Get permission service: clean "can_request_help" usage #1006
Conversation
… granted_via_* For now, it is always an empty array
We need it to test the viewPermissions service
…abase if it doesn't exists It seems obvious but it wasn't the case because database foreign keys are disabled in tests
Because we have cases that weren't covered to test for the viewPermissions service changes Note: we don't distinguish between empty string and nil. It doesn't seem important now, but it might be a requirement in the future.
…_request_help_to Note: it doesn't contain the groups who don't appear in the other groups yet
Also, return groups with a different group_source_id in granted_via_*, it was forgotten
…opagation So we can test viewPermission with can_request_help_to in the computed group with propagation
… when the permission propagates
… origins. It simplifies the query and the code
GeoffreyHuck
changed the title
Codecov ReportPatch coverage:
Additional details and impacted files@@ Coverage Diff @@
## master #1006 +/- ##
=========================================
Coverage 100.00% 100.00%
=========================================
Files 230 230
Lines 13847 13893 +46
=========================================
+ Hits 13847 13893 +46
☔ View full report in Codecov by Sentry. |
GeoffreyHuck
changed the title
There was a problem hiding this comment.
You write in the PR:
Format of
can_request_help_toin responseThe fields are now always present:
idalways setnameset or null if not visibleis_all_users_grouptotrueorfalsedepending on the case
At other places of the API, when an attribute is not visible, it is omitted (not given)... null is reserved for cases when a value is visible but null (the db value).
| And the response at $.granted.can_request_help_to should be "null" | ||
| And the response at $.granted.can_request_help_to should be: | ||
| | id | name | is_all_users_group | | ||
| | @HelperGroup | | false | |
There was a problem hiding this comment.
Again, this makes it difficult for me to check if this return a tuple (as requested) or just an array with one tuple (which would be more consistent with the other tables).
There was a problem hiding this comment.
fixed with <undefined>, see comment below
There was a problem hiding this comment.
I think you didn't get my point. My question was : how can I know reading this if you checking for a tuple<id, name, is_all_users_group> or an array containing one tuple<id, name, is_all_users_group> ? What would be the different in the rule?
There was a problem hiding this comment.
The difference is in the JSONPath. To retrieve an array, there is a [*] at the end of the JSONPath:
$.granted.can_request_help_tois an object$.granted_via_membership.can_request_help_to[*]is an array
EDIT: I just checked and it works without the [*]. So
- Either we intentionally put the
[*]when we want an array - Or, we create a different feature for arrays. The code is basically doing a if (is_array) else {} already, so this might be a better solution
EDIT 2: Implemented as JSON checking
So we can differentiate between null, empty arrays and empty strings
|
The ways to check for null, empty arrays, undefined fields, and empty strings have been uniformed:
The feature For the same reason, the empty array is checked with a special value instead of another feature, so we can check for empty arrays in an array. |
To comply with the architecture decision We use <undefined> to represent a field that is not present, so we can distinguish it with null
…ature To uniformize the way we check for undefined path in arrays
| And the response at $.granted_via_self.can_request_help_to[*] should be "[]" | ||
| And the response at $.granted.can_request_help_to should be "<null>" | ||
| And the response at $.granted_via_group_membership.can_request_help_to[*] should be "[]" | ||
| And the response at $.granted_via_item_unlocking.can_request_help_to[*] should be "[]" |
There was a problem hiding this comment.
Why not $.granted_via_item_unlocking.can_request_help_to should be "[]" ?
| And the response at $.granted.can_request_help_to should be "null" | ||
| And the response at $.granted.can_request_help_to should be: | ||
| | id | name | is_all_users_group | | ||
| | @HelperGroup | | false | |
There was a problem hiding this comment.
I think you didn't get my point. My question was : how can I know reading this if you checking for a tuple<id, name, is_all_users_group> or an array containing one tuple<id, name, is_all_users_group> ? What would be the different in the rule?
This makes it clearer when we test single objects, rather than using an array
It's clearer that we are testing a single object and not an array with one entry @see #1006 (comment)
…t we are testing an array The check for single object with this feature has been disabled, it should now be tested with featuer allowing to check JSON at a JSONPath
fixes #1004
We now return an array of all groups with
can_request_help_topermissions set in allgranted_via_*.In
computed, we also return all permissions coming from parent items whilerequest_help_propagationis set. The uses a recursive query that is only called once,GetAncestorsRequestHelpPropagatedQuery().Format of
can_request_help_toin responseidalways setnamepresent only if it is visibleis_all_users_grouptotrueorfalsedepending on the casePerformance notice:
IsVisibleForGroup()once for each group we find. So it might be expensive if we have cases where we have many groupscan_request_help_topermissions set.The typical query is the following:
Note: It might be easier to review commit by commit. Notes about choices are present in commit messages.