D9897.1765284913.diff
No OneTemporary
Actions

Size

6 KB

Referenced Files

None

Subscribers

None

D9897.1765284913.diff
View Options

	diff --git a/keyserver/src/creators/role-creator.js b/keyserver/src/creators/role-creator.js
	--- a/keyserver/src/creators/role-creator.js
	+++ b/keyserver/src/creators/role-creator.js
	@@ -1,14 +1,15 @@
	// @flow

	-import { getRolePermissionBlobs } from 'lib/permissions/thread-permissions.js';
	import {
	- universalCommunityPermissions,
	+ getRolePermissionBlobs,
	+ getUniversalCommunityRootPermissionsBlob,
	+} from 'lib/permissions/thread-permissions.js';
	+import {
	userSurfacedPermissionsSet,
	configurableCommunityPermissions,
	threadPermissions,
	} from 'lib/types/thread-permission-types.js';
	import type { ThreadType } from 'lib/types/thread-types-enum.js';
	-import { threadTypes } from 'lib/types/thread-types-enum.js';
	import type {
	RoleInfo,
	RoleModificationRequest,
	@@ -109,30 +110,23 @@
	.map(permission => [...configurableCommunityPermissions[permission]])
	.flat();

	- const rolePermissions = [
	- ...universalCommunityPermissions,
	- ...configuredPermissions,
	- ];
	-
	- // For communities of the type `COMMUNITY_ANNOUNCEMENT_ROOT`, the ability for
	- // the role to be voiced needs to be configured (i.e. the parameters should
	- // include the user-facing permission VOICED_IN_ANNOUNCEMENT_CHANNELS). This
	- // means we do not give 'voiced' permissions by default to all new roles. As
	- // a result, if the thread type is `COMMUNITY_ROOT`, we want to ensure that
	- // the role has the voiced permission.
	const { threadInfos } = await fetchThreadInfos(viewer, {
	threadID: community,
	});
	const threadInfo = threadInfos[community];

	- if (threadInfo.type === threadTypes.COMMUNITY_ROOT) {
	- rolePermissions.push(threadPermissions.VOICED);
	- }
	+ const universalCommunityPermissions =
	+ getUniversalCommunityRootPermissionsBlob(threadInfo.type);

	- const permissionsBlob = JSON.stringify(
	- Object.fromEntries(rolePermissions.map(permission => [permission, true])),
	+ const rolePermissions = Object.fromEntries(
	+ configuredPermissions.map(permission => [permission, true]),
	);

	+ const permissionsBlob = JSON.stringify({
	+ ...universalCommunityPermissions,
	+ ...rolePermissions,
	+ });
	+
	const row = [id, community, name, permissionsBlob, time];

	let query = SQL``;
	diff --git a/keyserver/src/scripts/validate-role-permissions.js b/keyserver/src/scripts/validate-role-permissions.js
	--- a/keyserver/src/scripts/validate-role-permissions.js
	+++ b/keyserver/src/scripts/validate-role-permissions.js
	@@ -1,10 +1,12 @@
	// @flow

	-import { getRolePermissionBlobs } from 'lib/permissions/thread-permissions.js';
	+import {
	+ getRolePermissionBlobs,
	+ getUniversalCommunityRootPermissionsBlob,
	+} from 'lib/permissions/thread-permissions.js';
	import {
	configurableCommunityPermissions,
	userSurfacedPermissions,
	- universalCommunityPermissions,
	} from 'lib/types/thread-permission-types.js';
	import { threadTypes } from 'lib/types/thread-types-enum.js';
	import { deepDiff, values } from 'lib/utils/objects.js';
	@@ -35,6 +37,9 @@
	const threadType = result.type;
	const threadDefaultRole = result.default_role.toString();

