Skip to content

feat: add delegation commands #210

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 7, 2025
Merged

feat: add delegation commands #210

merged 1 commit into from
Mar 7, 2025

Conversation

Sakib25800
Copy link
Contributor

@Sakib25800 Sakib25800 commented Mar 5, 2025
edited by Kobzol
Loading

Fixes: #209
Fixes: #129

@Sakib25800
Copy link
Contributor Author

Sakib25800 commented Mar 5, 2025
edited
Loading

I've modified the undelegation logic to require either reviewer permission or for the user to be a delegated user. However, the original Homu implementation required the try permission - seems like they never got around to it.

elif command.action == 'undelegate':
        # TODO: why is this a TRY?
        if not _try_auth_verified():
            continue
        state.delegate = ''
        state.save()

Source reference

So I guess #206 will need updating.

Kobzol
Kobzol reviewed Mar 5, 2025
View reviewed changes
Copy link
Contributor

@Kobzol Kobzol left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you! Implementation looks good at a first glance, but I have to say that I forgot about @bors delegate=<username>. That sounds a bit.. useless, to be honest, and could be a potential security problem if someone mispells the name, since some other user could then get approval rights. Or a user could rename themselves to get approval rights (in theory). In general, we should try to store user GitHub IDs instead of usernames, but in this case I think we can just store a boolean property (delegated/not delegated).

I think that delegate+ and delegate- should be enough. I asked others about this here.

@Kobzol
Copy link
Contributor

Kobzol commented Mar 5, 2025

Yeah let's just keep delegate+ and delegate-, to keep it simpler.

@Sakib25800 Sakib25800 force-pushed the feat/add-delegation-commands branch from 5de0a71 to 18f5bad Compare March 5, 2025 12:40
@Sakib25800
Copy link
Contributor Author

I've removed it.

DB wise: delegated_to -> delegated.

Kobzol
Kobzol reviewed Mar 5, 2025
View reviewed changes
Copy link
Contributor

@Kobzol Kobzol left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is kind of a glaring security hole in the current implementation 😆 But should be easy to fix.

The tests will also require some modifications to actually test a situation with multiple users. In particular, there should be a test where person A creates a PR, person B delegates it, and then person C tries to approve, but it fails. This would find the "security hole" xD

But otherwise it looks very good!

@Sakib25800 Sakib25800 force-pushed the feat/add-delegation-commands branch 3 times, most recently from 70dbff1 to ab5d8a7 Compare March 6, 2025 02:12
@Kobzol
Copy link
Contributor

Kobzol commented Mar 6, 2025
edited
Loading

Btw, when you are implementing review remarks, it's fine to keep pushing individual commits, we can always squash at the very end just before merging. It is easier to review the changes more separately, rather than checking a big force push that changes the whole PR.

Kobzol
Kobzol reviewed Mar 6, 2025
View reviewed changes
Copy link
Contributor

@Kobzol Kobzol left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you! Left a few more comments.

@Kobzol
Copy link
Contributor

Kobzol commented Mar 6, 2025

I think that it works now, but could you please also add a test that a (non-PR-author) user with try permissions cannot delegate? Thanks!

@Sakib25800 Sakib25800 force-pushed the feat/add-delegation-commands branch from b70199c to d03732a Compare March 6, 2025 17:22
@Sakib25800
Copy link
Contributor Author

Let's just say I got into a fight with git. I'll fix it though - should be good git practice.

@Sakib25800 Sakib25800 force-pushed the feat/add-delegation-commands branch 2 times, most recently from 8619570 to feddf97 Compare March 6, 2025 23:37
@Sakib25800
feat: add delegation commands
47c68df 
Add @bors delegate+
Add @bors delegate-
@Sakib25800 Sakib25800 force-pushed the feat/add-delegation-commands branch from feddf97 to 47c68df Compare March 7, 2025 00:13
@Sakib25800
Copy link
Contributor Author

Added delegatee_can_set_priority test.

@Sakib25800 Sakib25800 mentioned this pull request Mar 7, 2025
Merged
Kobzol
Kobzol approved these changes Mar 7, 2025
View reviewed changes
Copy link
Contributor

@Kobzol Kobzol left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you, awesome work!

@Kobzol Kobzol added this pull request to the merge queue Mar 7, 2025
Merged via the queue into rust-lang:main with commit 1f773b3 Mar 7, 2025
2 checks passed
This was referenced Mar 7, 2025
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Kobzol Kobzol Kobzol approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Implement delegation commands Allow clawing back @bors delegate+
2 participants
@Sakib25800 @Kobzol