compose_box: Replace compose box with a banner when cannot post in a channel

[sm-sayedi]

When a user cannot post in a channel based on ZulipStream.channelPostPolicy, all parts of the compose box (in both channel and topic narrow) are replaced with a banner, saying: You do not have permission to post in this channel.

Screenshot

Screen recording

channel-policy-based.compose.box.mp4

Fixes: #674

[rajveermalviya]

Thanks for working on this @sm-sayedi, this looks great!

Moving on to the mentor review from @hackerkid.

[chrisbobbe]

Thanks! Comments below, covering everything except the tests added in the main, last commit:

compose_box: Replace compose box with a banner when cannot post in a channel

because I've suggested a cleanup that should help me review those tests more efficiently; see below. 🙂

[chrisbobbe]

Suggested change

	/// Search for "realm_waiting_period_threshold" in https://zulip.com/api/register-queue.
	///
	/// For how to determine if a user is a full member, see:
	/// Search for "realm_waiting_period_threshold" in https://zulip.com/api/register-queue.
	///
	/// For how to determine if a user is a full member, see:

[chrisbobbe]

Suggested change

	final int realmWaitingPeriodThreshold;
	final int realmWaitingPeriodThreshold; // TODO(#668): update this realm setting

[chrisbobbe]

This method's name isn't quite a match for what it does. Compare zulip-mobile:

/**
 * Whether the user has passed the realm's waiting period to be a full member.
 *
 * See:
 *   https://zulip.com/api/roles-and-permissions#determining-if-a-user-is-a-full-member
 *
 * To determine if a user is a full member, callers must also check that the
 * user's role is at least Role.Member.
 *
 * […]
 */
export function getHasUserPassedWaitingPeriod(state: PerAccountState, userId: UserId): boolean {
  const { waitingPeriodThreshold } = getRealm(state);
  const { date_joined } = getUserForId(state, userId);

  const intervalLengthInDays = (Date.now() - Date.parse(date_joined)) / 86400_000;

  // […]
  // TODO(?): […]
  return intervalLengthInDays >= waitingPeriodThreshold;
}

How about we call it hasPassedWaitingPeriod, and give it a dartdoc along the lines of the jsdoc in zulip-mobile.

[chrisbobbe]

I think a helpful simplification here would be to add a method on UserRole:

  bool isAtLeast(UserRole threshold) {

which could be used here, but also anywhere else we need to do role checks. In zulip-mobile it's simple:

export function roleIsAtLeast(thisRole: Role, thresholdRole: Role): boolean {
  return (thisRole: number) <= (thresholdRole: number); // Roles with more privilege have lower numbers.
}

I think I remember concluding that "roles with more privilege have lower numbers" is basically an API guarantee. It would be pretty odd if it weren't guaranteed, given the values in the current API.

And with that encapsulated in UserRole, I think I'd feel pretty comfortable making an improvement over the logic here: when servers give an API value we don't recognize—say, 350, which would be between 300 "moderator" and 400 "member"—we could still store that value, and use it in the new isAtLeast method. (I'd be less comfortable passing around apiValue values outside the UserRole implementation itself, but it seems very appropriate to do within it.)

[chrisbobbe]

This means exactly the same thing as realmWaitingPeriodThreshold, right? Let's just call it realmWaitingPeriodThreshold, so we don't have to think about another name and decide if it means something subtly different.

[chrisbobbe]

Instead of calling DateTime.now() inside this API-model code, how about we compute it in UI code and pass the value down to here? A possible post-launch refinement might be to recheck, at regular time intervals, if enough time has passed that the user has become a full member. The natural place to do that will be near the UI code responsible for choosing whether to show the error banner.

(This caused me to think of a small, similar improvement we'll want to make eventually. I've filed that just now as #891.)

[chrisbobbe]

Suggested change

	"description": "Label text for error banner when sending a message in a channel with no posting permission."
	"description": "Error-banner text replacing the compose box when you do not have permission to send a message to the channel."

[chrisbobbe]

There's already an _errorBanner method, in _FixedDestinationComposeBoxState, and it duplicates a lot of this logic. Can we centralize the computation, perhaps in an early-return style in the build method of ComposeBox?

[chrisbobbe]

compose_box: Replace compose box with a banner when cannot post in a channel

This seems like a reasonable change to the action-sheet tests, but why is it needed in this commit, which is about the compose box?

…Ah, I think I understand: it's a boring but necessary bit of setup so that the simulated action sheet doesn't crash in the code that decides whether to show the error banner. Is that right?

There are quite a few other changes in this commit that look like they're made for the same reason. Would you move those to a prep commit before this commit? That should make it easier to focus on the interesting changes here. 🙂

[sm-sayedi]

Thanks @chrisbobbe for the review! Revision pushed with the tests cleaned up. PTAL!

[chrisbobbe]

Thanks! Ah, it looks like this has gathered some conflicts—would you mind rebasing and resolving those please?

[sm-sayedi]

Conflicts resolved @chrisbobbe! Please have a look!

[chrisbobbe]

Thanks! Comments below, all small.

