merge queue: queuing main (964a793) and #11827 together#11834
Closed
mergify[bot] wants to merge 2 commits into
Closed
merge queue: queuing main (964a793) and #11827 together#11834mergify[bot] wants to merge 2 commits into
mergify[bot] wants to merge 2 commits into
Conversation
Per-repository product enablement, including activating CI Insights, is
enforced at repository WRITE level via PUT /v1/products/{owner}/{repository}.
Only the org-level default-products configuration requires Integrations Admin.
Correct the security page so the documented model matches enforcement:
- Features Permissions: "Activate CI Insights on a repository" is write-level,
not Owner-only.
- Delegated Roles: Integrations Admin grants org-level default products and
third-party integrations, not per-repo product enablement; drop "activate
CI Insights" from CI Admin since per-repo activation is write-level, not a
delegated owner power.
- Tighten the Delegated Roles intro so its examples reference org-level
operations only.
Surfaced by HackerOne #3801915: a write collaborator activated CI Insights
and the reporter cited these rows as the owner-only boundary. The docs were
wrong; the access-control behavior is correct.
Fixes MRGFY-7644
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Change-Id: I90961aa435b34f468fec7921b6664bee5199e832
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🎉 This pull request has been checked successfully and will be merged soon. 🎉
Branch main (964a793) and #11827 are queued together for merge.
This pull request has been created by Mergify to check the mergeability of #11827.
You don't need to do anything. Mergify will close this pull request automatically when it is complete.
Required conditions of queue rule
defaultfor merge:schedule=Mon-Fri 09:00-17:30[Europe/Paris]title ~= ^(fix|feat|docs|style|refactor|perf|test|build|ci|chore|revert|ui)(?:\(.+\))?:#approved-reviews-by >= 2author = dependabot[bot]author = mergify-ci-botbody ~= (?ms:.{48,})#changes-requested-reviews-by = 0#review-requested = 0#review-threads-unresolved = 0check-success = buildcheck-success = lintcheck-success = testcheck-success = test-broken-linkslabel = ignore-broken-linkscheck-success=Cloudflare Pages-head-repo-full-name~=^Mergifyio/Required conditions to stay in the queue:
author != dependabot[bot]author != mergify-ci-bottitle ~= ^(fix|feat|docs|style|refactor|perf|test|build|ci|chore|revert|ui)(?:\(.+\))?:#approved-reviews-by >= 2author = dependabot[bot]author = mergify-ci-botbody ~= (?ms:.{48,})#changes-requested-reviews-by = 0#review-requested = 0#review-threads-unresolved = 0check-success = buildcheck-success = lintcheck-success = testcheck-success = test-broken-linkslabel = ignore-broken-linkscheck-success=Cloudflare Pages-head-repo-full-name~=^Mergifyio/