Page MenuHomePhabricator
Differential D9900

[keyserver] Validate community ID corresponds to a community root in role-creator
ClosedPublic
Actions

Authored by rohan on Nov 15 2023, 12:01 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Dec 15, 11:08 PM
Unknown Object (File)
Sun, Dec 15, 11:08 PM
Unknown Object (File)
Sun, Dec 15, 11:08 PM
Unknown Object (File)
Sun, Dec 15, 11:08 PM
Unknown Object (File)
Sun, Dec 15, 11:08 PM
Unknown Object (File)
Sun, Dec 15, 11:08 PM
Unknown Object (File)
Sun, Dec 15, 11:07 PM
Unknown Object (File)
Sun, Dec 15, 10:57 PM
View All Files
Subscribers
ashoat
tomek

Details

Reviewers
atul
ginsu
ashoat
Commits
rCOMM5a1516fd8cef: [keyserver] Validate community ID corresponds to a community root in role…
Summary

This diff adds a validation check to make sure the community ID passed in to the server corresponds to a community root (where community roles are valid)

This was some feedback from @ashoat to include this check, and I should have originally done it when writing this code

Depends on D9897

Test Plan

Made sure that it works for valid thread types, and that an error was thrown if a non-community ID was passed in

Diff Detail

Repository
rCOMM Comm
Lint
No Lint Coverage
Unit
No Test Coverage

Event Timeline

rohan created this revision.Nov 15 2023, 12:01 PM
Herald added a subscriber: tomek. · View Herald TranscriptNov 15 2023, 12:01 PM
rohan added a child revision: D9901: [lib] Rename getRolePermissionBlobsForCommunity to getRolePermissionBlobsForCommunityRoot.Nov 15 2023, 12:04 PM
rohan published this revision for review.Nov 15 2023, 12:26 PM
ashoat added inline comments.Nov 15 2023, 12:45 PM
keyserver/src/creators/role-creator.js
92–96 ↗(On Diff #33284)

Can checkThreadPermission be rewritten to avoid fetching from the threads table twice? (We already need to fetch once in fetchThreadInfos below.)

I think I asked you to do something similar in another diff recently, but in that case we had fetchServerThreadInfos instead of fetchThreadInfos. It should be a bit easier in this case, but let me know if you need pointers!

92–110 ↗(On Diff #33284)

Can these two checks be performed simultaneously rather than sequentially?

Harbormaster completed remote builds in B24167: Diff 33284.Nov 15 2023, 1:06 PM
rohan updated this revision to Diff 33348.Nov 16 2023, 9:59 AM

Use threadHasPermission. Tested this by:

  • Making sure users who should be able to create roles still can
  • Allowed role creation for all users client-side, but kept this server check. When a regular member tried to create a role, hasPermission was false and an error was thrown
ashoat accepted this revision.Nov 16 2023, 10:01 AM
This revision is now accepted and ready to land.Nov 16 2023, 10:01 AM
Harbormaster failed remote builds in B24215: Diff 33348!Nov 16 2023, 10:37 AM
rohan updated this revision to Diff 33383.Nov 17 2023, 7:36 AM

Rebase

Harbormaster completed remote builds in B24245: Diff 33383.Nov 17 2023, 8:14 AM
rohan edited the summary of this revision. (Show Details)Nov 20 2023, 9:18 AM
rohan added a parent revision: D9897: [lib] Introduce getUniversalCommunityRootPermissionsBlob.
rohan removed a parent revision: D9899: [keyserver] Use getUniversalCommunityRootPermissionsBlob in role-creator.
rohan updated this revision to Diff 33462.Nov 21 2023, 8:38 AM

Rebase

Harbormaster completed remote builds in B24310: Diff 33462.Nov 21 2023, 9:06 AM
rohan updated this revision to Diff 33495.Nov 22 2023, 6:58 AM

Rebase

Harbormaster completed remote builds in B24338: Diff 33495.Nov 22 2023, 8:14 AM
Closed by commit rCOMM5a1516fd8cef: [keyserver] Validate community ID corresponds to a community root in role… (authored by rohan). · Explain WhyNov 22 2023, 8:48 AM
This revision was automatically updated to reflect the committed changes.
rohan added a commit: rCOMM5a1516fd8cef: [keyserver] Validate community ID corresponds to a community root in role….

Revision Contents
Changeset List

PathSize
keyserver/
src/
creators/
29 lines

Diff 33495

View Options

keyserver/src/creators/role-creator.js

Loading...