Revert "Do not send member updates to all (#3431)"

This reverts commit e124b2c, but keeps
the schema and data migrations in place.

Author: pcapriotti

libs/galley-types/src/Galley/Types/Teams.hs

@@ -56,7 +56,6 @@ module Galley.Types.Teams
     rolePermissions,
     roleHiddenPermissions,
     permissionsRole,
-    isAdminOrOwner,
     HiddenPerm (..),
     IsPerm (..),
   )
@@ -102,15 +101,6 @@ permissionsRole (Permissions p p') =
             rolePerms role `Set.isSubsetOf` perms
         ]
 
-isAdminOrOwner :: Permissions -> Bool
-isAdminOrOwner perms =
-  case permissionsRole perms of
-    Just RoleOwner -> True
-    Just RoleAdmin -> True
-    Just RoleMember -> False
-    Just RoleExternalPartner -> False
-    Nothing -> False
-
 -- | Internal function for 'rolePermissions'.  (It works iff the two sets in 'Permissions' are
 -- identical for every 'Role', otherwise it'll need to be specialized for the resp. sides.)
 rolePerms :: Role -> Set Perm

libs/wire-api/src/Wire/API/Error/Galley.hs

@@ -59,7 +59,6 @@ data GalleyError
   | UserBindingExists
   | NoAddToBinding
   | TooManyTeamMembers
-  | TooManyTeamAdmins
   | -- FUTUREWORK: possibly make MissingPermission take a list of Perm
     MissingPermission (Maybe Perm)
   | ActionDenied Action
@@ -169,8 +168,6 @@ type instance MapError 'NoAddToBinding = 'StaticError 403 "binding-team" "Cannot
 
 type instance MapError 'TooManyTeamMembers = 'StaticError 403 "too-many-team-members" "Maximum number of members per team reached"
 
-type instance MapError 'TooManyTeamAdmins = 'StaticError 403 "too-many-team-admins" "Maximum number of admins per team reached"
-
 type instance MapError ('MissingPermission mperm) = 'StaticError 403 "operation-denied" (MissingPermissionMessage mperm)
 
 type instance MapError ('ActionDenied action) = 'StaticError 403 "action-denied" ("Insufficient authorization (missing " `AppendSymbol` ActionName action `AppendSymbol` ")")

libs/wire-api/src/Wire/API/Routes/Internal/Galley.hs

@@ -294,7 +294,6 @@ type ITeamsAPIBase =
              "unchecked-add-team-member"
              ( CanThrow 'TooManyTeamMembers
                  :> CanThrow 'TooManyTeamMembersOnTeamWithLegalhold
-                 :> CanThrow 'TooManyTeamAdmins
                  :> ReqBody '[Servant.JSON] NewTeamMember
                  :> MultiVerb1 'POST '[Servant.JSON] (RespondEmpty 200 "OK")
              )
@@ -321,7 +320,6 @@ type ITeamsAPIBase =
                         :> CanThrow 'InvalidPermissions
                         :> CanThrow 'TeamNotFound
                         :> CanThrow 'TeamMemberNotFound
-                        :> CanThrow 'TooManyTeamAdmins
                         :> CanThrow 'NotATeamMember
                         :> CanThrow OperationDenied
                         :> ReqBody '[Servant.JSON] NewTeamMember

libs/wire-api/src/Wire/API/Routes/Public/Galley/TeamMember.hs

@@ -105,7 +105,6 @@ type TeamMemberAPI =
                :> CanThrow OperationDenied
                :> CanThrow 'TeamNotFound
                :> CanThrow 'TooManyTeamMembers
-               :> CanThrow 'TooManyTeamAdmins
                :> CanThrow 'UserBindingExists
                :> CanThrow 'TooManyTeamMembersOnTeamWithLegalhold
                :> ZLocalUser
@@ -170,7 +169,6 @@ type TeamMemberAPI =
                :> CanThrow 'InvalidPermissions
                :> CanThrow 'TeamNotFound
                :> CanThrow 'TeamMemberNotFound
-               :> CanThrow 'TooManyTeamAdmins
                :> CanThrow 'NotATeamMember
                :> CanThrow OperationDenied
                :> ZLocalUser

services/brig/test/integration/API/Federation.hs

@@ -389,7 +389,7 @@ testRemoteUserGetsDeleted opts brig cannon fedBrigClient = do
       runFedClient @"on-user-deleted-connections" fedBrigClient (qDomain remoteUser) $
         UserDeletedConnectionsNotification (qUnqualified remoteUser) (unsafeRange localUsers)
 
