Skip to content

Commit 3362dc5

Browse files
Clarify why enterprise IAT cannot delete an org (endpoint requires org-level administration permission)
1 parent d8def0c commit 3362dc5

1 file changed

Lines changed: 5 additions & 6 deletions

File tree

tests/Organizations.Tests.ps1

Lines changed: 5 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -177,12 +177,11 @@ Describe 'Organizations' {
177177
Update-GitHubOrganization -Name $orgName -Location 'New Location' -Context $orgContext
178178
}
179179

180-
# This test verifies that the enterprise IAT cannot delete an org — org-level operations
181-
# require an org installation (shown by the tests above). It is intentionally placed AFTER
182-
# Install-GitHubApp and the org-IAT tests so that if the enterprise app unexpectedly gains
183-
# organization_administration permission and this call succeeds instead of throwing, the
184-
# critical install/connect/update tests have already passed and the org deletion is
185-
# a no-op for those assertions. See issue #596.
180+
# GitHub's DELETE /orgs/{org} endpoint requires the app to have the org-level
181+
# `administration: write` permission. The enterprise IAT is enterprise-scoped and does not
182+
# carry org-level permissions, so this call is expected to fail regardless of which
183+
# enterprise permissions the app holds. An org-level IAT (obtained after Install-GitHubApp)
184+
# is required. See issue #596.
186185
It 'Remove-GitHubOrganization - Removes an organization using enterprise installation' -Skip:($OwnerType -ne 'enterprise') {
187186
{ Remove-GitHubOrganization -Name $orgName -Confirm:$false } | Should -Throw
188187
}

0 commit comments

Comments
 (0)