feat: add API permission scopes for custom features #697
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Summary
Our custom features (licensing, metadata, update server, issue statuses, wiki extensions, org branch protection) currently lack proper API token permission scopes. Any token with basic repo access can call these endpoints. We need granular permission scopes so tokens can be restricted to only the features they need.
Features needing scopes
/api/v1/licensing/) - manage licenses, entitlements, activations, product tiers/api/v1/repos/{owner}/{repo}/metadata) - repo manifest/deploy fieldsApproach
scope:licensing,scope:metadata,scope:update_server)Acceptance Criteria