Requesting role information via the /groups/{group_id}/roles/{role_id} endpoint does not return the permissions of a role.
Reproduction:
- Have an OAuth or API key with
group:readpermissions, and have a group in which you are a member of, in which you are able to view/read role permissions. - Retrieve your role id via the /groups/{group_id}/roles endpoint. This is necessary to request information for that role specifically.
- Make a request to the endpoint for that group, with a proper role id. The role must be your role in the group, as you are unable to view others’ role permissions unless you are the group owner.
- While most* other information about the role is correct, the permissions component is omitted from the response.
Image below:
This does not change if group:write permissions are also applied to the API/OAuth token.
Expected behavior
Permissions are displayed correctly when instead calling the /groups/{group_id}/roles endpoint, which would work fine in most cases aside from the fact that this latter endpoint is paginated, making it much harder to properly check role permissions in few requests.
Image below:
*While technically unrelated, the single role endpoint also omits other information about the role, like memberCount.