Skip to content

Commit e05de7f

Browse files
Team collaborator: Implicit connection permission [1] (#4692)
Allow team collaborators to create 1:1 conversations via POST /one2one-conversations if they've the implicit_connection permission. --------- Co-authored-by: Gautier DI FOLCO <[email protected]>
1 parent ea551b9 commit e05de7f

File tree

5 files changed

+77
-4
lines changed

5 files changed

+77
-4
lines changed

changelog.d/2-features/WPB-18195

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
Allow team collaborators with `implicit_connection` permission to create a One2One conversation with a team member.

integration/test/API/Galley.hs

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -383,6 +383,28 @@ getMLSOne2OneConversation self other = do
383383
$ joinHttpPath ["one2one-conversations", domain, uid]
384384
submit "GET" req
385385

386+
postOne2OneConversation ::
387+
(HasCallStack, MakesValue self, MakesValue other) =>
388+
self ->
389+
other ->
390+
String ->
391+
String ->
392+
App Response
393+
postOne2OneConversation self other tid convName = do
394+
qUid <- objQidObject other
395+
req <-
396+
baseRequest self Galley Versioned
397+
$ joinHttpPath ["one2one-conversations"]
398+
submit
399+
"POST"
400+
( req
401+
& addJSONObject
402+
[ "name" .= convName,
403+
"qualified_users" .= [qUid],
404+
"team" .= Aeson.object ["teamid" .= tid, "managed" .= False]
405+
]
406+
)
407+
386408
getGroupClients ::
387409
(HasCallStack, MakesValue user) =>
388410
user ->

integration/test/Test/TeamCollaborators.hs

Lines changed: 46 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -95,3 +95,49 @@ testCollaboratorCanCreateTeamConv (TaggedBool collaboratorHasTeam) = do
9595
postConversation collaborator (defMLS {team = Just team}) `bindResponse` \resp -> do
9696
resp.status `shouldMatchInt` 201
9797
resp.json %. "team" `shouldMatch` team
98+
99+
testImplicitConnectionAllowed :: (HasCallStack) => App ()
100+
testImplicitConnectionAllowed = do
101+
(owner, team, [alice]) <- createTeam OwnDomain 2
102+
103+
-- At the time of writing, it wasn't clear if this should be a bot instead.
104+
bob <- randomUser OwnDomain def
105+
addTeamCollaborator
106+
owner
107+
team
108+
bob
109+
["implicit_connection"]
110+
>>= assertSuccess
111+
112+
postOne2OneConversation bob alice team "chit-chat" >>= assertSuccess
113+
114+
testImplicitConnectionNotConfigured :: (HasCallStack) => App ()
115+
testImplicitConnectionNotConfigured = do
116+
(owner, team, [alice]) <- createTeam OwnDomain 2
117+
118+
-- At the time of writing, it wasn't clear if this should be a bot instead.
119+
bob <- randomUser OwnDomain def
120+
addTeamCollaborator
121+
owner
122+
team
123+
bob
124+
[]
125+
>>= assertSuccess
126+
127+
postOne2OneConversation bob alice team "chit-chat" >>= assertLabel 403 "operation-denied"
128+
129+
testImplicitConnectionNoCollaborator :: (HasCallStack) => App ()
130+
testImplicitConnectionNoCollaborator = do
131+
(_owner0, team0, [alice]) <- createTeam OwnDomain 2
132+
(owner1, team1, _users1) <- createTeam OwnDomain 2
133+
134+
-- At the time of writing, it wasn't clear if this should be a bot instead.
135+
bob <- randomUser OwnDomain def
136+
addTeamCollaborator
137+
owner1
138+
team1
139+
bob
140+
["implicit_connection"]
141+
>>= assertSuccess
142+
143+
postOne2OneConversation bob alice team0 "chit-chat" >>= assertLabel 403 "no-team-member"

libs/wire-api/src/Wire/API/Team/Member.hs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -631,7 +631,7 @@ collaboratorToTeamPermissions =
631631
foldMap
632632
( \case
633633
Collaborator.CreateTeamConversation -> Set.fromList [CreateConversation, AddRemoveConvMember]
634-
Collaborator.ImplicitConnection -> mempty
634+
Collaborator.ImplicitConnection -> Set.singleton CreateConversation
635635
)
636636

637637
----------------------------------------------------------------------

services/galley/src/Galley/API/Create.hs

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -490,7 +490,8 @@ createOne2OneConversation ::
490490
Member NotificationSubsystem r,
491491
Member Now r,
492492
Member TeamStore r,
493-
Member P.TinyLog r
493+
Member P.TinyLog r,
494+
Member TeamCollaboratorsSubsystem r
494495
) =>
495496
Local UserId ->
496497
ConnId ->
@@ -533,17 +534,20 @@ createOne2OneConversation lusr zcon j =
533534
Member (ErrorS 'NotATeamMember) r,
534535
Member (ErrorS OperationDenied) r,
535536
Member (ErrorS 'TeamNotFound) r,
537+
Member TeamCollaboratorsSubsystem r,
536538
Member TeamStore r
537539
) =>
538540
Local UserId ->
539541
TeamId ->
540542
Sem r (Maybe TeamId)
541543
checkBindingTeamPermissions lother tid = do
544+
mTeamCollaborator <- internalGetTeamCollaborator tid (tUnqualified lusr)
542545
zusrMembership <- E.getTeamMember tid (tUnqualified lusr)
543-
void $ permissionCheck CreateConversation zusrMembership
546+
void $ permissionCheck CreateConversation $ (Left <$> zusrMembership) <|> (Right <$> mTeamCollaborator)
544547
E.getTeamBinding tid >>= \case
545548
Just Binding -> do
546-
verifyMembership tid (tUnqualified lusr)
549+
when (isJust zusrMembership) $
550+
verifyMembership tid (tUnqualified lusr)
547551
verifyMembership tid (tUnqualified lother)
548552
pure (Just tid)
549553
Just _ -> throwS @'NonBindingTeam

0 commit comments

Comments
 (0)