Add links to GitHub oauth connection settings

app/blueprints/api/tokens.py

@@ -80,14 +80,13 @@ def create_edit_token(username, id=None):
 			token.owner = user
 			token.access_token = randomString(32)
 
+			# Store token so it can be shown in the edit page
+			session["token_" + str(token.id)] = token.access_token
+
 		form.populate_obj(token)
 		db.session.add(token)
-
 		db.session.commit() # save
 
-		# Store token so it can be shown in the edit page
-		session["token_" + str(token.id)] = token.access_token
-
 		return redirect(url_for("api.create_edit_token", username=username, id=token.id))
 
 	return render_template("api/create_edit_token.html", user=user, form=form, token=token, access_token=access_token)

app/blueprints/github/__init__.py

@@ -18,7 +18,7 @@ from flask import Blueprint
 
 bp = Blueprint("github", __name__)
 
-from flask import redirect, url_for, request, flash, abort, render_template, jsonify
+from flask import redirect, url_for, request, flash, abort, render_template, jsonify, current_app
 from flask_user import current_user, login_required
 from sqlalchemy import func
 from flask_github import GitHub
@@ -33,7 +33,13 @@ from wtforms import SelectField, SubmitField
 
 @bp.route("/github/start/")
 def start():
-	return github.authorize("", redirect_uri=url_for("github.callback"))
+	return github.authorize("", redirect_uri=abs_url_for("github.callback"))
+
+@bp.route("/github/view/")
+def view_permissions():
+	url = "https://github.com/settings/connections/applications/" + \
+			current_app.config["GITHUB_CLIENT_ID"]
+	return redirect(url)
 
 @bp.route("/github/callback/")
 @github.authorized_handler
@@ -141,7 +147,7 @@ def webhook():
 
 
 class SetupWebhookForm(FlaskForm):
-	event   = SelectField("Event Type", choices=[('create', 'New tag'), ('push', 'Push')])
+	event   = SelectField("Event Type", choices=[('create', 'New tag or GitHub release'), ('push', 'Push')])
 	submit  = SubmitField("Save")
 
 
@@ -185,7 +191,7 @@ def setup_webhook():
 	form = SetupWebhookForm(formdata=request.form)
 	if request.method == "POST" and form.validate():
 		token = APIToken()
-		token.name = "Github Webhook for " + package.title
+		token.name = "GitHub Webhook for " + package.title
 		token.owner = current_user
 		token.access_token = randomString(32)
 		token.package = package
@@ -196,6 +202,7 @@ def setup_webhook():
 
 		if handleMakeWebhook(gh_user, gh_repo, package, \
 				current_user.github_access_token, event, token):
+			flash("Successfully created webhook", "success")
 			return redirect(package.getDetailsURL())
 		else:
 			return redirect(url_for("github.setup_webhook", pid=package.id))

app/flatpages/help/release_webhooks.md

@@ -23,19 +23,20 @@ The process is as follows:
 
 ## Setting up
 
-### Github (automatic)
+### GitHub (automatic)
 
-1. Go to your package page.
+1. Go to your package's page.
 2. Make sure that the repository URL is set to a Github repository.
    Only github.com is supported.
-3. Go to "Create a release", and click "Setup webhook" at the top of the page.
+3. Go to "Releases" > "+", and click "Setup webhook" at the top of the create release
+   page.
    If you do not see this, either the repository isn't using Github or you do
    not have permission to use webhook releases (ie: you're not a Trusted Member).
 4. Grant ContentDB the ability to manage Webhooks.
-5. Set the event to either "New tag" or "Push". New tag is highlight recommended.
+5. Set the event to either "New tag or Github Release" (highly recommended) or "Push".
 
    N.B.: GitHub uses tags to power GitHub Releases, meaning that creating a webhook
-   on "new tag" will sync GitHub and ContentDB releases.
+   on "New tag" will sync GitHub and ContentDB releases.
 
 ### GitHub (manual)
 
@@ -48,7 +49,7 @@ The process is as follows:
 7. Set the events
   * If you want a rolling release, choose "just the push event".
   * Or if you want a stable release cycle based on tags,
-   choose "Let me select" > Branch or tag creation.
+    choose "Let me select" > Branch or tag creation.
 
 ### GitLab (manual)
 

app/templates/api/create_edit_token.html

@@ -21,7 +21,8 @@
 	<h1 class="mt-0">{{ self.title() }}</h1>
 
 	<div class="alert alert-warning">
-		{{ _("Use carefully, as you may be held responsible for any damage caused by rogue scripts") }}
+		{{ _("API Tokens allow scripts to act on your behalf.") }}
+		{{ _("Be careful with what/whom you share tokens with, as you are responsible for your account's actions.") }}
 	</div>
 
 	{% if token %}

app/templates/github/setup_webhook.html

@@ -20,4 +20,10 @@
 
 		{{ render_submit_field(form.submit) }}
 	</form>
+
+	<p class="mt-4">
+		You will need admin access to the repository.
+		When setting up hooks on an organisation,
+		<a href="{{ url_for('github.view_permissions') }}">make sure that you have granted access</a>.
+	</p>
 {% endblock %}

app/templates/users/profile.html

@@ -64,6 +64,7 @@
 									| <a href="{{ user.website_url }}" rel="nofollow">Website</a>
 								{% endif %}
 
+
 								{% if user == current_user %}
 									<br>
 									<small class="text-muted">
@@ -73,6 +74,16 @@
 								{% endif %}
 							</td>
 						</tr>
+
+						{% if user == current_user and user.github_username %}
+							<tr>
+								<td>Privacy:</td>
+								<td>
+									<a href="{{ url_for('github.view_permissions') }}">View ContentDB's GitHub Permissions</a>
+								</td>
+							</tr>
+						{% endif %}
+
 						{% if current_user.is_authenticated and current_user.rank.atLeast(current_user.rank.MODERATOR) %}
 						<tr>
 							<td>Admin</td>
@@ -115,7 +126,7 @@
 										</a>
 									{% endif %}
 								</td>
-							</tr>
+						</tr>
 							<tr>
 								<td>Password:</td>
 								<td>