Skip to content

Implement permission levels for campaigns

Administrator requested to merge campaigns/backend-perm-levels into master

Created by: mrnugget

This fixes https://github.com/sourcegraph/sourcegraph/issues/10808 by implementing permission levels for campaigns. As described in that ticket there are two permission levels:

  • campaign-admin-level: can update/close/delete/sync/... a campaign
  • non-admin-level: can read the campaign

Right now, the a user has campaign-admin-level permissions if:

  • the user is the author of the campaign
  • OR is a site-admin.

What this PR does is to check for campaign-admin-level permissions in these mutations:

  • publishCampaign
  • publishChangeset
  • retryCampaign
  • updateCampaign
  • addChangesetsToCampaign
  • syncChangeset
  • closeCampaign
  • deleteCampaign

If the current user doesn't have campaign-admin-level permissions, an error is returned.

On the read-path it hides the errors in campaign.status.errors for users with non-admin-level permissions and makes sure that campaign.viewerCanAdminister returns the correct value.

IMPORTANT: can this PR be merged without repository permissions?

Yes. Right now all top-level read-paths (CampaignByID, Campaigns, ChangesetByID, ...) and the mutations that allow creating new entities (CreateCampaign, CreatePatchSet) are still protected by our "campaigns are only available to site-admins"-check.

That will be removed in #10713 which we aim to implement after adding repository permissions to campaigns.

That means it's safe to merge this PR, even though we don't have repository permissions in place yet, because only site-admins can create campaigns and thus become campaign owners.

Implementation

In order to be able to test the checks consistently I moved all of them into campaigns.Service along with business logic that was previously only defined on the resolver level. That code was previously completely untested and its functionality is still untested (since I think it's out of the scope of this PR), but at least we now check for the authorization level and execute the code in the tests.

Merge request reports

Loading