Skip to content

[GH-326] Added subscription flag for filtering out confidential issues, and disallow guests from creating subscriptions#376

Merged
avas27JTG merged 8 commits intomattermost:masterfrom
Brightscout:MM-326
Mar 8, 2024
Merged

[GH-326] Added subscription flag for filtering out confidential issues, and disallow guests from creating subscriptions#376
avas27JTG merged 8 commits intomattermost:masterfrom
Brightscout:MM-326

Conversation

@Kshitij-Katiyar
Copy link
Copy Markdown
Contributor

@Kshitij-Katiyar Kshitij-Katiyar commented May 4, 2023

Summary

  • Added an additional flag for confidential issues in the subscription slash command.
  • Added the check that guest users cannot create a subscription.

Issue

@Kshitij-Katiyar
[MI-3045]: Added checks for confidential issues at the time of making…
ddd4074 
… subscriptions (#37)

* [MI-3045]:Added checks for confidential issues

* [MI-3045]:Added unit test cases

* [MI-3045]:Fixed self review comments

* [MI-3045]:Fixed unit test cases

* [MI-3045]:Fixed lint errors

* [MI-3045]:Fixed review comments

* [MI-3045]:Fixed context deadline error

* [MI-3045]:Fixed review comments

* [MI-3045]:Fixed statements
@mattermost-build
Copy link
Copy Markdown
Contributor

mattermost-build commented May 4, 2023

Hello @Kshitij-Katiyar,

Thanks for your pull request! A Core Committer will review your pull request soon. For code contributions, you can learn more about the review process here.

@codecov
Copy link
Copy Markdown

codecov bot commented May 4, 2023
edited
Loading

Codecov Report

Attention: Patch coverage is 75.00000% with 5 lines in your changes are missing coverage. Please review.

Project coverage is 33.99%. Comparing base (98fdf4f) to head (bfb8f9c).
Report is 11 commits behind head on master.

Files Patch % Lines
server/subscription/subscription.go 0.00% 2 Missing ⚠️
server/webhook/issue.go 60.00% 1 Missing and 1 partial ⚠️
server/command.go 83.33% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master     #376      +/-   ##
==========================================
+ Coverage   33.40%   33.99%   +0.59%     
==========================================
  Files          22       22              
  Lines        3979     3992      +13     
==========================================
+ Hits         1329     1357      +28     
+ Misses       2519     2499      -20     
- Partials      131      136       +5

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

mickmister
mickmister reviewed May 4, 2023
View reviewed changes
server/command.go
* |/gitlab subscriptions add owner[/repo] [features]| - Subscribe the current channel to receive notifications about opened merge requests and issues for a group or repository
* |features| is a comma-delimited list of one or more the following:
* issues - includes new and closed issues
* confidential_issues - includes new and closed confidential issues
Copy link
Copy Markdown
Contributor

@mickmister mickmister May 4, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We may want to make this opt-in, so as to not break existing subscriptions. If this is the case, the flag should be exclude_confidential_issues. Thoughts on this? @jupenur @esarafianou

Copy link
Copy Markdown
Contributor Author

@Kshitij-Katiyar Kshitij-Katiyar May 8, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mickmister Fixed all the review comments apart for this one. Waiting for replies.

Copy link
Copy Markdown
Contributor

@mickmister mickmister May 25, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@hanzei Do you have an opinion on this?

Copy link
Copy Markdown
Contributor

@esarafianou esarafianou May 29, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mickmister Hadn't been notified about this ping and bumped into it today.

The ideal behavior is secure by default. That would mean excluding confidential issues by default.

Since this is a breaking change for existing subscriptions, we can consider a major release.

@mickmister mickmister changed the title [GH-326] Added checks for confidential issues at the time of making subscriptions [GH-326] Added subscription flag for filtering out confidential issues, and disallow guests from creating subscriptions May 4, 2023
Kshitij-Katiyar added a commit to Brightscout/mattermost-plugin-gitlab that referenced this pull request May 5, 2023
@Kshitij-Katiyar
[MI-3060]:Fixed review comments of PR mattermost#376 on gitlab plugin
eb231e2
@Kshitij-Katiyar Kshitij-Katiyar mentioned this pull request May 5, 2023
Merged
@Kshitij-Katiyar
[MI-3060]:Fixed review comments of PR mattermost#376 on gitlab plugin (
ddbc11f 
…#38)

* [MI-3060]:Fixed review comments of PR mattermost#376 on gitlab plugin

* [MI-3060]:Fixed test cases

* [MI-3060]:Updated the msg

* [MI-3060]:Fixed the test cases
@Kshitij-Katiyar Kshitij-Katiyar requested a review from mickmister May 8, 2023 08:02
@mattermost-build
Copy link
Copy Markdown
Contributor

mattermost-build commented May 19, 2023

This PR has been automatically labelled "stale" because it hasn't had recent activity.
A core team member will check in on the status of the PR to help with questions.
Thank you for your contribution!

