external_services: adjust the behavior of `ExcludeNamespaceUser` option (!27004) · Merge requests · Administrator / sourcegraph

Administrator requested to merge jc/ExcludeNamespaceUser into main Nov 03, 2021

Created by: unknwon

Followup of https://github.com/sourcegraph/sourcegraph/pull/26828#discussion_r740933700.

Namely,

NoNamespace -> any namespace is ignored
ExcludeNamespaceUser -> only user namespace is ignored. If we supply NamespaceOrgID, it is still applied
NamespaceUserID, NamespaceOrgID are mutually exclusive

The 3. is not precisely reflected in code because if we stop restricting conditions because of conflict, more rows would be returned (and could cause unauthorized access to external services). i.e. having deleted_at IS NULL AND namespace_user_id = 1 AND namespace_org_id = 2 would return nothing in practice, but no result is safer than not restricting namespace at all (deleted_at IS NULL), and ended up returning external services from other namespaces from the query.

external_services: adjust the behavior of `ExcludeNamespaceUser` option

Merge request reports