 continue
-            print(g.user_set.prefetch_related('profile').all())
-            org_perms['users'].append(
-                *[{'handle': u.profile.handle,
-                   'role': group_data[2],
-                   'name': '{} {}'.format(u.first_name, u.last_name)}
-                for u in g.user_set.prefetch_related('profile').all()])
+            org_perms['users'] = [{
+                'handle': u.profile.handle,
+                'role': group_data[2],
+                'name': '{} {}'.format(u.first_name, u.last_name)
+            } for u in g.user_set.prefetch_related('profile').all()]
         response_data.append(org_perms)
     return response_data
 

@@ -218,6 +218,12 @@ def gh_login(request):
     return redirect('social:begin', backend='github')
 
 
+@csrf_exempt
+def gh_org_login(request):
+    """Attempt to redirect the user to Github for authentication."""
+    return redirect('social:begin', backend='gh-custom')
+
+
 def get_interest_modal(request):
     bounty_id = request.GET.get('pk')
     if not bounty_id:

@@ -708,11 +708,15 @@ def org_settings(request):
     """
     msg = ''
     profile, es, user, is_logged_in = settings_helper_get_auth(request)
+    current_scopes = []
 
     if not user or not profile or not is_logged_in:
         login_redirect = redirect('/login/github?next=' + request.get_full_path())
         return login_redirect
 
+    social_auth = user.social_auth.first()
+    if social_auth and social_auth.extra_data:
+        current_scopes = social_auth.extra_data.get('scope').split(',')
     orgs = get_orgs_perms(profile)
     context = {
         'is_logged_in': is_logged_in,
@@ -724,6 +728,7 @@ def org_settings(request):
         'orgs': orgs,
         'profile': profile,
         'msg': msg,
+        'current_scopes': current_scopes,
     }
     return TemplateResponse(request, 'settings/organizations.html', context)
 

@@ -1,30 +1,60 @@
 {% extends 'settings/settings.html' %}
 {% load i18n static avatar_tags %}
 {% block settings_content %}
-  <h2 class="font-bigger-2 text-center">Organization Permissions</h2>
-  <p class="text-center font-subheader text-black-50">The users below are able to fund, edit settings, approve contributors, and payout contributors on the bounties of the organization</p>
-  {% if orgs %}
-  {% for org in orgs %}
-    <div class="card my-5">
-      <div class="card-header bg-white d-flex align-items-center justify-content-between">
-        <div>
-          <img src="{% avatar_url org.name %}" class="rounded-circle mr-2" alt="{{org.name}}" width="32" height="32">
-          <b>{{org.name}}</b> <a href="{% url 'profile' org.name %}" class="font-smaller-2">view profile</a>
-        </div>
-        <a href="https://github.com/orgs/{{org.name}}/people" target="_blank"><i class="fab fa-github align-text-top font-bigger-1"></i> Manage on GitHub </a>
-      </div>
-      <div class="card-body">
-        {% for user in org.users %}
-          <div class="py-2 px-5 d-flex align-items-center">
-            <img src="{% avatar_url user.handle  %}" class="rounded-circle mr-3" alt="{{user.handle}}" width="52" height="52">
-            <div class="d-flex flex-column">
-              <span>{{user.name}}</span>
-              <a href="{% url 'profile' user.handle %}" class="font-smaller-1">{{user.handle}}</a>
+
+
+  {% if 'public_repo' in current_scopes and 'read:org' in current_scopes %}
+    <h2 class="font-bigger-2 text-center">Organization Permissions</h2>
+    <p class="text-center font-subheader text-black-50">The users below are able to fund, edit settings, approve contributors, and payout contributors on the bounties of the organization</p>
+    {% if orgs %}
+      {% for org in orgs %}
+        <div class="card my-5">
+          <div class="card-header bg-white d-flex align-items-center justify-content-between">
+            <div>
+              <img src="{% avatar_url org.name %}" class="rounded-circle mr-2" alt="{{org.name}}" width="32" height="32">
+              <b>{{org.name}}</b> <a href="{% url 'profile' org.name %}" class="font-smaller-2">view profile</a>
             </div>
+            <a href="https://github.com/orgs/{{org.name}}/people" target="_blank"><i class="fab fa-github align-text-top font-bigger-1"></i> Manage on GitHub </a>
           </div>
-        {% endfor %}
+          <div class="card-body">
+            {% for user in org.users %}
+              <div class="py-2 px-5 d-flex align-items-center">
+                <img src="{% avatar_url user.handle  %}" class="rounded-circle mr-3" alt="{{user.handle}}" width="52" height="52">
+                <div class="d-flex flex-column">
+                  <span>{{user.name}}</span>
+                  <a href="{% url 'profile' user.handle %}" class="font-smaller-1">{{user.handle}}</a>
+                </div>
+              </div>
+            {% endfor %}
+          </div>
+        </div>
+      {% endfor %}
+    {% else %}
+      <p class="text-center my-4 font-bigger-1 text-black-60">No organization permissions found</p>
+    {% endif %}
+
+  {% else %}
+    <div class="row">
+      <div class="col-md-5 m-auto text-center">
+        <h2 class="mb-5">Create an Organization</h2>
+        <img src="{% static "v2/images/org-robots.png" %}" alt="Org bots" class="mw-100">
+        <p class="font-bigger-1 mt-5 font-weight-semibold">
+          Funders in an organization can:
+        </p>
+        <ul class="list-unstyled text-left text-black-70 ml-4">
+          <li>✅ Fund issues on behalf of other team members</li>
+          <li>✅ Modify bounty settings on behalf of other team members</li>
+          <li>✅ Approve contributors for bounties on behalf of other team members</li>
+          <li>✅ Payout bounties created on behalf of other team members</li>
+        </ul>
+
+        <a class="btn btn-lg btn-gc-blue mt-4" href="{% url 'social:begin' 'github' %}?next={{ request.path }}&extrascope=orgs"
+          >
+          <i class="fab fa-github"></i>
+          <span>{% trans "Sync with GitHub" %}</span>
+        </a>
       </div>
     </div>
-    {% endfor %}
   {% endif %}
+
 {% endblock %}