-    WS.assertMatchN_ (60 # Second) [cc] $ matchDeleteUserNotification remoteUser
+    WS.assertMatchN_ (5 # Second) [cc] $ matchDeleteUserNotification remoteUser
     WS.assertNoEvent (1 # Second) [pc, bc, uc]
 
   for_ localUsers $ \u ->

services/galley/src/Galley/API/Internal.hs

@@ -73,7 +73,6 @@ import Galley.Effects.MemberStore
 import qualified Galley.Effects.MemberStore as E
 import Galley.Effects.ProposalStore
 import Galley.Effects.TeamStore
-import qualified Galley.Effects.TeamStore as E
 import qualified Galley.Intra.Push as Intra
 import Galley.Monad
 import Galley.Options
@@ -377,8 +376,8 @@ rmUser lusr conn = do
         goConvPages range newCids
 
     leaveTeams page = for_ (pageItems page) $ \tid -> do
-      admins <- E.getTeamAdmins tid
-      uncheckedDeleteTeamMember lusr conn tid (tUnqualified lusr) admins
+      mems <- getTeamMembersForFanout tid
+      uncheckedDeleteTeamMember lusr conn tid (tUnqualified lusr) mems
       page' <- listTeams @p2 (tUnqualified lusr) (Just (pageState page)) maxBound
       leaveTeams page'
 

services/galley/src/Galley/API/Teams.hs

@@ -138,7 +138,6 @@ import Wire.API.Team.Conversation
 import qualified Wire.API.Team.Conversation as Public
 import Wire.API.Team.Export (TeamExportUser (..))
 import Wire.API.Team.Member
-import qualified Wire.API.Team.Member as M
 import qualified Wire.API.Team.Member as Public
 import Wire.API.Team.Permission (Perm (..), Permissions (..), SPerm (..), copy, fullPermissions, self)
 import Wire.API.Team.Role
@@ -329,13 +328,17 @@ updateTeamH ::
   Sem r ()
 updateTeamH zusr zcon tid updateData = do
   zusrMembership <- E.getTeamMember tid zusr
+  -- let zothers = map (view userId) membs
+  -- Log.debug $
+  --   Log.field "targets" (toByteString . show $ toByteString <$> zothers)
+  --     . Log.field "action" (Log.val "Teams.updateTeam")
   void $ permissionCheckS SSetTeamData zusrMembership
   E.setTeamData tid updateData
   now <- input
-  admins <- E.getTeamAdmins tid
+  memList <- getTeamMembersForFanout tid
   let e = newEvent tid now (EdTeamUpdate updateData)
-  let r = list1 (userRecipient zusr) (map userRecipient (filter (/= zusr) admins))
-  E.push1 $ newPushLocal1 ListComplete zusr (TeamEvent e) r & pushConn ?~ zcon & pushTransient .~ True
+  let r = list1 (userRecipient zusr) (membersToRecipients (Just zusr) (memList ^. teamMembers))
+  E.push1 $ newPushLocal1 (memList ^. teamMemberListType) zusr (TeamEvent e) r & pushConn ?~ zcon
 
 deleteTeam ::
   forall r.
@@ -704,7 +707,6 @@ addTeamMember ::
     Member (ErrorS OperationDenied) r,
     Member (ErrorS 'TeamNotFound) r,
     Member (ErrorS 'TooManyTeamMembers) r,
-    Member (ErrorS 'TooManyTeamAdmins) r,
     Member (ErrorS 'UserBindingExists) r,
     Member (ErrorS 'TooManyTeamMembersOnTeamWithLegalhold) r,
     Member (Input Opts) r,
@@ -737,15 +739,15 @@ addTeamMember lzusr zcon tid nmem = do
   ensureConnectedToLocals zusr [uid]
   (TeamSize sizeBeforeJoin) <- E.getSize tid
   ensureNotTooLargeForLegalHold tid (fromIntegral sizeBeforeJoin + 1)
-  void $ addTeamMemberInternal tid (Just zusr) (Just zcon) nmem
+  memList <- getTeamMembersForFanout tid
+  void $ addTeamMemberInternal tid (Just zusr) (Just zcon) nmem memList
 
