xtr.dev/payload-billing
1
0
Fork 0
mirror of https://github.com/xtr-dev/payload-billing.git synced 2025-12-10 02:43:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: add comprehensive user permission controls for Claude workflows

Browse Source 
- Add multi-level permission checking for issue implementation workflow
- Support multiple permission strategies: privileged users, admins only, combined, org-based
- Add permission validation with detailed error messages
- Restrict code review workflow to privileged users and repository members
- Create permission configuration file (.github/claude-config.json)
- Add comprehensive permission documentation

Permission strategies available:
- Privileged users only (most restrictive)
- Repository admins only
- Admins OR privileged users (default)
- Organization members with write access
- Everyone with write access (least restrictive)

Current configuration:
- Issue implementation: admins OR privileged users (bastiaan, xtr-dev-team)
- Code reviews: privileged users and repository members only

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Bas van den Aakster
2025-09-18 21:16:51 +02:00
parent bfa214aed6
commit 534b0e440f
5 changed files with 310 additions and 222 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
.github/workflows/claude-code-review.yml vendored
View File

@@ -12,11 +12,23 @@ on:
jobs:
claude-review:
# Optional: Filter by PR author
# Permission filter: Only allow specific users or admins to trigger reviews
if: |
contains(fromJSON('["bastiaan", "xtr-dev-team"]'), github.event.pull_request.user.login) ||
github.event.pull_request.author_association == 'OWNER' ||
github.event.pull_request.author_association == 'MEMBER'
# Alternative filters (comment out the above and use one of these):
# Only for external contributors:
# if: github.event.pull_request.author_association == 'FIRST_TIME_CONTRIBUTOR'
# Only for specific users:
# if: contains(fromJSON('["username1", "username2"]'), github.event.pull_request.user.login)
# Only for non-admins (let admins skip review):
# if: |
# github.event.pull_request.user.login == 'external-contributor' ||
# github.event.pull_request.user.login == 'new-developer' ||
# github.event.pull_request.author_association == 'FIRST_TIME_CONTRIBUTOR'
# github.event.pull_request.author_association != 'OWNER' &&
# github.event.pull_request.author_association != 'MEMBER'
runs-on: ubuntu-latest
permissions: