docs/github-sync.md specifies the can_edit / can_delete affordance rules across edit and delete actions, and gitcabin.permissions implements them. But the actual mutations don't exist yet — only closeIssue does, and only a permission check is wired in.
For the can_edit work to be meaningful end-to-end, we need at least:
- updateIssue (body / title) with can_edit_issue gate.
- updateIssueComment with can_edit_comment gate.
- deleteIssueComment with can_delete_comment gate.
Each new mutation must call the corresponding permissions helper before mutating storage. Tests should cover both author and non-author paths.
docs/github-sync.md specifies the can_edit / can_delete affordance rules across edit and delete actions, and gitcabin.permissions implements them. But the actual mutations don't exist yet — only closeIssue does, and only a permission check is wired in.
For the can_edit work to be meaningful end-to-end, we need at least:
Each new mutation must call the corresponding permissions helper before mutating storage. Tests should cover both author and non-author paths.