HomePhabricator
Diffusion Comm 6583cde4a78d

[keyserver] Fix keyserver allowing adding unauthorized users to chats

Description

[keyserver] Fix keyserver allowing adding unauthorized users to chats

Summary:
issue: ENG-8801
It should not be possible to create a subchannel in a chat under GENESIS with users the current user is not friends with, even if they are not in the parent chat
It should not be possible to add a user that is not a friend of the current user, even if they are not in the parent chat, to a subchannel of a chat under GENESIS
To see the full explanation of what behaviour we want in all cases, please see this comment

Test Plan:
I tested the behaviour of keyserver by removing filtering from UI and allowing it to display all users.
Tested that it is not possible to create a subchannel in GENESIS subchannel that would contain users that are not in parent chat, unless they are our friends

Tested that it is not possible to create a chat through ChatThreadComposer with non-friend (even if UI allows it), or create direct GENESIS subchannels with non-friends (from admin)

Tested that it IS possible to create direct GENESIS subchannels with friends (from admin)

Tested that it IS possible to create subchannel in GENESIS subchannel with members of the parent even if they are not our friends.

Tested that it IS possible to create to create a subchannel in a different community with users that are in this community but we are not friends with.

Tested that it IS NOT possible to create a subchannel in a different community with users that are not in this community and we are not friends with.

Reviewers: tomek, ashoat

Reviewed By: ashoat

Differential Revision: https://phab.comm.dev/D12727

Details

Provenance
inkaAuthored on Jul 11 2024, 6:51 AM
Reviewer
ashoat
Differential Revision
D12727: [keyserver] Fix keyserver allowing adding unauthorized users to chats
Parents
rCOMM52aa37541e68: Fix CORS issues with identity HTTP
Branches
Unknown
Tags
Unknown