Page MenuHomePhabricator

[lib] Remove descendantJoinThread from knowOfSecretChannelsPermissions
ClosedPublic

Authored by ashoat on Aug 7 2024, 1:27 PM.
Tags
None
Referenced Files
F3323516: D13018.id43287.diff
Wed, Nov 20, 3:43 AM
F3323515: D13018.id43235.diff
Wed, Nov 20, 3:43 AM
F3323352: D13018.diff
Wed, Nov 20, 3:40 AM
F3323036: D13018.id.diff
Wed, Nov 20, 2:44 AM
Unknown Object (File)
Sat, Nov 9, 9:57 PM
Unknown Object (File)
Oct 14 2024, 7:41 PM
Unknown Object (File)
Oct 14 2024, 7:41 PM
Unknown Object (File)
Oct 14 2024, 7:41 PM
Subscribers
None

Details

Summary

This prevents somebody who can see secret channels from joining a sidebar when they aren't the member of its parent.

Because of how our logic around containingThreadID works, it's important that we maintain the property that "if a user is a member of X thread with containingThreadID, it is also a member of containingThreadID.

As such, the permissions system is structured to always assign sidebar JOIN_THREAD permissions from the sidebar's parent.

In other words, we should never see JOIN_THREAD and DESCENDANT together without also having TOP_LEVEL (or OPEN_TOP_LEVEL).

Depends on D13017

Test Plan

The whole stack was tested as follows:

  1. Unit tests from D9686, which toggle user-surfaced permissions on and off and make sure no difference is caught. This ensures that the original issue introduced in D9686 isn't reintroduced
  2. Careful review of each descendant permission removed in D9686
  3. Create a community as userA and add userB. Grant tagging permissions to all members. Make sure userB can tag inside non-root channels
  4. Do above, then create a channel without userB, and make sure userB can't tag there either (or do anything other than view). This is the repro described here
  5. Do above, but also create a thread inside the channel (as userA) and make sure userB can't do anything inside the thread other than view, until they join the parent channel

Diff Detail

Repository
rCOMM Comm
Lint
No Lint Coverage
Unit
No Test Coverage

Event Timeline

Harbormaster returned this revision to the author for changes because remote builds failed.Aug 7 2024, 1:50 PM
Harbormaster failed remote builds in B30990: Diff 43235!
ashoat requested review of this revision.Aug 7 2024, 1:55 PM
ashoat edited the test plan for this revision. (Show Details)
This revision is now accepted and ready to land.Aug 9 2024, 2:17 AM
This revision was landed with ongoing or failed builds.Aug 9 2024, 7:28 PM
This revision was automatically updated to reflect the committed changes.