Skip to content

Backend: Repository permissions for campaigns

Created by: mrnugget

Taken from RFC 157.

Status: Tasks are final.

Backend Tasks

  • Split up the Patch and ExternalChangeset types in the GraphQL schema into Patch/HiddenPatch and ExternalChangeset/HiddenExternalChangeset. The types should implement the same interface, respectively, which only has the fields that the "hidden" version should contain:
    • HiddenPatch: only has the id field
    • HiddenExternalChangeset: only has the id, createdAt, updatedAt, nextSyncAt, campaigns
  • In every ChangesetsConnection return a HiddenExternalChangeset when the user doesn't have access to the underlying repository
  • In every PatchesConnection return a HiddenPatch when the user doesn't have access to the underlying repository
  • In ChangesetByID,PatchByID return "not found" if the user doesn't have access to the repository
  • In Campaign.status.errors filter out the errors if the user doesn't have access to the underlying repositories.
  • In Campaign.diffStat do not include stats for patches/changesets the user doesn't have access to
  • In PatchSet.diffStat do not include stats for patches/changesets the user doesn't have access to
  • Updating a campaign:
    • filter out all the existing changesets the user does not have access to, keep them untouched.
    • Do not close/update/create changesets the user does not have access to.
    • Make sure that this applies to "update changeset with new title/description" too!
  • Check repository permissions for access in following mutations and return an error if user has no access:
    • publishChangeset - return "not found" if user has no access
    • publishCampaignChangesets - only publish the changesets the user has access to
    • addChangesetsToCampaign - filter out changesets user doesn't have access to and return error (see existing error for "not found")
    • createCampaign - Skip publication of all patches from patchset the user doesn't have access to. (Invalid now that draft campaigns have been removed)
    • retryCampaign — same as publishCampaignChangesets: only retry the changesets the user has access to
    • updateCampaign - see previous task
    • createChangesets - filter out repositories dosn't have access to and return error (see existing error for "not found")
    • syncChangeset - return "not found" if user has no access
    • closeCampaign - leave changesets untouched if user has no access to them
    • deleteCampaign - leave changesets untouched if user has no access to them
  • Filter out hidden changesets when using filters other than status.
  • Include hidden changesets in openChangesets query resolver.
  • Filter out patches in CreatePatchSetFromPatches

Notes

authzFilter is the canonical way to filter a list of *types.Repo down to a subset of repositories a user has access to. See here