From 287bfcc4c717706ccadde951838b65dfb8b52ec8 Mon Sep 17 00:00:00 2001 From: Innokentii Konstantinov Date: Tue, 15 Oct 2024 16:23:10 +0800 Subject: [PATCH] Remove slack user chat:write scope (#5177) It was unused & caused customers frustration. DO NOT CONFUSE with bot permission chat:write, it's used & needed. --- docs/sources/manage/notify/slack/index.md | 6 ------ docs/sources/set-up/open-source/index.md | 1 - engine/apps/social_auth/backends.py | 2 +- 3 files changed, 1 insertion(+), 8 deletions(-) diff --git a/docs/sources/manage/notify/slack/index.md b/docs/sources/manage/notify/slack/index.md index af319b6b..46458107 100644 --- a/docs/sources/manage/notify/slack/index.md +++ b/docs/sources/manage/notify/slack/index.md @@ -108,12 +108,6 @@ This set of permissions is supporting the ability of Grafana OnCall to match use - **View user groups in your workspace** - **View profile details about people in your workspace** -### Perform actions as you - -- **Send messages on your behalf** — this permission may sound suspicious, but it's actually a general ability - to send messages as the bot: Grafana OnCall will not impersonate or post - using your handle to slack. It will always post as the bot. - ### Perform actions in channels & conversations - **View messages that directly mention @grafana_oncall in conversations that the app is in** diff --git a/docs/sources/set-up/open-source/index.md b/docs/sources/set-up/open-source/index.md index 5a3101a8..c838d656 100644 --- a/docs/sources/set-up/open-source/index.md +++ b/docs/sources/set-up/open-source/index.md @@ -122,7 +122,6 @@ oauth_config: scopes: user: - channels:read - - chat:write - identify - users.profile:read bot: diff --git a/engine/apps/social_auth/backends.py b/engine/apps/social_auth/backends.py index 997a787f..5f9a8fe9 100644 --- a/engine/apps/social_auth/backends.py +++ b/engine/apps/social_auth/backends.py @@ -9,7 +9,7 @@ from apps.auth_token.models import GoogleOAuth2Token, SlackAuthToken # Scopes for slack user token. # It is main purpose - retrieve user data in SlackOAuth2V2 but we are using it in legacy code or weird Slack api cases. -USER_SCOPE = ["channels:read", "identify", "chat:write", "users.profile:read", "users:read", "users:read.email"] +USER_SCOPE = ["channels:read", "identify", "users.profile:read", "users:read", "users:read.email"] # Scopes for slack bot token. # It is prime token we are using for most requests to Slack api.