 -- This function is "unchecked" because there is no need to check for user binding (invite only).
 uncheckedAddTeamMember ::
   forall r.
   ( Member BrigAccess r,
     Member GundeckAccess r,
     Member (ErrorS 'TooManyTeamMembers) r,
-    Member (ErrorS 'TooManyTeamAdmins) r,
     Member (ErrorS 'TooManyTeamMembersOnTeamWithLegalhold) r,
     Member (Input Opts) r,
     Member (Input UTCTime) r,
@@ -759,18 +761,18 @@ uncheckedAddTeamMember ::
   NewTeamMember ->
   Sem r ()
 uncheckedAddTeamMember tid nmem = do
+  mems <- getTeamMembersForFanout tid
   (TeamSize sizeBeforeJoin) <- E.getSize tid
   ensureNotTooLargeForLegalHold tid (fromIntegral sizeBeforeJoin + 1)
-  (TeamSize sizeBeforeAdd) <- addTeamMemberInternal tid Nothing Nothing nmem
-  owners <- E.getBillingTeamMembers tid
-  Journal.teamUpdate tid (sizeBeforeAdd + 1) owners
+  (TeamSize sizeBeforeAdd) <- addTeamMemberInternal tid Nothing Nothing nmem mems
+  billingUserIds <- E.getBillingTeamMembers tid
+  Journal.teamUpdate tid (sizeBeforeAdd + 1) billingUserIds
 
 uncheckedUpdateTeamMember ::
   forall r.
   ( Member BrigAccess r,
     Member (ErrorS 'TeamNotFound) r,
     Member (ErrorS 'TeamMemberNotFound) r,
-    Member (ErrorS 'TooManyTeamAdmins) r,
     Member GundeckAccess r,
     Member (Input UTCTime) r,
     Member P.TinyLog r,
@@ -795,22 +797,33 @@ uncheckedUpdateTeamMember mlzusr mZcon tid newMember = do
   previousMember <-
     E.getTeamMember tid targetId >>= noteS @'TeamMemberNotFound
 
-  admins <- E.getTeamAdmins tid
-  let admins' = [targetId | isAdminOrOwner targetPermissions] <> filter (/= targetId) admins
-  checkAdminLimit (length admins')
-
   -- update target in Cassandra
   E.setTeamMemberPermissions (previousMember ^. permissions) tid targetId targetPermissions
 
-  when (team ^. teamBinding == Binding) $ do
-    (TeamSize size) <- E.getSize tid
-    owners <- E.getBillingTeamMembers tid
-    Journal.teamUpdate tid size owners
-
-  now <- input
-  let event = newEvent tid now (EdMemberUpdate targetId (Just targetPermissions))
-  let pushPriv = newPush ListComplete mZusr (TeamEvent event) (map userRecipient admins')
-  for_ pushPriv (\p -> E.push1 (p & pushConn .~ mZcon & pushTransient .~ True))
+  updatedMembers <- getTeamMembersForFanout tid
+  updateJournal team
+  updatePeers mZusr targetId targetMember targetPermissions updatedMembers
+  where
+    updateJournal :: Team -> Sem r ()
+    updateJournal team = do
+      when (team ^. teamBinding == Binding) $ do
+        (TeamSize size) <- E.getSize tid
+        owners <- E.getBillingTeamMembers tid
+        Journal.teamUpdate tid size owners
+
+    updatePeers :: Maybe UserId -> UserId -> TeamMember -> Permissions -> TeamMemberList -> Sem r ()
+    updatePeers zusr targetId targetMember targetPermissions updatedMembers = do
+      -- inform members of the team about the change
+      -- some (privileged) users will be informed about which change was applied
+      let privileged = filter (`canSeePermsOf` targetMember) (updatedMembers ^. teamMembers)
+          mkUpdate = EdMemberUpdate targetId
+          privilegedUpdate = mkUpdate $ Just targetPermissions
+          privilegedRecipients = membersToRecipients Nothing privileged
+      now <- input
+      let ePriv = newEvent tid now privilegedUpdate
+      -- push to all members (user is privileged)
+      let pushPriv = newPush (updatedMembers ^. teamMemberListType) zusr (TeamEvent ePriv) $ privilegedRecipients
+      for_ pushPriv (\p -> E.push1 (p & pushConn .~ mZcon))
 