@mickmister mickmister added 2: Dev Review Requires review by a core committer 3: QA Review Requires review by a QA tester and removed Lifecycle/1:stale labels May 19, 2023
@mickmister mickmister requested a review from DHaussermann May 19, 2023 14:07
@mickmister
Copy link
Copy Markdown
Contributor

mickmister commented May 19, 2023

@Kshitij-Katiyar Heads up that there are conflicts to resolve here

@hanzei hanzei added the Awaiting Submitter Action Blocked on the author label May 21, 2023
@Kshitij-Katiyar
Copy link
Copy Markdown
Contributor Author

Kshitij-Katiyar commented May 25, 2023

@mickmister Fixed the merge conflicts

mickmister
mickmister reviewed May 25, 2023
View reviewed changes
server/command.go
* |/gitlab subscriptions add owner[/repo] [features]| - Subscribe the current channel to receive notifications about opened merge requests and issues for a group or repository
* |features| is a comma-delimited list of one or more the following:
* issues - includes new and closed issues
* confidential_issues - includes new and closed confidential issues
Copy link
Copy Markdown
Contributor

@mickmister mickmister May 25, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@hanzei Do you have an opinion on this?

spirosoik
spirosoik approved these changes May 29, 2023
View reviewed changes
Copy link
Copy Markdown
Contributor

@spirosoik spirosoik left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@mattermost-build
Copy link
Copy Markdown
Contributor

mattermost-build commented Jun 9, 2023

This PR has been automatically labelled "stale" because it hasn't had recent activity.
A core team member will check in on the status of the PR to help with questions.
Thank you for your contribution!

@hanzei hanzei self-requested a review June 9, 2023 07:41
hanzei
hanzei approved these changes Jun 23, 2023
View reviewed changes
Copy link
Copy Markdown
Collaborator

@hanzei hanzei left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@hanzei hanzei removed 2: Dev Review Requires review by a core committer Awaiting Submitter Action Blocked on the author Lifecycle/1:stale labels Jun 23, 2023
@hanzei
Copy link
Copy Markdown
Collaborator

hanzei commented Jun 23, 2023

@DHaussermann The PR is ready for your review

@mattermost-build
Copy link
Copy Markdown
Contributor

mattermost-build commented Jul 7, 2023

This PR has been automatically labelled "stale" because it hasn't had recent activity.
A core team member will check in on the status of the PR to help with questions.
Thank you for your contribution!

@mickmister
Copy link
Copy Markdown
Contributor

mickmister commented Sep 7, 2023

@Kshitij-Katiyar Heads up that there are conflicts to resolve here

@hanzei hanzei added the Awaiting Submitter Action Blocked on the author label Sep 7, 2023
@hanzei hanzei removed the request for review from DHaussermann October 16, 2023 20:43
@hanzei
Copy link
Copy Markdown
Collaborator

hanzei commented Nov 29, 2023

@Kshitij-Katiyar gentle reminder to resolve the conflicts

@avas27JTG avas27JTG added this to the v1.9.0 milestone Dec 5, 2023
@ayusht2810
Copy link
Copy Markdown
Contributor

ayusht2810 commented Jan 3, 2024

@hanzei resolved the conflicts.

@hanzei hanzei requested a review from DHaussermann January 4, 2024 12:02
@hanzei hanzei requested review from AayushChaudhary0001 and removed request for DHaussermann January 23, 2024 14:28
@AayushChaudhary0001
Copy link
Copy Markdown

AayushChaudhary0001 commented Feb 21, 2024

@raghavaggarwal2308 While testing this PR, none of the above conditions were found working. The guest user on MM was able to create a subscription and also there wasn't any flag for confidential issues in subscription slash command. Please go-through this once.

@raghavaggarwal2308
Copy link
Copy Markdown

raghavaggarwal2308 commented Feb 26, 2024

@raghavaggarwal2308 While testing this PR, none of the above conditions were found working. The guest user on MM was able to create a subscription and also there wasn't any flag for confidential issues in subscription slash command. Please go-through this once.

@AayushChaudhary0001

  1. The flag is added in the "--features" section while creating a subscription.
  2. The user who has guest access to a Gitlab project cannot create a subscription on MM.

AayushChaudhary0001
AayushChaudhary0001 approved these changes Feb 28, 2024
View reviewed changes
Copy link
Copy Markdown

@AayushChaudhary0001 AayushChaudhary0001 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @raghavaggarwal2308 for the assistance.

The above PR has been tested for the following features:-

  • There is a seperate flag added for creating a subscription for confidential issues.
  • A user with a guest access of any repo on Gitlab cannot create a subscription in MM.

The PR was working fine for both the above conditions, LGTM. Approved.

@hanzei hanzei added 4: Reviews Complete All reviewers have approved the pull request and removed 3: QA Review Requires review by a QA tester labels Feb 28, 2024
@avas27JTG avas27JTG merged commit 54a9c46 into mattermost:master Mar 8, 2024
@avas27JTG avas27JTG deleted the MM-326 branch March 8, 2024 13:34
@ayusht2810 ayusht2810 mentioned this pull request Mar 22, 2024
Closed
@raghavaggarwal2308 raghavaggarwal2308 mentioned this pull request Jul 1, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@esarafianou esarafianou esarafianou left review comments

@hanzei hanzei hanzei approved these changes

+3 more reviewers

@spirosoik spirosoik spirosoik approved these changes

@mickmister mickmister mickmister approved these changes

@AayushChaudhary0001 AayushChaudhary0001 AayushChaudhary0001 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

4: Reviews Complete All reviewers have approved the pull request

Projects

None yet

Milestone

v1.9.0

Development

Successfully merging this pull request may close these issues.

10 participants

@Kshitij-Katiyar @mattermost-build @mickmister @hanzei @ayusht2810 @AayushChaudhary0001 @raghavaggarwal2308 @spirosoik @esarafianou @avas27JTG