Page MenuHomePhabricator

[keyserver] Migration to recalculate all permissions
ClosedPublic

Authored by ashoat on Aug 7 2024, 1:36 PM.
Tags
None
Referenced Files
F3387837: D13019.diff
Fri, Nov 29, 11:23 AM
Unknown Object (File)
Wed, Nov 20, 3:43 AM
Unknown Object (File)
Wed, Nov 20, 3:43 AM
Unknown Object (File)
Wed, Nov 20, 3:40 AM
Unknown Object (File)
Wed, Nov 20, 2:44 AM
Unknown Object (File)
Tue, Nov 12, 5:38 PM
Unknown Object (File)
Fri, Nov 8, 4:14 AM
Unknown Object (File)
Oct 30 2024, 7:01 AM
Subscribers
None

Details

Summary

In order to update the permissions to fix ENG-8953, it's necessary to recalculate all of them.

We normally try to sync changes like this with client migrations to avoid introducing inconsistencies. However, in this case it's too hard for the keyserver to be able to respond differently to old clients versus new changes. Because the permissions changes here affect propagation from parent to child, the keyserver would either need to maintain two sets of permissions in MariaDB, or else to calculate the permissions on-the-fly by fetching all of a thread's ancestors.

Calling updateRolesAndPermissionsForAllThreads should generate UPDATE_THREAD updates for every single (Comm user, Comm thread) pair. That's a lot of updates, but it will make sure that permissions are fixed. We've run migrations like this before (in fact, the very last one)... experience is that it usually causes about 15min of downtime.

Depends on D13018

Test Plan

The whole stack was tested as follows:

  1. Unit tests from D9686, which toggle user-surfaced permissions on and off and make sure no difference is caught. This ensures that the original issue introduced in D9686 isn't reintroduced
  2. Careful review of each descendant permission removed in D9686
  3. Create a community as userA and add userB. Grant tagging permissions to all members. Make sure userB can tag inside non-root channels
  4. Do above, then create a channel without userB, and make sure userB can't tag there either (or do anything other than view). This is the repro described here
  5. Do above, but also create a thread inside the channel (as userA) and make sure userB can't do anything inside the thread other than view, until they join the parent channel

Diff Detail

Repository
rCOMM Comm
Lint
No Lint Coverage
Unit
No Test Coverage

Event Timeline

Harbormaster returned this revision to the author for changes because remote builds failed.Aug 7 2024, 1:59 PM
Harbormaster failed remote builds in B30992: Diff 43236!
ashoat requested review of this revision.Aug 7 2024, 1:59 PM
This revision is now accepted and ready to land.Aug 9 2024, 2:18 AM
This revision was landed with ongoing or failed builds.Aug 9 2024, 7:28 PM
This revision was automatically updated to reflect the committed changes.