SQSERVICES-1083 Separate Access Control For Guests And Services #2035
Conversation
libs/wire-api/test/golden/Test/Wire/API/Golden/Generated/Event_user.hs
Outdated
Show resolved
Hide resolved
battermann
force-pushed
the
SQSERVICES-1083-separate-access-control-for-guests-and-services
branch
from
95863d4 to
93f04a6
Compare
response contains both access roles wip conversion in ToSchema instance pushed old access roles to the boundaries wip schema migration update brig wip fix tests fix golden tests fix galley integration fix brig-integration fix wire-api-federation golden tests fix problems update cql schema ref use to/from access role legacy imported from wire-api roundtrip for access roles old and new (re-)added golden test for access role legacy (re-)added golden test for access role legacy access role conversion test (fails) wip wip clean up business logic
battermann
force-pushed
the
SQSERVICES-1083-separate-access-control-for-guests-and-services
branch
from
6007754 to
46eecd4
Compare
| schema | ||
| <*> cnvmAccess .= field "access" (array schema) | ||
| <*> cnvmAccessRole .= field "access_role" schema | ||
| <*> cnvmAccessRoles .= accessRolesSchema |
There was a problem hiding this comment.
Doesn't this mean that both fields are required? I would use "optional" here and leave a description that explains that the server promises to always deliver both?
There was a problem hiding this comment.
This is defined in the accessRolesSchema. When we deserialize, at least one of them has to be set, and when we serialize, we return both.
| [ fromLegacyToV2ToLegacy, | ||
| fromV2ToLegacyToV2 |
There was a problem hiding this comment.
| [ fromLegacyToV2ToLegacy, | |
| fromV2ToLegacyToV2 | |
| [ acessRoleFromLegacyToV2ToLegacy, | |
| acessRoleFromV2ToLegacyToV2 |
There was a problem hiding this comment.
(Also, it's probably much faster if we don't run QC here but enumerate all test cases exhaustively. But I think we should probably resist, and do that more exhaustively once we don't have anything better to do.)
There was a problem hiding this comment.
I like the renaming.
Regarding QC, all wire-api unit tests together take 1.5s to run. I don't see a problem.
Checking properties has the benefit that if we add additional access roles later, they are automatically checked.
We can't ensure exhaustiveness on sets anyway, AFAIK.
| (owner, teamId, []) <- Util.createBindingTeamWithNMembers 0 | ||
| let createConvWithGuestLink = do | ||
| convId <- decodeConvId <$> postTeamConv teamId owner [] (Just "testConversation") [CodeAccess] (Just ActivatedAccessRole) Nothing | ||
| convId <- decodeConvId <$> postTeamConv teamId owner [] (Just "testConversation") [CodeAccess] (Just (Set.fromList [TeamMemberAccessRole, NonTeamMemberAccessRole])) Nothing |
There was a problem hiding this comment.
this looks like the module where you can test the new cases (in particular services-not-guests, and guests-not-services). maybe this can be even randomized somehow?
| then pure bm | ||
| else do | ||
| activated <- map User.userId <$> E.lookupActivatedUsers (toList (bmLocals bm)) | ||
| -- FUTUREWORK: should we also remove non-activated remote users? |
There was a problem hiding this comment.
Federation people: can users joining via a guest link without account be non-local?
| \`[team_member]` => `team` - team-only conversation\ | ||
| \`[team_member, non_team_member, service]` => `activated` - conversation for users who have activated email, phone or SSO and services\ | ||
| \`[team_member, non_team_member, service, guest]` => `non_activated` - all allowed, no checks.\ | ||
| \All other configurations of `access_role_v2` are mapped to the smallest superset containing all given access roles." |
There was a problem hiding this comment.
Would it make more sense to document the mapping in the deprecated type, then they will be deleted together?
| @@ -0,0 +1 @@ | |||
| Backend now separates conversation access control for guests and services. The old access roles are still supported but it is encouraged to upgrade clients since mapping between the old access roles and the new access roles are is not isomorphic. For more details refer to the API changes changelog, the Swagger docs, or the technical specification. | |||
There was a problem hiding this comment.
If we already know which versions of clients support this, we should add those here, but I suspect we're not certain yet. Bring up in the next standup?
…or-guests-and-services
fisx
deleted the
SQSERVICES-1083-separate-access-control-for-guests-and-services
branch
https://wearezeta.atlassian.net/browse/SQSERVICES-1083
Checklist
make git-add-cassandra-schemato update the cassandra schema documentation.changelog.d.