Skip to content

authz: grant pending permissions in app layer

Created by: unknwon

This PR is part of #7878 (closed) and a follow up for #7754.

The primary change is to move all call sites of db.Authz.GrantPendingPermissions to application layer, and are non-blocking when error occurs (i.e. log15.Error not return err). The reason I choose to make the error handling non-blocking is that failures of grant pending permissions are easily noticeable, and calls to db.Authz.GrantPendingPermissions are idempotent (provided easy way to retry for admins in this PR, see bullet points 2.).

Notable improvements to existing implementation:

  1. As @beyang suggested in #7754, db.Authz.GrantPendingPermissions now does verification of user information by itself, i.e. retrieve verified emails from DB directly instead of relying on the arguments, which offloads security concerns from the callers.
  2. Grant pending permissions also happens when admin manually set a email to be verified (GQL API setUserEmailVerified). It is practically convenient feature that admin is able to retry easily when grant failed for whatever reason.
  3. db.Authz.GrantPendingPermissions is now able to grant pending permissions for all verified emails for a user whenever possible to take care of any previous failures.

  • Manually tested and unit tests are added.
  • Unit tests for enterprise/cmd/frontend/db/authz.go and regression tests will be in follow up PR to make change set smaller.

Merge request reports

Loading