Conversation
zebot
added
the
ok-to-test
This syntax-only change lays the ground-work abstracts "get member and if that fails get collaborator and apply `hasPermissions` to whichever you found" away behind "lookup principle and apply `hasPermissions`".
1. Wire.API.Team.Member: Removed isFullTeamMember (export + definition) — it was a temporary placeholder for the behavior change. 2. ensureAccessRole (Util.hs): Changed guard from maybe True (not . isFullTeamMember) . snd → isNothing . snd. Collaborators (Just (Left _)) now pass the TeamMemberAccessRole check, just like full members. 3. ensureConversationAccess (Util.hs): Now uses lookupTeamPrincipal instead of internalGetTeamMember + fmap Right, so collaborators get Just (Left _) instead of Nothing and pass the access role check. Added Member TeamCollaboratorsSubsystem r constraint. 4. convLocalMemberships (CreateInternal.hs): Now uses lookupTeamPrincipal for all users. The notTeamMember call is replaced with [uid | (uid, Nothing) <- allUsersWithPrincipal], exempting collaborators from the explicit connection check. 5. checkLocals (Action.hs): Now batch-fetches collaborators via internalGetTeamCollaboratorsWithIds and merges them with team members into the userMembershipMap, so collaborators appear as Just (Left _) and pass the access role check.
Summary of the full implementation: wire-subsystems builds clean. galley builds clean. brig compiles clean (only fails at link due to a pre-existing missing native lib). Here's what was changed across the implementation: 1. Wire.API.Team.Collaborator — Added CollaboratorStatus, TeamCollaboratorView, collaboratorToView 2. Wire.API.Routes.Public.Brig — Changed get-team-collaborators response type to [TeamCollaboratorView] 3. Wire.TeamSubsystem — Added pseudoSuspendedCollaborators, isPseudoSuspended; updated lookupTeamPrincipal to return Nothing for pseudo-suspended collaborators 4. Wire.ConversationSubsystem.Action — Updated checkLocals to filter pseudo-suspended collaborators before building userMembershipMap; added FeaturesConfigSubsystem to HasConversationActionEffects 'ConversationJoinTag, updateLocalConversationJoin, and updateLocalConversationUncheckedJoin 5. Wire.ConversationSubsystem.MLS.Commit.Core — Added FeaturesConfigSubsystem to HasProposalActionEffects 6. Wire.ConversationSubsystem.MLS.Proposal — Added FeaturesConfigSubsystem to HasProposalEffects 7. Wire.ConversationSubsystem.Federation — Added FeaturesConfigSubsystem to sendMLSMessage 8. Wire.ConversationSubsystem.Update — Added FeaturesConfigSubsystem to addMembers, addQualifiedMembersUnqualified, replaceMembers 9. Brig.Team.API — Added enrichCollaboratorsWithStatus using GalleyAPIAccess.getFeatureConfigForTeam @_ @AppsConfig
fisx
force-pushed
the
WPB-25521-refactor_-make-team-conversation-access-control-more-collaborator-friendly
branch
from
6a2debf to
c28f62e
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
https://wearezeta.atlassian.net/browse/WPB-25521
Checklist
changelog.d