GitHub API v3: Determine if user is an Owner of an Organization

Question

It's easy to determine if a User is a member of a Team if you know the id:

GET /teams/:id/members/:user

But how can one easily determine the ID of the special "Owners" team that every Organization has?

As far as I can tell, the only way is to retrieve a full list of all Teams (which I assume may be multiple pages?) and walk through them until you find one with the name "Owners".

This is doable of course, but it's uncharacteristically inconvenient for GitHub's otherwise fantastic API. ;)

For what it's worth, I've tried the following (with no luck):

GET /orgs/:organization/teams?name=Owners # Lists all teams
GET /orgs/:organization/owners            # 404

Just to be clear, I've made sure to use a token associated with the user that owns the organization in question, so there shouldn't be any authorization issues.

Answer 1

There is currently no easy way to check if a user is in the owners team. Thanks for the cool feature suggestion, though! ;)

A hacky workaround would involve performing a non-destructive operation which only owners are allowed to do. If the operation succeeds - the authenticated user is an owner.

For example, you could try editing the organization's settings by sending an empty JSON hash:

$ curl -v -X PATCH -d '{}' https://api.github.com/orgs/:org?access_token=TOKEN

If this returns a 200 status code, the user is an owner. A 404 status code signals otherwise.

Hopefully we can provide a more elegant solution in the future.

Answer 2

As an alternative, quicker solution, you can use the memberships API to get details about the authenticated user's membership to each organization they belong to.

The request is simply GET /user/memberships/orgs?state=active, and the response looks like this:

[
  {
    "state": "active",
    "role": "admin",
    "organization": {
      "login": "octocat",
      "id": 1,
    },
    "user": {
      "login": "defunkt",
      "id": 3,
      "gravatar_id": "",
      "type": "User",
      "site_admin": false
    }
  },
  {
    "state": "active",
    "role": "member",
    "organization": {
      "login": "invitocat",
      "id": 2,
    },
    "user": {
      "login": "defunkt",
      "id": 3,
      "gravatar_id": "",
      "type": "User",
      "site_admin": false
    }
  }
]

The important field to note is role; we only want "role": "admin".

I'm not sure that this guarantees that the user is a member of Owners, but it does indicate that they have administrative powers of the organization.