Slack: Allow granular user authorizations
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
About
To perform certain actions on GitLab from Slack (like create and read issue data) a user authorizes a connection between Slack and GitLab.
Problem
The authorization is not granular, and as GitLab adds new features, the scope of what the authorization does can increase. This can lead to two issues:
- The user can not opt-in to only some authorizations, for example, reading issue data rather than creating it.
- The authorization can increase in scope later without the user being aware. For example, when GitLab adds a new feature that allows Slack to do more to GitLab data.
Proposal
Scope a user's authorization to specific things that can be done in GitLab on behalf of a user through Slack.
Perform authorizations through a class that checks their authorization scopes in addition to performing regular GitLab permission checks on objects.
Update the Authorize page with checkboxes to allow the user to opt-out of certain scopes if they wish.
Handle UX implications of what to do when the user's authorized scopes should increase before they can perform some action, probably through prompting the user to increase the scope of their authorization.