[chrisbobbe]

If not implementing it now, let's add a TODO for this part that I mentioned at #886 (comment) :

[…] when servers give an API value we don't recognize—say, 350, which would be between 300 "moderator" and 400 "member"—we could still store that value, and use it in the new isAtLeast method. (I'd be less comfortable passing around apiValue values outside the UserRole implementation itself, but it seems very appropriate to do within it.)

In this revision, where we treat all unrecognized values as though they were 0, we'll give wrong results when the unrecognized role from the server is meant to be less privileged than the threshold role.

[sm-sayedi]

when servers give an API value we don't recognize—say, 350, which would be between 300 "moderator" and 400 "member"—we could still store that value, and use it in the new isAtLeast method.

I think in the current code for UserRole we get UserRole.unknown for all the unrecognized API values. With that being said, we cannot get that new unrecognized value to compare it with the threshold apiValue. 🙂

[chrisbobbe]

The proposal is to store the unrecognized API value so that isAtLeast can get its hands on it :). Looking closer, I think that would need some preparation, though, such as converting UserRole from an enum to a plain class.

Greg reminds me that we don't actually expect any more API values to be added, though, because the "role" concept is on track to be replaced by "user groups". So the work I've described for handling unrecognized values won't be worth it.

[chrisbobbe]

:)

[chrisbobbe]

To make this a bit easier to scan:

Suggested change

	final testCases = [
	(ChannelPostPolicy.unknown, UserRole.unknown, true),
	(ChannelPostPolicy.unknown, UserRole.guest, true),
	(ChannelPostPolicy.unknown, UserRole.member, true),
	(ChannelPostPolicy.unknown, UserRole.moderator, true),
	(ChannelPostPolicy.unknown, UserRole.administrator, true),
	(ChannelPostPolicy.unknown, UserRole.owner, true),
	(ChannelPostPolicy.any, UserRole.unknown, true),
	(ChannelPostPolicy.any, UserRole.guest, true),
	(ChannelPostPolicy.any, UserRole.member, true),
	(ChannelPostPolicy.any, UserRole.moderator, true),
	(ChannelPostPolicy.any, UserRole.administrator, true),
	(ChannelPostPolicy.any, UserRole.owner, true),
	(ChannelPostPolicy.fullMembers, UserRole.unknown, true),
	(ChannelPostPolicy.fullMembers, UserRole.guest, false),
	(ChannelPostPolicy.fullMembers, UserRole.member, true),
	(ChannelPostPolicy.fullMembers, UserRole.moderator, true),
	(ChannelPostPolicy.fullMembers, UserRole.administrator, true),
	(ChannelPostPolicy.fullMembers, UserRole.owner, true),
	(ChannelPostPolicy.moderators, UserRole.unknown, true),
	(ChannelPostPolicy.moderators, UserRole.guest, false),
	(ChannelPostPolicy.moderators, UserRole.member, false),
	(ChannelPostPolicy.moderators, UserRole.moderator, true),
	(ChannelPostPolicy.moderators, UserRole.administrator, true),
	(ChannelPostPolicy.moderators, UserRole.owner, true),
	(ChannelPostPolicy.administrators, UserRole.unknown, true),
	(ChannelPostPolicy.administrators, UserRole.guest, false),
	(ChannelPostPolicy.administrators, UserRole.member, false),
	(ChannelPostPolicy.administrators, UserRole.moderator, false),
	(ChannelPostPolicy.administrators, UserRole.administrator, true),
	(ChannelPostPolicy.administrators, UserRole.owner, true),
	];
	final testCases = [
	(ChannelPostPolicy.unknown, UserRole.unknown, true),
	(ChannelPostPolicy.unknown, UserRole.guest, true),
	(ChannelPostPolicy.unknown, UserRole.member, true),
	(ChannelPostPolicy.unknown, UserRole.moderator, true),
	(ChannelPostPolicy.unknown, UserRole.administrator, true),
	(ChannelPostPolicy.unknown, UserRole.owner, true),
	(ChannelPostPolicy.any, UserRole.unknown, true),
	(ChannelPostPolicy.any, UserRole.guest, true),
	(ChannelPostPolicy.any, UserRole.member, true),
	(ChannelPostPolicy.any, UserRole.moderator, true),
	(ChannelPostPolicy.any, UserRole.administrator, true),
	(ChannelPostPolicy.any, UserRole.owner, true),
	(ChannelPostPolicy.fullMembers, UserRole.unknown, true),
	(ChannelPostPolicy.fullMembers, UserRole.guest, false),
	(ChannelPostPolicy.fullMembers, UserRole.member, true),
	(ChannelPostPolicy.fullMembers, UserRole.moderator, true),
	(ChannelPostPolicy.fullMembers, UserRole.administrator, true),
	(ChannelPostPolicy.fullMembers, UserRole.owner, true),
	(ChannelPostPolicy.moderators, UserRole.unknown, true),
	(ChannelPostPolicy.moderators, UserRole.guest, false),
	(ChannelPostPolicy.moderators, UserRole.member, false),
	(ChannelPostPolicy.moderators, UserRole.moderator, true),
	(ChannelPostPolicy.moderators, UserRole.administrator, true),
	(ChannelPostPolicy.moderators, UserRole.owner, true),
	(ChannelPostPolicy.administrators, UserRole.unknown, true),
	(ChannelPostPolicy.administrators, UserRole.guest, false),
	(ChannelPostPolicy.administrators, UserRole.member, false),
	(ChannelPostPolicy.administrators, UserRole.moderator, false),
	(ChannelPostPolicy.administrators, UserRole.administrator, true),
	(ChannelPostPolicy.administrators, UserRole.owner, true),
	];

