Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Maintainer Role #4883

Open
wants to merge 28 commits into
base: master
Choose a base branch
from
Open

Maintainer Role #4883

wants to merge 28 commits into from

Conversation

colby-swandale
Copy link
Member

@colby-swandale colby-swandale commented Jul 11, 2024
edited
Loading

What's this about?

RubyGems.org currently has a single implicit role assigned to everyone who is an owner of a given gem. This role lets any gem owner do any, and all, things to a gem without restriction, such as adding & removing other owners, publishing new versions, yanking versions etc. In recent years, a strong desire in the community as emerged for a role system to be introduced for groups & businesses to better align their organizational structure and reduce the impact blast of any potential account take over.

What this Pull Request introduces

  • This Pull Request adds the formal concept of a Owner & Maintainer role and what permissions are granted.
  • Adds a new field to Ownership that assigns a particular role for the that gem + owner relationship
  • Adds a new form to edit an existing ownership to allow user's roles to be updated (Owners or Maintainers cannot update their own Role).

What this Pull Request is not introducing

  • Fine grained access controls. Permissions & Roles will remain specified in source code and cannot be modified by users.

Technical Details

We've added a new field to the Ownership table that records the user's current role. Inside Rails this is mapped from a string, either maintainer or owner to a new mapped integer in Access which is the thing that's stored in Postgres.

This integer is then used to determine what level of access is granted inside the Rubygem policy.

Decisions made for this Pull Request

The blast radius of this change if things goes wrong is very big, worst case is we stop anyone from publishing new versions. So a priority on maintaining the status quo was put in place to guide this PR.

  • All existing ownerships will remain untouched with the same permissions they currently have.
  • The default role offered to users in our UI will remain as "Owner" the same role that was implicitly assigned.

Owner vs Maintainer

Owner Maintainer
Manage Owners
Publish Version
Yank Version
Manage Adoptions
Manage Trusted Publishing

Screenshots

Viewing current owners and their role
Screenshot 2024-08-13 at 3 03 39 PM

Updating a user's role
Screenshot 2024-08-13 at 3 03 40 PM

User notification of their role being updated
Screenshot 2024-08-14 at 5 14 53 PM

@codecov Codecov
Copy link

codecov bot commented Jul 11, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 97.79412% with 3 lines in your changes missing coverage. Please review.

Project coverage is 97.04%. Comparing base (b678655) to head (5599466).
Report is 47 commits behind head on master.

Files with missing lines Patch % Lines
app/policies/organization_policy.rb 88.88% 3 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #4883      +/-   ##
==========================================
+ Coverage   97.02%   97.04%   +0.02%     
==========================================
  Files         420      424       +4     
  Lines        8726     8866     +140     
==========================================
+ Hits         8466     8604     +138     
- Misses        260      262       +2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@colby-swandale colby-swandale changed the title 🚧 Maintainer Role Maintainer Role Aug 12, 2024
@colby-swandale colby-swandale marked this pull request as ready for review August 14, 2024 09:25
segiddins
segiddins reviewed Aug 26, 2024
View reviewed changes
app/avo/resources/ownership_resource.rb Outdated Show resolved Hide resolved
app/controllers/api/v1/owners_controller.rb Outdated Show resolved Hide resolved
db/migrate/20240717081704_add_access_level_to_ownership.rb Outdated Show resolved Hide resolved
app/avo/resources/ownership_resource.rb Outdated Show resolved Hide resolved
app/models/ownership.rb Outdated Show resolved Hide resolved
app/controllers/api/v1/owners_controller.rb Outdated Show resolved Hide resolved
app/views/owners/_owners_table.html.erb Show resolved Hide resolved
@colby-swandale colby-swandale force-pushed the colby/maintainer-role branch 2 times, most recently from 5f2b2de to 7146007 Compare September 5, 2024 05:44
segiddins
segiddins reviewed Sep 5, 2024
View reviewed changes
app/models/rubygem.rb Outdated Show resolved Hide resolved
app/views/owners/_owners_table.html.erb Outdated Show resolved Hide resolved
config/locales/en.yml Outdated Show resolved Hide resolved
app/controllers/api/v1/owners_controller.rb Outdated Show resolved Hide resolved
app/models/ownership.rb Show resolved Hide resolved
app/policies/rubygem_policy.rb Outdated Show resolved Hide resolved
@colby-swandale
Add Access Level field to Ownership table and update RubyGem policies…
3ddaed4 
… to check for the level of access
@colby-swandale
Add Ownership edit form to owners table
bed0451
@colby-swandale
Add role field to add Ownership form
13dc4a5
@colby-swandale
Replace Access Level field with Role
ead2938
@colby-swandale
better validate the role in Owners API endpoint
18d4f26
@colby-swandale
Refactor Access Level field to be Role instead
10d3de0
@colby-swandale
Notify users when their Role was updated
361310d
@colby-swandale
Don’t allow a user to update their own Ownership
75c540a
@colby-swandale
prevent maintainers for accessing trusted publishing
c11b67e
@colby-swandale
Replace Role type object with an Enum
3765cb2
@colby-swandale
separate checking for onwnership and permissions into separate methods
ca1ffb4
@colby-swandale
Add Minimum Role Scope to the Ownership model
4608d56 
Replace the raw sql with something nicer
@colby-swandale
Add translations for Role field
6d1c10f
@colby-swandale
Record event when a ownership role is updated
20bc75a
@colby-swandale
Indicate what role the user was updated to in the notification email
480db28
@colby-swandale
Fix the wrong select values being passed to the edit/create ownership…
0bbbde0 
… form
@colby-swandale
Always email owners of any changes to their roles
e37bcc3
@martinemde martinemde added this to the Maintainer Role milestone Sep 17, 2024
@martinemde
Refactor Ownership policies to cover updating user's own ownership
3374305 
Make authorization failures more helpful on ownership changes.
We were sometimes returning just the text 'Forbidden' when
really we need to say that you can't edit your own role or
explain the authorization problem, if possible, then redirect
back to the rubygem page.
martinemde
martinemde reviewed Sep 22, 2024
View reviewed changes
Copy link
Member

@martinemde martinemde left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it looks good, I need to finish reading through the tests so I'll approve when I'm done, but wanted to get these comments in.

app/models/events/rubygem_event.rb Outdated
@@ -59,6 +59,14 @@ class Events::RubygemEvent < ApplicationRecord
attribute :owner_gid, :global_id
end

OWNER_UPDATED = define_event "rubygem:owner:updated" do
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should this have the new role or old role so we can print "from admin to maintainer".

config/brakeman.ignore Outdated
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wish we didn't have to have brakeman.ignore. They often need to be fixed and I only notice the code changed when the build fails.

I hesitate to suggest... but changing the param and attribute to access would prevent the warnings. It pairs the name with lib/access.rb. What do you think? Too much?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I did an experiment and found Brakeman is okay with using params[:role]. The solution here I think is to move the action of updating a user's role to its own Rails Controller

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As discussed, we're going to leave this for now. If we're making lots of changes and this turns into a pain we will investigate moving the update role action into its own controller

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@martinemde martinemde martinemde left review comments

@segiddins segiddins segiddins approved these changes

Assignees
No one assigned
Labels
None yet
Projects
RubyGems.org Pull Requests
Status: Ready
Milestone
Maintainer Role
Development

Successfully merging this pull request may close these issues.
3 participants
@colby-swandale @martinemde @segiddins