Yehowshua/ZIm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add requires_zed_cla column to channels table

Browse source 
Don't allow granting guests write access in a call where the channel
or one of its ancestors requires the zed CLA, until that guest has
signed the Zed CLA.

Co-authored-by: Marshall <marshall@zed.dev>
This commit is contained in:
Max Brunsfeld 2024-01-22 16:38:54 -08:00
parent 676d2cb24a
commit 25708088b7
14 changed files with 225 additions and 40 deletions
Download patch file Download diff file Expand all files Collapse all files

8
crates/collab/src/db/ids.rs
View file

@ -173,6 +173,14 @@ impl ChannelRole {
Banned => false,
}
}
pub fn requires_cla(&self) -> bool {
use ChannelRole::*;
match self {
Admin | Member => true,
Banned | Guest => false,
}
}
}
impl From<proto::ChannelRole> for ChannelRole {

17
crates/collab/src/db/queries/channels.rs
View file

@ -67,6 +67,7 @@ impl Database {
.as_ref()
.map_or(String::new(), |parent| parent.path()),
),
requires_zed_cla: ActiveValue::NotSet,
}
.insert(&*tx)
.await?;
@ -261,6 +262,22 @@ impl Database {
.await
}
#[cfg(test)]
pub async fn set_channel_requires_zed_cla(
&self,
channel_id: ChannelId,
requires_zed_cla: bool,
) -> Result<()> {
self.transaction(move |tx| async move {
let channel = self.get_channel_internal(channel_id, &*tx).await?;
let mut model = channel.into_active_model();
model.requires_zed_cla = ActiveValue::Set(requires_zed_cla);
model.update(&*tx).await?;
Ok(())
})
.await
}
/// Deletes the channel with the specified ID.
pub async fn delete_channel(
&self,

2
crates/collab/src/db/queries/contributors.rs
View file

@ -58,7 +58,7 @@ impl Database {
pub async fn add_contributor(
&self,
github_login: &str,
github_user_id: i32,
github_user_id: Option<i32>,
github_email: Option<&str>,
) -> Result<()> {
self.transaction(|tx| async move {

44
crates/collab/src/db/queries/rooms.rs
View file

@ -1029,6 +1029,11 @@ impl Database {
.await?
.ok_or_else(|| anyhow!("only admins can set participant role"))?;
if role.requires_cla() {
self.check_user_has_signed_cla(user_id, room_id, &*tx)
.await?;
}
let result = room_participant::Entity::update_many()
.filter(
Condition::all()
@ -1050,6 +1055,45 @@ impl Database {
.await
}
async fn check_user_has_signed_cla(
&self,
user_id: UserId,
room_id: RoomId,
tx: &DatabaseTransaction,
) -> Result<()> {
let channel = room::Entity::find_by_id(room_id)
.one(&*tx)
.await?
.ok_or_else(|| anyhow!("could not find room"))?
.find_related(channel::Entity)
.one(&*tx)
.await?;
if let Some(channel) = channel {
let requires_zed_cla = channel.requires_zed_cla
|| channel::Entity::find()
.filter(
channel::Column::Id
.is_in(channel.ancestors())
.and(channel::Column::RequiresZedCla.eq(true)),
)
.count(&*tx)
.await?
> 0;
if requires_zed_cla {
if contributor::Entity::find()
.filter(contributor::Column::UserId.eq(user_id))
.one(&*tx)
.await?
.is_none()
{
Err(anyhow!("user has not signed the Zed CLA"))?;
}
}
}
Ok(())
}
pub async fn connection_lost(&self, connection: ConnectionId) -> Result<()> {
self.transaction(|tx| async move {
self.room_connection_lost(connection, &*tx).await?;

