Skip to content
This repository has been archived by the owner on Nov 18, 2021. It is now read-only.

Allow assignment of issues to non-collaborators #100

Closed
patcon opened this issue Sep 17, 2013 · 69 comments
Closed

Allow assignment of issues to non-collaborators #100

patcon opened this issue Sep 17, 2013 · 69 comments

Comments

@patcon
Copy link

patcon commented Sep 17, 2013

Context: drush-ops/drush#88 (comment)

Currently, if a potential contributor want's to publicly assign themselves to a particular issue, they apparently must be granted push access to the repo. This makes it difficult for a potential contributor to "bookmark" an issue for later effort, making full use of this issue listing:
https://github.com/dashboard/issues/assigned?direction=asc&sort=updated&state=open

(Alternatively, "push" access collaborators should also be able to assign issues to themselves. Specifically reticketed this is #153)

cc: @greg-1-anderson

(Sent an email to [email protected]. Will publish response here. Whoop whoop!)

@patcon
Copy link
Author

patcon commented Sep 17, 2013

Email sent!

Hey @jgreet! (Worth a shot, right?)

Just filed a ticket here if you would be so kind as to add it to your internal issue tracker:
#100

Thanks yo!

Patrick

Also, here is some daily double-bear-learning:

Bears are mammals of the family Ursidae. Bears are classified as caniforms, or doglike carnivorans, with the pinnipeds being their closest living relatives. Although only eight species of bears are extant, they are widespread, appearing in a wide variety of habitats throughout the Northern Hemisphere and partially in the Southern Hemisphere. Bears are found on the continents of North America, Central America, South America, Europe, and Asia.

Common characteristics of modern bears include large bodies with stocky legs, long snouts, shaggy hair, plantigrade paws with five nonretractile claws, and short tails. While the polar bear is mostly carnivorous and the giant panda feeds almost entirely on bamboo, the remaining six species are omnivorous, with varied diets.

Bears are mammals of the family Ursidae. Bears are classified as caniforms, or doglike carnivorans, with the pinnipeds being their closest living relatives. Although only eight species of bears are extant, they are widespread, appearing in a wide variety of habitats throughout the Northern Hemisphere and partially in the Southern Hemisphere. Bears are found on the continents of North America, Central America, South America, Europe, and Asia.

Common characteristics of modern bears include large bodies with stocky legs, long snouts, shaggy hair, plantigrade paws with five nonretractile claws, and short tails. While the polar bear is mostly carnivorous and the giant panda feeds almost entirely on bamboo, the remaining six species are omnivorous, with varied diets.

@patcon
Copy link
Author

patcon commented Oct 24, 2013

Oops. Forgot to post response:

Hey Patrick,

Sure thing, I've added assigning issues to non-collaborators to our internal feature request list.

Thanks for the feedback and the link to the original discussion.

Cheers,
John

@sindresorhus

This comment has been minimized.

@weitzman

This comment has been minimized.

@mottosso
Copy link

Has this been added yet?

@paazmaya
Copy link

paazmaya commented Sep 9, 2014

Would make life easier 👍

@sboeser
Copy link

sboeser commented Nov 10, 2014

I would also quite like this 👍

@ThomasAy
Copy link

I would love this 👍

@PhantomYdn
Copy link

Fully agree with this request 👍

@mgechev

This comment has been minimized.

@aniav
Copy link

aniav commented Jun 4, 2015

Definitelly would want that!

@craftworkgames

This comment has been minimized.

@ldemailly
Copy link

want ! ty

@le4ker

This comment has been minimized.

4 similar comments
@elennick
Copy link

elennick commented Dec 5, 2015

+1

@thejmazz
Copy link

thejmazz commented Feb 7, 2016

+1

@rbeauchamp
Copy link

+1

@dolftax
Copy link

dolftax commented Feb 8, 2016

👍

@clarkbw clarkbw added the issues label Feb 26, 2019
@kkm000
Copy link

kkm000 commented Mar 23, 2019

This issue started its long life in 2013, and has been open for 2013 days as of today (just a little over five and a half years). Happy birthday utterly irrelevant numerical coincidence, our dear senior feature request! 🍾🍾🍾 Hope your life is comfortable on the internal feature list--you must have hundreds of friends there!

I sincerely wish you be taken care of during the next 5.5 years! If you and #1131 are both fixed before the Sun engulfs the Earth, we'll even be able to track our issues on GitHub, not on napkins, grocery receipts and banana peels, as we do it now!

@clarkbw
Copy link
Collaborator

clarkbw commented Apr 5, 2019

We're looking into this. Being able to assign anyone randomly is an abuse vector because I can create an issue with an abusive title and assign a person to it to harass them. To prevent this we're likely to require that a person has interacted with repository in some fashion via commits or commenting in an issue; a low enough bar that limits abuse.

@kkm000
Copy link

kkm000 commented Apr 5, 2019

@clarkbw, thank you, I think this is a great idea! No additional setup, no need to add collaborators to a list, or do anything at all. Super!!! I would love to see it implemented this way!

@yatil
Copy link

yatil commented Apr 5, 2019

@clarkbw That would be incredibly useful for us at @w3c. Maybe just allowing it for organizations and not for individual repositories could be another way to limit the abuse vector. (Thanks for thinking about that, btw., it is an important consideration!)

@bazzilic
Copy link

bazzilic commented Apr 5, 2019

@yatil Bulletproof plan. These stupid spammers and abusers will never figure out how to create an organisation!

@clarkbw Great to hear that you guys are working on this! If a person follows/starred a repository, wouldn't this be enough for the repo owner to be able to assign issues to them?

