Page MenuHomePhabricator

[lib] Fix role permissions for channels
ClosedPublic

Authored by ashoat on Aug 7 2024, 1:26 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Jan 4, 11:16 PM
Unknown Object (File)
Thu, Dec 26, 9:05 AM
Unknown Object (File)
Thu, Dec 26, 9:05 AM
Unknown Object (File)
Thu, Dec 26, 9:05 AM
Unknown Object (File)
Thu, Dec 26, 9:04 AM
Unknown Object (File)
Wed, Dec 25, 10:19 PM
Unknown Object (File)
Sun, Dec 22, 5:14 PM
Unknown Object (File)
Sun, Dec 22, 5:14 PM
Subscribers
None

Details

Summary

This diff addresses ENG-8953. I went through each broken permission listed here.

  1. The changes in lib/types/thread-permission-types.js update the mapping from UserSurfacedPermission to role permission strings, the representation used in MariaDB. We add permission strings that guarantee each user-surfaced permission propagates to descendants in the right way.
  2. The changes in lib/permissions/thread-permissions.js removes these permissions from being assigned based on ThreadType. The user-surfaced permissions are responsible for these permissions, so we need to make sure they don't appear if the admin didn't grant them.

Depends on D13016

Test Plan

The whole stack was tested as follows:

  1. Unit tests from D9686, which toggle user-surfaced permissions on and off and make sure no difference is caught. This ensures that the original issue introduced in D9686 isn't reintroduced
  2. Careful review of each descendant permission removed in D9686
  3. Create a community as userA and add userB. Grant tagging permissions to all members. Make sure userB can tag inside non-root channels
  4. Do above, then create a channel without userB, and make sure userB can't tag there either (or do anything other than view). This is the repro described here
  5. Do above, but also create a thread inside the channel (as userA) and make sure userB can't do anything inside the thread other than view, until they join the parent channel

Diff Detail

Repository
rCOMM Comm
Lint
No Lint Coverage
Unit
No Test Coverage

Event Timeline

Remove OPEN_TOP_LEVEL from descendantAddMembers

lib/types/thread-permission-types.js
225 ↗(On Diff #43238)

TOP_LEVEL here means "non-sidebar". This disallows channels inside sidebars

229–232 ↗(On Diff #43238)

We remove this because it's mostly a subset of the permission granted by the new descendantAddMembers permission, with the exception of allowing non-members of a thread to add members to an open channel whose parent is the root, which is a non-desirable behavior (since we want to restrict all of these permissions to only apply to members of a channel)

Harbormaster returned this revision to the author for changes because remote builds failed.Aug 7 2024, 2:10 PM
Harbormaster failed remote builds in B30993: Diff 43238!
ashoat requested review of this revision.Aug 7 2024, 2:37 PM
This revision is now accepted and ready to land.Aug 9 2024, 2:17 AM
This revision was landed with ongoing or failed builds.Aug 9 2024, 7:28 PM
This revision was automatically updated to reflect the committed changes.