[chrisbobbe]

Suggested change

	group('only "full member" user can post in channel with "fullMembers" policy', (){
	group('only "full member" user can post in channel with "fullMembers" policy', () {

[chrisbobbe]

Suggested change

	});
	}
	});
	}

[chrisbobbe]

Suggested change

	streams: [eg.stream(streamId: 1, channelPostPolicy: policy)],
	);
	streams: [eg.stream(streamId: 1, channelPostPolicy: policy)]);

(here and in in many places later in this file)

[sm-sayedi]

Thanks @chrisbobbe for the review. Pushed the new changes. Also added #886 comment. PTAL.

cc @PIG208

[PIG208]

Looks like this should come before maxFileUploadSizeMib.

[PIG208]

We could simplify this by parsing dateJoined as we deserialize the User JSON object.

[gnprice]

We could, but I'd prefer to keep that parsing deferred: converting user objects from JSON is a hot spot performance-wise, because there can be so many of them, and parsing a DateTime is the sort of thing that I feel could easily be slow.

And conversely I think there's only a few places like here where we care about the value of dateJoined, so it's not much burden on code complexity for these to have to handle the parsing; and they're all for just one user at a time, so there's no performance concern.

[PIG208]

nit:

Suggested change

	int realmWaitingPeriodThreshold = 0,
	int? realmWaitingPeriodThreshold,

which allows us to reuse the default on eg.initialSnapshot.

[PIG208]

Looks like this belongs to the previous commit.

[PIG208]

Looking at this, I was thinking about why 0 is chosen as the default value for both operands. Considering the context this helper is used, I suppose that we want to fallback to the behavior that, when the role has an unknown value, we allow the user to post.

This consideration is specific to the posting permission feature we are implementing here. I think the best thing to do is to assert that both api values are non-null; then we handle the case when either of them is null in hasPostingPermission.

[PIG208]

nit: let's extract ZulipLocalizations.of(context) as a variable

[PIG208]

Then we can simplify this to:

Suggested change

	case ChannelNarrow narrow:
	final channel = store.streams[narrow.streamId]!;
	return channel.hasPostingPermission(selfUser, byDate: DateTime.now(), realmWaitingPeriodThreshold: store.realmWaitingPeriodThreshold)
	? null : _ErrorBanner(label: ZulipLocalizations.of(context).errorBannerCannotPostInChannelLabel);
	case TopicNarrow narrow:
	final channel = store.streams[narrow.streamId]!;
	return channel.hasPostingPermission(selfUser, byDate: DateTime.now(), realmWaitingPeriodThreshold: store.realmWaitingPeriodThreshold)
	? null : _ErrorBanner(label: ZulipLocalizations.of(context).errorBannerCannotPostInChannelLabel);
	case ChannelNarrow(:final streamId):
	case TopicNarrow(:final streamId):
	final channel = store.streams[streamId]!;
	if (channel.hasPostingPermission(selfUser, byDate: DateTime.now(),
	realmWaitingPeriodThreshold: store.realmWaitingPeriodThreshold)) {
	return _ErrorBanner(
	label: localizations.errorBannerCannotPostInChannelLabel);
	}

[PIG208]

nit: to make the lines shorter:

Suggested change

	return hasDeactivatedUser ? _ErrorBanner(label: ZulipLocalizations.of(context)
	.errorBannerDeactivatedDmLabel) : null;
	if (hasDeactivatedUser) {
	return _ErrorBanner(
	label: localizations.errorBannerDeactivatedDmLabel);
	}

[PIG208]

Looks like we are both moving tests to groups and adding the new tests.
The grouping part can be done in a prep commit so the diffs will be easier to read.

[PIG208]

nit:

Suggested change

	for (final testCase in testCases) {
	final (ChannelPostPolicy policy, UserRole role, bool canPost) = testCase;
	for (final (ChannelPostPolicy policy, UserRole role, bool canPost) in testCases) {

[PIG208]

nit:

Suggested change

	for (final testCase in testCases) {
	final (ChannelPostPolicy policy, UserRole role, bool canPost) = testCase;
	for (final (ChannelPostPolicy policy, UserRole role, bool canPost) in testCases) {

[PIG208]

Hmm, the deletion is a bit far apart from where it was re-added.

A goal of restructuring the change would be that we have one commit that moves the old tests, and one that only adds the new ones.

[PIG208]

nit: let's break this into multiple lines

[PIG208]

nit: by turning this into || we can replace the ... ? ... : true clause with ... && ...