 updateTeamMember ::
   forall r.
@@ -819,7 +832,6 @@ updateTeamMember ::
     Member (ErrorS 'InvalidPermissions) r,
     Member (ErrorS 'TeamNotFound) r,
     Member (ErrorS 'TeamMemberNotFound) r,
-    Member (ErrorS 'TooManyTeamAdmins) r,
     Member (ErrorS 'NotATeamMember) r,
     Member (ErrorS OperationDenied) r,
     Member GundeckAccess r,
@@ -950,6 +962,7 @@ deleteTeamMember' lusr zcon tid remove mBody = do
     tm <- noteS @'TeamMemberNotFound targetMember
     unless (canDeleteMember dm tm) $ throwS @'AccessDenied
   team <- fmap tdTeam $ E.getTeam tid >>= noteS @'TeamNotFound
+  mems <- getTeamMembersForFanout tid
   if team ^. teamBinding == Binding && isJust targetMember
     then do
       body <- mBody & note (InvalidPayload "missing request body")
@@ -967,8 +980,7 @@ deleteTeamMember' lusr zcon tid remove mBody = do
       Journal.teamUpdate tid sizeAfterDelete $ filter (/= remove) owners
       pure TeamMemberDeleteAccepted
     else do
-      admins <- E.getTeamAdmins tid
-      uncheckedDeleteTeamMember lusr (Just zcon) tid remove admins
+      uncheckedDeleteTeamMember lusr (Just zcon) tid remove mems
       pure TeamMemberDeleteCompleted
 
 -- This function is "unchecked" because it does not validate that the user has the `RemoveTeamMember` permission.
@@ -985,43 +997,47 @@ uncheckedDeleteTeamMember ::
   Maybe ConnId ->
   TeamId ->
   UserId ->
-  [UserId] ->
+  TeamMemberList ->
   Sem r ()
-uncheckedDeleteTeamMember lusr zcon tid remove admins = do
+uncheckedDeleteTeamMember lusr zcon tid remove mems = do
   now <- input
   pushMemberLeaveEvent now
   E.deleteTeamMember tid remove
   removeFromConvsAndPushConvLeaveEvent now
   where
-    -- notify team admins
+    -- notify all team members.
     pushMemberLeaveEvent :: UTCTime -> Sem r ()
     pushMemberLeaveEvent now = do
       let e = newEvent tid now (EdMemberLeave remove)
       let r =
-            userRecipient
-              <$> list1
-                (tUnqualified lusr)
-                (filter (/= (tUnqualified lusr)) admins)
+            list1
+              (userRecipient (tUnqualified lusr))
+              (membersToRecipients (Just (tUnqualified lusr)) (mems ^. teamMembers))
       E.push1 $
-        newPushLocal1 ListComplete (tUnqualified lusr) (TeamEvent e) r & pushConn .~ zcon & pushTransient .~ True
+        newPushLocal1 (mems ^. teamMemberListType) (tUnqualified lusr) (TeamEvent e) r & pushConn .~ zcon
     -- notify all conversation members not in this team.
     removeFromConvsAndPushConvLeaveEvent :: UTCTime -> Sem r ()
     removeFromConvsAndPushConvLeaveEvent now = do
-      let tmids = Set.fromList admins
+      -- This may not make sense if that list has been truncated. In such cases, we still want to
+      -- remove the user from conversations but never send out any events. We assume that clients
+      -- handle nicely these missing events, regardless of whether they are in the same team or not
+      let tmids = Set.fromList $ map (view userId) (mems ^. teamMembers)
       let edata = Conv.EdMembersLeave (Conv.QualifiedUserIdList [tUntagged (qualifyAs lusr remove)])
       cc <- E.getTeamConversations tid
       for_ cc $ \c ->
         E.getConversation (c ^. conversationId) >>= \conv ->
           for_ conv $ \dc -> when (remove `isMember` Data.convLocalMembers dc) $ do
             E.deleteMembers (c ^. conversationId) (UserList [remove] [])
-            pushEvent tmids edata now dc
+            -- If the list was truncated, then the tmids list is incomplete so we simply drop these events
+            unless (mems ^. teamMemberListType == ListTruncated) $
+              pushEvent tmids edata now dc
     pushEvent :: Set UserId -> Conv.EventData -> UTCTime -> Data.Conversation -> Sem r ()
     pushEvent exceptTo edata now dc = do
       let qconvId = tUntagged $ qualifyAs lusr (Data.convId dc)
       let (bots, users) = localBotsAndUsers (Data.convLocalMembers dc)
       let x = filter (\m -> not (Conv.lmId m `Set.member` exceptTo)) users
       let y = Conv.Event qconvId Nothing (tUntagged lusr) now edata
-      for_ (newPushLocal ListComplete (tUnqualified lusr) (ConvEvent y) (recipient <$> x)) $ \p ->
+      for_ (newPushLocal (mems ^. teamMemberListType) (tUnqualified lusr) (ConvEvent y) (recipient <$> x)) $ \p ->
         E.push1 $ p & pushConn .~ zcon
       E.deliverAsync (bots `zip` repeat y)
 