	+ const universalCommunityPermissions =
	+ getUniversalCommunityRootPermissionsBlob(threadType);
	+
	// Get the 'expected permissions' set for the role. If the role is
	// default (Members) or Admins, these permission blobs can be retrieved
	// by calling getRolePermissionBlobs with the threadType. Otherwise, the
	@@ -48,9 +53,7 @@
	} else if (roleName === 'Admins') {
	baseExpectedPermissionBlob = expectedPermissionBlobs.Admins;
	} else if (roleName) {
	- baseExpectedPermissionBlob = Object.fromEntries(
	- universalCommunityPermissions.map(permission => [permission, true]),
	- );
	+ baseExpectedPermissionBlob = universalCommunityPermissions;
	} else {
	baseExpectedPermissionBlob = {};
	}
	diff --git a/lib/permissions/thread-permissions.js b/lib/permissions/thread-permissions.js
	--- a/lib/permissions/thread-permissions.js
	+++ b/lib/permissions/thread-permissions.js
	@@ -16,7 +16,11 @@
	ThreadPermissionsInfo,
	ThreadRolePermissionsBlob,
	} from '../types/thread-permission-types.js';
	-import { type ThreadType, threadTypes } from '../types/thread-types-enum.js';
	+import {
	+ type ThreadType,
	+ type CommunityRootThreadType,
	+ threadTypes,
	+} from '../types/thread-types-enum.js';

	function permissionLookup(
	permissions: ?ThreadPermissionsBlob \| ?ThreadPermissionsInfo,
	@@ -405,6 +409,42 @@
	return getRolePermissionBlobsForCommunity(threadType);
	}

	+function getUniversalCommunityRootPermissionsBlob(
	+ threadType: CommunityRootThreadType,
	+): ThreadRolePermissionsBlob {
	+ const openDescendantKnowOf = OPEN_DESCENDANT + threadPermissions.KNOW_OF;
	+ const openDescendantVisible = OPEN_DESCENDANT + threadPermissions.VISIBLE;
	+ const openChildJoinThread = OPEN_CHILD + threadPermissions.JOIN_THREAD;
	+ const openTopLevelDescendantJoinThread =
	+ OPEN_TOP_LEVEL_DESCENDANT + threadPermissions.JOIN_THREAD;
	+
	+ const genesisUniversalCommunityPermissions = {
	+ [threadPermissions.KNOW_OF]: true,
	+ [threadPermissions.VISIBLE]: true,
	+ [openDescendantKnowOf]: true,
	+ [openDescendantVisible]: true,
	+ [openTopLevelDescendantJoinThread]: true,
	+ };
	+
	+ const baseUniversalCommunityPermissions = {
	+ ...genesisUniversalCommunityPermissions,
	+ [threadPermissions.CREATE_SIDEBARS]: true,
	+ [threadPermissions.LEAVE_THREAD]: true,
	+ [openChildJoinThread]: true,
	+ };
	+
	+ if (threadType === threadTypes.GENESIS) {
	+ return genesisUniversalCommunityPermissions;
	+ } else if (threadType === threadTypes.COMMUNITY_ANNOUNCEMENT_ROOT) {
	+ return baseUniversalCommunityPermissions;
	+ } else {
	+ return {
	+ ...baseUniversalCommunityPermissions,
	+ [threadPermissions.VOICED]: true,
	+ };
	+ }
	+}
	+
	export {
	permissionLookup,
	getAllThreadPermissions,
	@@ -412,4 +452,5 @@
	makePermissionsForChildrenBlob,
	getRoleForPermissions,
	getRolePermissionBlobs,
	+ getUniversalCommunityRootPermissionsBlob,
	};
	diff --git a/lib/types/thread-types-enum.js b/lib/types/thread-types-enum.js
	--- a/lib/types/thread-types-enum.js
	+++ b/lib/types/thread-types-enum.js
	@@ -59,6 +59,11 @@
	values(threadTypes),
	);

	+export type CommunityRootThreadType =
	+ \| typeof threadTypes.COMMUNITY_ROOT
	+ \| typeof threadTypes.COMMUNITY_ANNOUNCEMENT_ROOT
	+ \| typeof threadTypes.GENESIS;
	+
	export const communityThreadTypes: $ReadOnlyArray<number> = Object.freeze([
	threadTypes.COMMUNITY_ROOT,
	threadTypes.COMMUNITY_ANNOUNCEMENT_ROOT,

File Metadata

Mime Type: text/plain
Expires: Tue, Dec 9, 12:55 PM (7 h, 9 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 5854451
Default Alt Text: D9897.1765284913.diff (6 KB)

D9897.1765284913.diffNo OneTemporaryActions

D9897.1765284913.diffView Options

File Metadata

Event Timeline

D9897.1765284913.diff
No OneTemporary
Actions

D9897.1765284913.diff
View Options