@@ -634,6 +634,19 @@ def _get_default_repository_permission(self):
634634 self .org .default_repository_permission
635635 )
636636
637+ def _permission1_higher_than_permission2 (self , permission1 : str , permission2 : str ) -> bool :
638+ """Check whether permission 1 is higher than permission 2"""
639+ perms_ranking = ["admin" , "maintain" , "push" , "triage" , "pull" , "" ]
640+
641+ def get_rank (permission ):
642+ return perms_ranking .index (permission ) if permission in perms_ranking else 99
643+ rank_permission1 = get_rank (permission1 )
644+ rank_permission2 = get_rank (permission2 )
645+
646+ # The lower the index, the higher the permission. If lower than
647+ # permission2, return True
648+ return rank_permission1 < rank_permission2
649+
637650 def sync_repo_collaborator_permissions (self , dry : bool = False ):
638651 """Compare the configured with the current repo permissions for all
639652 repositories' collaborators"""
@@ -664,15 +677,16 @@ def sync_repo_collaborator_permissions(self, dry: bool = False):
664677 except KeyError :
665678 config_perm = self .default_repository_permission
666679
667- # TODO: Evaluate whether current permission is higher than
668- # configured permission
669- if current_perm != config_perm :
680+ # Evaluate whether current permission is higher than configured
681+ # permission
682+ if self . _permission1_higher_than_permission2 ( current_perm , config_perm ) :
670683 # Find out whether user has these unconfigured permissions
671684 # due to being member of an unconfigured team. Check whether
672685 # these are the same permissions as the team would get them.
673686 unconfigured_team_repo_permission = self .unconfigured_team_repo_permissions .get (
674687 repo .name , {}
675688 ).get (username , "" )
689+
676690 if unconfigured_team_repo_permission :
677691 if current_perm == unconfigured_team_repo_permission :
678692 logging .info (
0 commit comments