@@ -1226,7 +1242,6 @@ ensureNotTooLargeForLegalHold tid teamSize =
 addTeamMemberInternal ::
   ( Member BrigAccess r,
     Member (ErrorS 'TooManyTeamMembers) r,
-    Member (ErrorS 'TooManyTeamAdmins) r,
     Member GundeckAccess r,
     Member (Input Opts) r,
     Member (Input UTCTime) r,
@@ -1238,29 +1253,29 @@ addTeamMemberInternal ::
   Maybe UserId ->
   Maybe ConnId ->
   NewTeamMember ->
+  TeamMemberList ->
   Sem r TeamSize
-addTeamMemberInternal tid origin originConn (ntmNewTeamMember -> new) = do
+addTeamMemberInternal tid origin originConn (ntmNewTeamMember -> new) memList = do
   P.debug $
     Log.field "targets" (toByteString (new ^. userId))
       . Log.field "action" (Log.val "Teams.addTeamMemberInternal")
   sizeBeforeAdd <- ensureNotTooLarge tid
-
-  admins <- E.getTeamAdmins tid
-  let admins' = [new ^. userId | isAdminOrOwner (new ^. M.permissions)] <> admins
-  checkAdminLimit (length admins')
-
   E.createTeamMember tid new
-
   now <- input
   let e = newEvent tid now (EdMemberJoin (new ^. userId))
-  let rs = case origin of
-        Just o -> userRecipient <$> list1 o (filter (/= o) ((new ^. userId) : admins'))
-        Nothing -> userRecipient <$> list1 (new ^. userId) (admins')
   E.push1 $
-    newPushLocal1 ListComplete (new ^. userId) (TeamEvent e) rs & pushConn .~ originConn & pushTransient .~ True
-
+    newPushLocal1 (memList ^. teamMemberListType) (new ^. userId) (TeamEvent e) (recipients origin new) & pushConn .~ originConn
   APITeamQueue.pushTeamEvent tid e
   pure sizeBeforeAdd
+  where
+    recipients (Just o) n =
+      list1
+        (userRecipient o)
+        (membersToRecipients (Just o) (n : memList ^. teamMembers))
+    recipients Nothing n =
+      list1
+        (userRecipient (n ^. userId))
+        (membersToRecipients Nothing (memList ^. teamMembers))
 
 finishCreateTeam ::
   ( Member GundeckAccess r,
@@ -1389,8 +1404,3 @@ queueTeamDeletion ::
 queueTeamDeletion tid zusr zcon = do
   ok <- E.tryPush (TeamItem tid zusr zcon)
   unless ok $ throwS @'DeleteQueueFull
-
-checkAdminLimit :: Member (ErrorS 'TooManyTeamAdmins) r => Int -> Sem r ()
-checkAdminLimit adminCount =
-  when (adminCount > 2000) $
-    throwS @'TooManyTeamAdmins

services/galley/src/Galley/Cassandra.hs

@@ -20,4 +20,4 @@ module Galley.Cassandra (schemaVersion) where
 import Imports
 
 schemaVersion :: Int32
-schemaVersion = 83
+schemaVersion = 81

services/galley/src/Galley/Cassandra/Queries.hs

@@ -167,15 +167,6 @@ deleteBillingTeamMember = "delete from billing_team_member where team = ? and us
 listBillingTeamMembers :: PrepQuery R (Identity TeamId) (Identity UserId)
 listBillingTeamMembers = "select user from billing_team_member where team = ?"
 
-insertTeamAdmin :: PrepQuery W (TeamId, UserId) ()
-insertTeamAdmin = "insert into team_admin (team, user) values (?, ?)"
-
-deleteTeamAdmin :: PrepQuery W (TeamId, UserId) ()
-deleteTeamAdmin = "delete from team_admin where team = ? and user = ?"
-
-listTeamAdmins :: PrepQuery R (Identity TeamId) (Identity UserId)
-listTeamAdmins = "select user from team_admin where team = ?"
-
 updatePermissions :: PrepQuery W (Permissions, TeamId, UserId) ()
 updatePermissions = "update team_member set perms = ? where team = ? and user = ?"