69
crates/collab/src/db/queries/users.rs
View file

@ -72,7 +72,7 @@ impl Database {
pub async fn get_or_create_user_by_github_account(
&self,
github_login: &str,
github_user_id: i32,
github_user_id: Option<i32>,
github_email: Option<&str>,
) -> Result<User> {
self.transaction(|tx| async move {
@ -90,39 +90,48 @@ impl Database {
pub async fn get_or_create_user_by_github_account_tx(
&self,
github_login: &str,
github_user_id: i32,
github_user_id: Option<i32>,
github_email: Option<&str>,
tx: &DatabaseTransaction,
) -> Result<User> {
if let Some(user_by_github_user_id) = user::Entity::find()
.filter(user::Column::GithubUserId.eq(github_user_id))
.one(tx)
.await?
{
let mut user_by_github_user_id = user_by_github_user_id.into_active_model();
user_by_github_user_id.github_login = ActiveValue::set(github_login.into());
Ok(user_by_github_user_id.update(tx).await?)
} else if let Some(user_by_github_login) = user::Entity::find()
.filter(user::Column::GithubLogin.eq(github_login))
.one(tx)
.await?
{
let mut user_by_github_login = user_by_github_login.into_active_model();
user_by_github_login.github_user_id = ActiveValue::set(Some(github_user_id));
Ok(user_by_github_login.update(tx).await?)
if let Some(github_user_id) = github_user_id {
if let Some(user_by_github_user_id) = user::Entity::find()
.filter(user::Column::GithubUserId.eq(github_user_id))
.one(tx)
.await?
{
let mut user_by_github_user_id = user_by_github_user_id.into_active_model();
user_by_github_user_id.github_login = ActiveValue::set(github_login.into());
Ok(user_by_github_user_id.update(tx).await?)
} else if let Some(user_by_github_login) = user::Entity::find()
.filter(user::Column::GithubLogin.eq(github_login))
.one(tx)
.await?
{
let mut user_by_github_login = user_by_github_login.into_active_model();
user_by_github_login.github_user_id = ActiveValue::set(Some(github_user_id));
Ok(user_by_github_login.update(tx).await?)
} else {
let user = user::Entity::insert(user::ActiveModel {
email_address: ActiveValue::set(github_email.map(|email| email.into())),
github_login: ActiveValue::set(github_login.into()),
github_user_id: ActiveValue::set(Some(github_user_id)),
admin: ActiveValue::set(false),
invite_count: ActiveValue::set(0),
invite_code: ActiveValue::set(None),
metrics_id: ActiveValue::set(Uuid::new_v4()),
..Default::default()
})
.exec_with_returning(&*tx)
.await?;
Ok(user)
}
} else {
let user = user::Entity::insert(user::ActiveModel {
email_address: ActiveValue::set(github_email.map(|email| email.into())),
github_login: ActiveValue::set(github_login.into()),
github_user_id: ActiveValue::set(Some(github_user_id)),
admin: ActiveValue::set(false),
invite_count: ActiveValue::set(0),
invite_code: ActiveValue::set(None),
metrics_id: ActiveValue::set(Uuid::new_v4()),
..Default::default()
})
.exec_with_returning(&*tx)
.await?;
let user = user::Entity::find()
.filter(user::Column::GithubLogin.eq(github_login))
.one(tx)
.await?
.ok_or_else(|| anyhow!("no such user {}", github_login))?;
Ok(user)
}
}

1
crates/collab/src/db/tables/channel.rs
View file

@ -9,6 +9,7 @@ pub struct Model {
pub name: String,
pub visibility: ChannelVisibility,
pub parent_path: String,
pub requires_zed_cla: bool,
}
impl Model {

4
crates/collab/src/db/tests/contributor_tests.rs
View file

@ -23,13 +23,13 @@ async fn test_contributors(db: &Arc<Database>) {
assert_eq!(db.get_contributors().await.unwrap(), Vec::<String>::new());
db.add_contributor("user1", 1, None).await.unwrap();
db.add_contributor("user1", Some(1), None).await.unwrap();
assert_eq!(
db.get_contributors().await.unwrap(),
vec!["user1".to_string()]
);
db.add_contributor("user2", 2, None).await.unwrap();
db.add_contributor("user2", Some(2), None).await.unwrap();
assert_eq!(
db.get_contributors().await.unwrap(),
vec!["user1".to_string(), "user2".to_string()]

4
crates/collab/src/db/tests/db_tests.rs
View file

@ -105,7 +105,7 @@ async fn test_get_or_create_user_by_github_account(db: &Arc<Database>) {
.user_id;
let user = db
.get_or_create_user_by_github_account("the-new-login2", 102, None)
.get_or_create_user_by_github_account("the-new-login2", Some(102), None)
.await
.unwrap();
assert_eq!(user.id, user_id2);
@ -113,7 +113,7 @@ async fn test_get_or_create_user_by_github_account(db: &Arc<Database>) {
assert_eq!(user.github_user_id, Some(102));
let user = db
.get_or_create_user_by_github_account("login3", 103, Some("user3@example.com"))
.get_or_create_user_by_github_account("login3", Some(103), Some("user3@example.com"))
.await
.unwrap();
assert_eq!(&user.github_login, "login3");