#569 part 2 : Add Organization Blocking Users API

[varadarajana]

This is continuation of #569. I have made a first cut for review here.

[googlebot]

So there's good news and bad news.

👍 The good news is that everyone that needs to sign a CLA (the pull request submitter and all commit authors) have done so. Everything is all good there.

😕 The bad news is that it appears that one or more commits were authored by someone other than the pull request submitter. We need to confirm that they're okay with their commits being contributed to this project. Please have them confirm that here in the pull request.

Note to project maintainer: This is a terminal state, meaning the cla/google commit status will not change from this state. It's up to you to confirm consent of the commit author(s) and merge this pull request when appropriate.

[dmitshur]

@varadarajana The commits in this PR are currently identical to the commits in PR #600, which we already merged (as d23570d).

[varadarajana]

@shurcooL sorry, I missed pushing my code. Now it is done. you can check commit 7377254.

[dmitshur]

This mostly looks really good. No major issues.

I left 2 inline comments. One you should address (about admin:org scope TODO comments). The other one, I'm waiting to hear back from GitHub support. If they take too long to respond, we can proceed merging this without waiting.

[dmitshur]

Hmm. It's really surprising to see user/%v/blocks/%v here, instead of orgs/%v/blocks/%v.

However, I can see it matches with what the GitHub API says at https://developer.github.com/v3/orgs/blocking/#unblock-a-user.

But I suspect it's a mistake on their part. Look at how it's inconsistent compared to the user-specific blocks (on the right hand side):

This is worthy of sending them an email to clarify. I've done that just now, and I'll report back here when I hear back from them.

[varadarajana]

@shurcooL Thank you, I never realized the URL seems incorrect.

[dmitshur]

You have this // TODO: add a check for scope to be admin:org in 8 places. You also asked:

I have a question. While i was reading the Blocking Users (Organizations) API, I find the following lines:

The token used to authenticate the call must have the admin:org scope in order to make any
blocking calls for an organization. Otherwise, the response returns HTTP 404.

In authorizations.go we have all the scopes defines. I do not see any references to scope anywhere? Is there a central place where this scope validation is done?

Let me answer that here. That note is meant for users of GitHub API. When authenticating, they need to make sure the token they're using has that scope.

There's nothing we need to do for these endpoints inside go-github, that information is for users of go-github. Authentication is orthogonal matter, see https://github.com/google/go-github#authentication.

So, nothing needs to be done here, and you can safely remove these TODOs.

However, if you want, you can add that note to the documentation for these 4 endpoints. E.g.:

// ListBlockedUsers lists all the users blocked by an organization.
//
// The token used to authenticate the call must have the admin:org scope
// in order to make any blocking calls for an organization. Otherwise,
// the response returns HTTP 404.
//
// GitHub API docs: https://developer.github.com/v3/orgs/blocking/#list-blocked-users

We generally don't try to document this for all endpoints, people are expected to read GitHub API documentation to figure out what scopes are required. So I'm not sure if it's worth doing or not just here.

[varadarajana]

Thank you @shurcooL . I do not think there is a need to document this at end point since one needs to follow the API documentation. I have removed the TODO.

[dmitshur]

LGTM. One optional inline comment.

We don't necessarily need to block on a response from GitHub about the strange path. When they reply, if anything needs to be done, we can update it then.

Thanks @varadarajana.

You don't need to do it for this PR, but in the future, please try to have a cleaner PR containing only the relevant commits. You should rebase or cherry-pick your work onto latest master of go-github before sending a PR. That makes reviewing it easier. See https://github.com/servo/servo/wiki/Github-workflow and https://github.com/servo/servo/wiki/Beginner's-guide-to-rebasing-and-squashing for helpful resources on the topic.

[dmitshur]

Is there a reason this test uses "o1" and "u1", while the rest use "o" and "u"? It seems a little inconsistent.

[varadarajana]

@shurcooL I was in a debugging effort and trying out combinations of URL. that's where I out o1 and u1. For consistency as you have mentioned, I have replaced o1 and u1 with o and u.

[dmitshur]

About #620 (comment), I got a reply from GitHub support:

Thanks for reporting this, Dmitri -- that looks like a bug in the docs. It should be /orgs/:org/blocks/:user. I'll ask our documentation team to fix that up.

[dmitshur]

Therefore, this should be changed to "orgs/%v/blocks/%v".

[varadarajana]

@shurcooL I have made these changes in the latest checkin.

[gmlewis]

LGTM after @shurcooL's comments are addressed.
Thank you, @varadarajana and @shurcooL!

[gmlewis]

Obviously, this line will be changed too once @shurcooL's comments are addressed, to make the tests pass.

[dmitshur]

LGTM. Thanks @varadarajana!