From 6df35a2f30aae7538292be62f06e52ca2ab80ce1 Mon Sep 17 00:00:00 2001
From: Caleb <inchristalway-tech4him@yahoo.com>
Date: Sat, 19 Aug 2017 12:32:57 -0600
Subject: [PATCH 1/2] Fix denied login for users with many repos.

`isCollaborator` was created in #491 to block login if a user did not have write (push) permissions to a repo, by going through the list of a users repos until it found the right one. It did not institute pagination, however, so if a user had enough repos that the one in question was on another page, the CMS would assume that they did not have permission and block the login.

This commit fixes the problem by calling the API for the specific repo instead of getting the whole list.
---
 src/backends/github/API.js | 16 ++++++----------
 1 file changed, 6 insertions(+), 10 deletions(-)

diff --git a/src/backends/github/API.js b/src/backends/github/API.js
index 68ed693f..a8c2d1b3 100644
--- a/src/backends/github/API.js
+++ b/src/backends/github/API.js
@@ -20,16 +20,12 @@ export default class API {
   }
 
   isCollaborator(user) {
-    return this.request('/user/repos').then((repos) => {
-      let contributor = false
-      for (const repo of repos) {
-        if (repo.full_name.toLowerCase() === this.repo.toLowerCase() && repo.permissions.push) contributor = true;
-      }
-      return contributor;
-    }).catch((error) => {
-      console.error("Problem with response of /user/repos from GitHub");
-      throw error;
-    })
+    return this.request(this.repoURL)
+      .then(repo => repo.permissions.push)
+      .catch(error => {
+        console.error("Problem fetching repo data from GitHub");
+        throw error;
+      });
   }
 
   requestHeaders(headers = {}) {

From 0dd173a83fbb98f251700a49e6ad038b97b96ad1 Mon Sep 17 00:00:00 2001
From: Shawn Erquhart <shawn@erquh.art>
Date: Sun, 20 Aug 2017 16:02:57 -0400
Subject: [PATCH 2/2] rename isCollaborator to hasWriteAccess

---
 src/backends/github/API.js            | 2 +-
 src/backends/github/implementation.js | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/backends/github/API.js b/src/backends/github/API.js
index a8c2d1b3..934e0c44 100644
--- a/src/backends/github/API.js
+++ b/src/backends/github/API.js
@@ -19,7 +19,7 @@ export default class API {
     return this.request("/user");
   }
 
-  isCollaborator(user) {
+  hasWriteAccess() {
     return this.request(this.repoURL)
       .then(repo => repo.permissions.push)
       .catch(error => {
diff --git a/src/backends/github/implementation.js b/src/backends/github/implementation.js
index 116f6789..8f978fa0 100644
--- a/src/backends/github/implementation.js
+++ b/src/backends/github/implementation.js
@@ -32,7 +32,7 @@ export default class GitHub {
     this.token = state.token;
     this.api = new API({ token: this.token, branch: this.branch, repo: this.repo, api_root: this.api_root });
     return this.api.user().then(user =>
-      this.api.isCollaborator(user.login).then((isCollab) => {
+      this.api.hasWriteAccess().then((isCollab) => {
         // Unauthorized user
         if (!isCollab) throw new Error("Your GitHub user account does not have access to this repo.");
         // Authorized user