Use collaborator permission check instead of org membership

* Add write permissions for external PR workflow

* Use pulls.createReview instead of issues.createComment

* Revert to issues.createComment with proper permissions

.github/workflows/close-external-prs.yml

@@ -13,21 +13,25 @@ jobs:
     if: vars.DISABLE_EXTERNAL_PR_CHECK != 'true'
     runs-on: ubuntu-latest
     steps:
-      - name: Check if author is org member
+      - name: Check if author has write access
         uses: actions/github-script@v7
         with:
           script: |
-            const org = 'anthropics';
             const author = context.payload.pull_request.user.login;
 
-            try {
+            const { data } = await github.rest.repos.getCollaboratorPermissionLevel({
-              await github.rest.orgs.checkMembershipForUser({
+              owner: context.repo.owner,
-                org: org,
+              repo: context.repo.repo,
               username: author
             });
-              console.log(`${author} is an org member, allowing PR`);
+
-            } catch (e) {
+            if (['admin', 'write'].includes(data.permission)) {
-              if (e.status === 404) {
+              console.log(`${author} has ${data.permission} access, allowing PR`);
+              return;
+            }
+
+            console.log(`${author} has ${data.permission} access, closing PR`);
+
             await github.rest.issues.createComment({
               owner: context.repo.owner,
               repo: context.repo.repo,
@@ -41,7 +45,3 @@ jobs:
               pull_number: context.payload.pull_request.number,
               state: 'closed'
             });
-
-                console.log(`Closed PR from external contributor: ${author}`);
-              }
-            }