)]}'
{
  "commit": "d77146c5e0a6a08baa631a92b283b0bb5905f4ea",
  "tree": "ed48a6a73b7abbdcfba84fdf5adca48cc1f64d0d",
  "parents": [
    "43bb3b702e5a85b1b2ba8b7ed3aa2ab0523a9c5e"
  ],
  "author": {
    "name": "Dariusz Luksza",
    "email": "dariusz.luksza@gmail.com",
    "time": "Wed Dec 13 14:50:13 2023 +0000"
  },
  "committer": {
    "name": "Dariusz Luksza",
    "email": "dariusz.luksza@gmail.com",
    "time": "Wed Dec 13 15:16:37 2023 +0000"
  },
  "message": "Fallback to public organization information\n\nGitHub uses various access scopes for its REST API and users can\nchoose how much information they allow to access for the integrations.\nThe narrowest scope is `USER_EMAILl`, which grants only access to the\nuser\u0027s email address. It\u0027s important to note that the _Reviewer_ scope\non eclipse.gerrithub.io and review.gerrithub.io is only asking for\naccess to the email address.\n\nTo give users proper permissions in Gerrit we load information about\nuser teams and organizations. To read those GitHub requires one of\ntwo scopes `org:read` or `user`. None of those are included in the\n_Reviewer_ scope. Which led to an exception being thrown.\n\nAs we access organizations and teams API\u0027s from a cache loader, getting\nan exception meant that the value for the given user was never stored.\nThis then means that each call to user group membership would result in\nyet another attempt to load a cache entry and yet another exception. In\nthe end group membership cache for a user with scope _Reviewer_ will\nnever be computed. Which will result in poor page load time.\n\nWe already have a mitigation mechanism in place, that would fall to\n\"public organizations\" only, when teams cannot be accessed.\nUnfortunately, the GitHub REST API endpoint for \"public organizations\",\nwas still requiring \"org:read\" or \"user\" scopes. This means that for the\n_Reviewer_ scope this fallback never worked.\n\nThis change adds another fallback, this time to the real \"public\norganizations\" endpoint that doesn\u0027t require additional scopes. It also\nensures that we never use `getMyOrganizations()` call directly but\nalways go through the fallback route.\n\nBug: Issue 40014763\nChange-Id: I9647b9a1b6e30547f7780c785de37aa6ceb8001d\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "adfe5e3d00c98d783b7f85883bf482f1e210fe18",
      "old_mode": 33188,
      "old_path": "github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/GitHubLogin.java",
      "new_id": "02889a1c644f69bdab3f717bc2edd2220e73f6c7",
      "new_mode": 33188,
      "new_path": "github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/GitHubLogin.java"
    },
    {
      "type": "modify",
      "old_id": "0bca5702e91f792ad1171d1e58a3ece43e664c87",
      "old_mode": 33188,
      "old_path": "github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/OAuthWebFilter.java",
      "new_id": "20b80bd3fdf84f17641d1bb73a73d8eba22dab1a",
      "new_mode": 33188,
      "new_path": "github-oauth/src/main/java/com/googlesource/gerrit/plugins/github/oauth/OAuthWebFilter.java"
    },
    {
      "type": "modify",
      "old_id": "a5301e9fc8146bb56a7699ef206ea645164498fc",
      "old_mode": 33188,
      "old_path": "github-plugin/src/main/java/com/googlesource/gerrit/plugins/github/group/GitHubGroupsCache.java",
      "new_id": "8f9c776067f68f3201259107afa01fc793a7f4b2",
      "new_mode": 33188,
      "new_path": "github-plugin/src/main/java/com/googlesource/gerrit/plugins/github/group/GitHubGroupsCache.java"
    }
  ]
}