Implement permission levels for campaigns
Created by: mrnugget
This fixes https://github.com/sourcegraph/sourcegraph/issues/10808 by implementing permission levels for campaigns. As described in that ticket there are two permission levels:
-
campaign-admin-level
: can update/close/delete/sync/... a campaign -
non-admin-level
: can read the campaign
Right now, the a user has campaign-admin-level
permissions if:
- the user is the author of the campaign
- OR is a site-admin.
What this PR does is to check for campaign-admin-level
permissions in these mutations:
publishCampaign
publishChangeset
retryCampaign
updateCampaign
addChangesetsToCampaign
syncChangeset
closeCampaign
deleteCampaign
If the current user doesn't have campaign-admin-level
permissions, an error is returned.
On the read-path it hides the errors in campaign.status.errors
for users with non-admin-level permissions and makes sure that campaign.viewerCanAdminister
returns the correct value.
IMPORTANT: can this PR be merged without repository permissions?
Yes. Right now all top-level read-paths (CampaignByID
, Campaigns
, ChangesetByID
, ...) and the mutations that allow creating new entities (CreateCampaign
, CreatePatchSet
) are still protected by our "campaigns are only available to site-admins"-check.
That will be removed in #10713 which we aim to implement after adding repository permissions to campaigns.
That means it's safe to merge this PR, even though we don't have repository permissions in place yet, because only site-admins can create campaigns and thus become campaign owners.
Implementation
In order to be able to test the checks consistently I moved all of them into campaigns.Service
along with business logic that was previously only defined on the resolver level. That code was previously completely untested and its functionality is still untested (since I think it's out of the scope of this PR), but at least we now check for the authorization level and execute the code in the tests.