Remove access from teams that are not specified in the config

[Chris-V]

Problem Description

What is actually happening

When I remove a team from the teams collection, said team is not removed from the repository's permissions.

What is the expected behavior

Only the teams listed under the teams should have access to the repository. If the teams key is missing from the configuration, I would expect the permissions to be handled from the repository's settings page.

I did not experiment with collaborators but I would expect a similar behavior.

Error output, if available

n/a

Context

Are you using the hosted instance of probot/settings or running your own?

Running my own

If running your own instance, are you using it with github.com or GitHub Enterprise?

GHEC

Version of probot/settings

safe-settings:2.0.0

Version of GitHub Enterprise

cloud

[decyjphr]

@Chris-V I'll make an emergency release for this. Uncommenting this would work. It shouldn't affect anything other than breaking some tests. Subsequently, I'll release a longer-term solution.

[Chris-V]

Sorry I didn't have a lot of time recently to test the fix. Thanks for the quick reply tho. I updated my test environment and team permissions are correctly applied 🎉

I'm facing a somewhat different issue with collaborators: the old collaborator is given the permission of the new collaborator. I had a quick look at the code and I didn't immediately see the cause. Dropping the repro steps here. I can open up a new issue if you prefer.

1. Manually give write permissions to user_x on repo_a
2. Update .github/repos/repo_a.yml with

   collaborators:
     - username: user_y
       permission: read

3. Notice the settings applied to repo_a: user_x now has read access to the repo. user_y is missing. The logs show a DELETE on user_x, but then a PUT for that same user with user_y's expected permission