@TPS
Copy link
Collaborator

TPS commented Apr 5, 2019

@clarkbw I don't quite understand how that abuse potential isn't easily averted: Wouldn't a simple invitation system solve it? (That's not saying the backend would be easy!) E.g., a user w/ rights assigns whomever. Said whomever receives UI/e-mail invite to accept assignment to issue. If declining, can do so semi-permanently (like "Block Users" UI, easily reversible) per inviter/repo/org/whatever.

@TPS TPS added the WIP label Apr 5, 2019
@clarkbw
Copy link
Collaborator

clarkbw commented Apr 5, 2019

@TPS that system is elegant even through it takes some backend work. The issue is then with notifications. Imagine I keep creating issues with the title “TPS is stupid” and you get those in your inbox. You could imagine a 1 step abstraction where we notify you of an invitation without the title. But eventually you’ll need to see the title or content to know it’s valid. Blocking at this stage is valid and means you should only see this thing once. But our research so far shows that assigning to someone who has never participated in the repo at all is a very low occurrence event. It seems like a good compromise to ask that someone participate even a little before they can be assigned. Perhaps later we’ll find you’re right and we need to expand it, but that’s ok; we can do that after. Or further research could change our minds now. Still investigating.

@TPS
Copy link
Collaborator

TPS commented Apr 6, 2019

@clarkbw I agree an assignee should've had some interaction w/ the repo/org/assigner/whatever. But I believe that invitation system is necessary on top of that, perhaps w/ Settings toggles:

  • Automatically accept all assignments w/o invitation {default OFF, please}
  • Allow invitations to assignment when I
    • Open PR/issue
    • Comment in
      • reply to [usergroup w/ appropriate rights, whatever's that's called 🤔]
      • PR/issue
      • repo
      • org
    • Have no relationship whatsoever {default OFF, please}

@kkm000
Copy link

kkm000 commented Apr 7, 2019

@TPS, an invitation system is a non-starter. With it, instead of tracking issue assignment to non-members on banana peels, I would be tracking (a) invitations to non-members to become "assignees" sent/responded/unresponded on banana peels, and also (b) issues assigned to non-bemebers who blocked the invitation with your battery of checkboxes. Look, you just stabbed the whole idea in the heart.

As I understood @clarkbw's idea, I would be able to assign the issue the guy who said "Ok, I'm taking it" so I do not lose track of the ticket. If the guy never said anything in my repo, I won't be able to assign the issue (nor do I want to).

Besides, I would call someone who first posts a message "ok, I'll do that" and then cuts all communication not an “extraordinarily privacy-conscious user”, but rather “a windbag.” I do not think we need a special checkbox for this.

@TPS
Copy link
Collaborator

TPS commented Apr 7, 2019

Well, @kkm000 & @clarkbw, IMHO, you can't have absolutely both @ the same time: either this will be convenient (for assigners) or protecting from abuse (for assignees). I'd advise defaulting those suggested settings above as y'all mentioned for assigner's convenience, but notifying assigners immediately upon assignment if the assignee's preferences prevent such (since I expect most folks to leave defaults mostly as-is). (N.B.: I added an additional toggle to the above settings mockup for those who'd like willy-nilly assignment! 🤷🏾‍♂️)

Besides, @kkm000, assigning an issue shouldn't prevent an assignee unassigning themselves, nor does it ensure that they'll actually accomplish the assignment! Any which way, the assigner still has the responsibility to check on progress, even if they're not actually expecting to do whatever themselves!

@mekarpeles
Copy link

mekarpeles commented May 2, 2019

Been hoping for this for months:

  1. request to be assigned to an issue (without having read / write access)
  2. ability to assign someone to an issue (or at least invite assignment w/o them having read / write access)

We're looking into this. Being able to assign anyone randomly is an abuse vector because I can create an issue with an abusive title and assign a person to it to harass them.

I don't buy it. Such abuse can and likely does happen anyway as one can tag anyone in such issues as described. People who abuse the system should be labeled as abusers and this shouldn't be a limiter on effective user experience for the "rest of us".

To prevent this we're likely to require that a person has interacted with repository in some fashion via commits or commenting in an issue; a low enough bar that limits abuse.

This doesn't prevent any attack vectors. The reason a person is getting assigned to a task is presumably an admin on the project is vouching for the user (unless the user is attempting to assign themselves, which perhaps would require approval).

I think the egregious case is where a user doesn't want to be associated with a project or an issue, in which case there should be a separate feature for a patron to block a project or an account and sidestep this problem completely. Again, this doesn't seem very different from if a user were to be tagged in a comment (rather than assigned). e.g. Facebook allows a user to "untag" themselves from a post. It would be absurd for Facebook to prevent tagging (unless perhaps a user had configured such a setting). These two use cases (perceived abuse vectors, project management affordances) shouldn't be conflated together -- both problems should be solved independently and not to each other's exclusion. Security not at the expense of making it easy for new patrons to meaningfully contribute and feel welcomed in a community.

Idea: Why not pending Assignees? Show "User Assigned [pending]".

Right now one can work around this by creating Assigned-to: @person labels which feels like is a complete hack.

@alallier
Copy link

GitHub now allows you to assign issues to issue commenters

@scottcwilson
Copy link

scottcwilson commented Jul 15, 2020

It would be great if we could go just a bit further and be allowed to assign issues to anyone who has contributed to the project. Right now it's three steps (ask them to comment, they comment, you assign); would be better if it was one step.

@mistercrunch
Copy link

Looks like giving the Read role allows assigning issues to them.
Screen Shot 2020-10-15 at 11 00 01 PM
source

Not the ideal solution in all cases, but it may work for some of the people who commented here.

@TPS
Copy link
Collaborator

TPS commented Oct 16, 2020

@mistercrunch Sadly, this seems available only among members of the same org, so no cross-/non-org assignment via this read permission. It'd be great to have this ability expanded globally!

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests