WEB-1140 manage user workspace membership services #2460
Conversation
| const workspacesAclTable = tables.workspacesAcl(db) | ||
|
|
||
| // Get current role | ||
| const currentRoleQuery = workspacesAclTable |
There was a problem hiding this comment.
should this be in a separate function getCurrentRoleForUserInWorkspace or similar? I assume we'll need to undertake this similar query in other functions?
Should we not return all roles for a user, and then we can check in that list of all roles if they are an admin without making a further db query?
There was a problem hiding this comment.
I think that's fair. Based on the roles listed I assumed a user would only ever have one role in a workspace.
Am I reading it right that you're suggesting dropping the .where('role', 'workspace:admin') bit and inspecting the list? That makes sense to me as well even if there's only ever one role. Is it strictly worse (performance wise?) to include this extra clause?
| } | ||
|
|
||
| // Protect against removing last admin in workspace | ||
| const isUserLastAdmin = await isUserLastAdminFactory({ db })({ |
There was a problem hiding this comment.
See note above. Can we retrieve all roles for a user in the workspace above, then do an roles.includes('workspace:admin') here?
There was a problem hiding this comment.
I think it's also important to check, not just that the user is an admin, but that there are no other admins in the workspace. Is that maybe implied in another way from checking a given user's roles?
| async ({ userId, workspaceId, role }: WorkspaceAcl): Promise<void> => { | ||
| await upsertWorkspaceRole({ userId, workspaceId, role }) | ||
|
|
||
| // TODO: Should we return the final record from `upsert`, or `get`, instead of emitting args directly? |
There was a problem hiding this comment.
From upsert, if it returns the values in the row as this should reflect what is stored. If it doesn't return the value, then using the args is ok.
There was a problem hiding this comment.
This is something I plan to ask about next time we're all around. It looks like, in general, we don't return the final result from upsert functions but this is a case where I'd find it useful.
There was a problem hiding this comment.
For me, an upsert is a complex conditional operation, cause if the value doesn't exist, you need to insert the full object. So allowing partial upsert needs a lot of guards to get right. I like full upserts more for that reason. If that is true, there must not be any differences between the args object and the stored value.
packages/server/modules/workspaces/tests/integration/repositories.spec.ts
Outdated
Show resolved
Hide resolved
|
@iainsproat took another swing, given your comments. I do like this much better lmk what you think |
| } | ||
|
|
||
| // Bail early if user has no role | ||
| const currentRole = workspaceRoles.find((role) => role.userId === userId) |
There was a problem hiding this comment.
instead of running a sql query against the db, inspecting the return value and based on a condition maybe run a second, you can issue a delete command with a returning '*' statement, to get back the deleted rows.
This way you are guaranteed to only run one sql statement.
| const validRoles = Object.values(Roles.Workspace) | ||
| if (!validRoles.includes(role)) { | ||
| throw new Error(`Unexpected workspace role provided: ${role}`) | ||
| } | ||
|
|
||
| // Protect against removing last admin in workspace | ||
| const workspaceRoles = await getWorkspaceRolesFactory({ db })({ workspaceId }) |
There was a problem hiding this comment.
Now this the name of the function is lying to me. This func is more like ensuringAnAdminRemainsAndUpsertsTheRoleFactory
I think this is a lot cleaner as service level guarantee, its an application logic decision, that we do not allow workspaces without admin roles. The repo itself should not implement these guards. If we want that to be a strict dataschema guard, we should use database level guards instead..
| // Protect against removing last admin in workspace | ||
| const workspaceRoles = await getWorkspaceRolesFactory({ db })({ workspaceId }) | ||
|
|
||
| if (isUserLastWorkspaceAdmin(workspaceRoles, userId)) { |
There was a problem hiding this comment.
There could be cases, where we want to delete the role, even if the user is the last admin ie workspace deletion. ( If its not done via cascading deletes for some reason ). That way, this function becomes even more complex, cause based on an external logic, we might want to allow deletion after all. Its a lot better to have this check in the service implementation.
| async ({ userId, workspaceId, role }: WorkspaceAcl): Promise<void> => { | ||
| await upsertWorkspaceRole({ userId, workspaceId, role }) | ||
|
|
||
| // TODO: Should we return the final record from `upsert`, or `get`, instead of emitting args directly? |
There was a problem hiding this comment.
For me, an upsert is a complex conditional operation, cause if the value doesn't exist, you need to insert the full object. So allowing partial upsert needs a lot of guards to get right. I like full upserts more for that reason. If that is true, there must not be any differences between the args object and the stored value.
…and repo-level guarantees
|
@gjedlicska understood and agreed on all counts. Repo functions are even less opinionated/think-y than I originally thought. Changes are in |
| const workspaceRoles = await getWorkspaceRoles({ workspaceId }) | ||
|
|
||
| if (isUserLastWorkspaceAdmin(workspaceRoles, userId)) { | ||
| throw new Error('Cannot remove last admin from a workspace.') |
There was a problem hiding this comment.
We need a specific error type for this. If we're throwing a generic error, the top level error middleware is the one that will catch it. That in turn will make the server respond with a 500 error code, meaning an internal server error. This needs to be a 400-ish error code.
Bad example in many ways (doing it in the repo function, and we're not returning a proper status code etc) but, here's how we're doing it when changing project roles
cc @fabis94 this is why i like the results monoid patter. You cannot fuck these up.
There was a problem hiding this comment.
You can derive a specific error from BaseError and set the status code on it to 400 as a constant. That will make sure the server response code is properly set
| @@ -0,0 +1,13 @@ | |||
| import { WorkspaceAcl } from '@/modules/workspaces/domain/types' | |||
|
|
|||
| export const isUserLastWorkspaceAdmin = ( | |||
There was a problem hiding this comment.
This is missing unit tests. I know the functionality is somewhat tested in the services, but in these cases i think it is required to fully test all the edge cases of this functionality.
There was a problem hiding this comment.
added, skipped on technically-valid but not possible situations (workspace with no users, workspace with no admins, etc)
happy to add them in if we want to be extra-exhaustive
gjedlicska
deleted the
chuck/web-1140-manage-user-workspace-membership-services
branch
Description & motivation
Changes: