S2S: Person: Grant: Record role and resource in Permit record

This commit is contained in:
Pere Lev 2024-04-19 02:30:33 +03:00
parent 1f36657084
commit ab08e593ef
No known key found for this signature in database
GPG key ID: 5252C5C863E5E57D
9 changed files with 252 additions and 23 deletions

View file

@ -0,0 +1,2 @@
PermitTopicExtend
permit PermitPersonSendDelegatorId

View file

@ -0,0 +1,48 @@
Person
PermitTopicEnableLocal
PermitTopicEnableRemote
RemoteActivity
Outbox
OutboxItem
outbox OutboxId
activity PersistJSONObject
published UTCTime
Permit
person PersonId
role Role
PermitPersonGesture
permit PermitId
activity OutboxItemId
UniquePermitPersonGesture permit
UniquePermitPersonGestureActivity activity
PermitPersonSendDelegator
permit PermitPersonGestureId
grant OutboxItemId
UniquePermitPersonSendDelegator permit
UniquePermitPersonSendDelegatorGrant grant
PermitTopicExtend
permit PermitPersonSendDelegatorId
PermitTopicExtendLocal
permit PermitPersonSendDelegatorId
permitNew PermitTopicExtendId
topic PermitTopicEnableLocalId
grant OutboxItemId
UniquePermitTopicExtendLocalGrant grant
PermitTopicExtendRemote
permit PermitPersonSendDelegatorId
permitNew PermitTopicExtendId
topic PermitTopicEnableRemoteId
grant RemoteActivityId
UniquePermitTopicExtendRemoteGrant grant

View file

@ -0,0 +1,11 @@
PermitTopicExtendResourceLocal
permit PermitTopicExtendId
actor ActorId
UniquePermitTopicExtendResourceLocal permit
PermitTopicExtendResourceRemote
permit PermitTopicExtendId
actor RemoteActorId
UniquePermitTopicExtendResourceRemote permit

View file

@ -20,6 +20,7 @@ module Vervis.Actor.Person
where where
import Control.Applicative import Control.Applicative
import Control.Exception.Base
import Control.Monad import Control.Monad
import Control.Monad.IO.Class import Control.Monad.IO.Class
import Control.Monad.Logger.CallStack import Control.Monad.Logger.CallStack
@ -71,11 +72,12 @@ import Vervis.FedURI
import Vervis.Federation.Util import Vervis.Federation.Util
import Vervis.Foundation import Vervis.Foundation
import Vervis.Model import Vervis.Model
import Vervis.Recipient (makeRecipientSet, LocalStageBy (..), Aud (..), collectAudience)
import Vervis.Persist.Actor import Vervis.Persist.Actor
import Vervis.Persist.Collab import Vervis.Persist.Collab
import Vervis.Persist.Discussion import Vervis.Persist.Discussion
import Vervis.Persist.Follow import Vervis.Persist.Follow
import Vervis.Recipient (makeRecipientSet, LocalStageBy (..), Aud (..), collectAudience)
import Vervis.RemoteActorStore
import Vervis.Ticket import Vervis.Ticket
-- Meaning: Someone is offering a ticket or dependency to a tracker -- Meaning: Someone is offering a ticket or dependency to a tracker
@ -888,7 +890,35 @@ personGrant now recipPersonID (Verse authorIdMsig body) grant = do
case cap of case cap of
Left (LocalActorPerson p, itemID) | p == recipPersonID -> pure itemID Left (LocalActorPerson p, itemID) | p == recipPersonID -> pure itemID
_ -> lift $ throwE "Extending access to me using a delegator-Grant capability that isn't mine" _ -> lift $ throwE "Extending access to me using a delegator-Grant capability that isn't mine"
return $ Right delegatorID return $ Right (resource, role, delegatorID)
-- For extension-Grant, get the resource by DB/HTTP, and check role
maybeMine' <-
for maybeMine $ traverseOf _Right $ \ (resource, roleExt, delegatorID) -> do
role <-
case roleExt of
AP.RXRole r -> pure r
AP.RXDelegator -> throwE "I've been delegated a Grant with role being delegate"
resourceDB <- bitraverse
(\ la ->
withDBExcept $ localActorID <$>
getLocalActorEntityE la "Extension-Grant resource not found in DB"
)
(\ (ObjURI h lu) -> do
manager <- asksEnv envHttpManager
instanceID <-
lift $ withDB $ either entityKey id <$> insertBy' (Instance h)
result <-
ExceptT $ first (T.pack . displayException) <$>
fetchRemoteActor' instanceID h lu
case result of
Left Nothing -> throwE "Resource @id mismatch"
Left (Just err) -> throwE $ T.pack $ displayException err
Right Nothing -> throwE "Resource isn't an actor"
Right (Just actor) -> return $ entityKey actor
)
resource
return (resourceDB, role, delegatorID)
maybeNew <- withDBExcept $ do maybeNew <- withDBExcept $ do
@ -898,7 +928,7 @@ personGrant now recipPersonID (Verse authorIdMsig body) grant = do
(p,) <$> getJust (personActor p) (p,) <$> getJust (personActor p)
maybePermit <- maybePermit <-
for maybeMine $ for maybeMine' $
bitraverse bitraverse
(\ (role, fulfills) -> do (\ (role, fulfills) -> do
@ -940,7 +970,7 @@ personGrant now recipPersonID (Verse authorIdMsig body) grant = do
return (gestureID, bimap fst fst topic) return (gestureID, bimap fst fst topic)
) )
(\ delegatorID -> do (\ (resourceDB, role, delegatorID) -> do
Entity sendID (PermitPersonSendDelegator gestureID _) <- do Entity sendID (PermitPersonSendDelegator gestureID _) <- do
mp <- lift $ getBy $ UniquePermitPersonSendDelegatorGrant delegatorID mp <- lift $ getBy $ UniquePermitPersonSendDelegatorGrant delegatorID
fromMaybeE mp "Extension-Grant.capability: I don't have such a delegator-Grant, can't find a PermitPersonSendDelegator record" fromMaybeE mp "Extension-Grant.capability: I don't have such a delegator-Grant, can't find a PermitPersonSendDelegator record"
@ -953,7 +983,7 @@ personGrant now recipPersonID (Verse authorIdMsig body) grant = do
(Right raID, Right ra) | raID == remoteAuthorId ra -> pure () (Right raID, Right ra) | raID == remoteAuthorId ra -> pure ()
_ -> throwE "Grant sender isn't the Permit topic" _ -> throwE "Grant sender isn't the Permit topic"
return (sendID, bimap fst fst topic) return (resourceDB, role, sendID, bimap fst fst topic)
) )
mractid <- lift $ insertToInbox now authorIdMsig body (actorInbox actorRecip) True mractid <- lift $ insertToInbox now authorIdMsig body (actorInbox actorRecip) True
@ -1005,23 +1035,30 @@ personGrant now recipPersonID (Verse authorIdMsig body) grant = do
return (personActor personRecip, sieve, maybeDeleg) return (personActor personRecip, sieve, maybeDeleg)
) )
(\ (sendID, topic) -> (\ (resourceDB, role, sendID, topic) -> do
case (topic, grantDB) of extendID <- case (topic, grantDB) of
(Left localID, Left (_, _, extID)) -> lift $ do (Left localID, Left (_, _, extID)) -> lift $ do
enableID <- do enableID <- do
me <- getKeyBy $ UniquePermitTopicEnableLocalTopic localID me <- getKeyBy $ UniquePermitTopicEnableLocalTopic localID
case me of case me of
Just e -> pure e Just e -> pure e
Nothing -> error "Impossible, Permit has the delegator-Grant but no (local) Enable" Nothing -> error "Impossible, Permit has the delegator-Grant but no (local) Enable"
insert_ $ PermitTopicExtendLocal sendID enableID extID extendID <- insert $ PermitTopicExtend sendID role
insert_ $ PermitTopicExtendLocal extendID enableID extID
return extendID
(Right remoteID, Right (_, _, extID)) -> lift $ do (Right remoteID, Right (_, _, extID)) -> lift $ do
enableID <- do enableID <- do
me <- getKeyBy $ UniquePermitTopicEnableRemoteTopic remoteID me <- getKeyBy $ UniquePermitTopicEnableRemoteTopic remoteID
case me of case me of
Just e -> pure e Just e -> pure e
Nothing -> error "Impossible, Permit has the delegator-Grant but no (remote) Enable" Nothing -> error "Impossible, Permit has the delegator-Grant but no (remote) Enable"
insert_ $ PermitTopicExtendRemote sendID enableID extID extendID <- insert $ PermitTopicExtend sendID role
insert_ $ PermitTopicExtendRemote extendID enableID extID
return extendID
_ -> error "personGrant impossible 2" _ -> error "personGrant impossible 2"
lift $ case resourceDB of
Left actorID -> insert_ $ PermitTopicExtendResourceLocal extendID actorID
Right actorID -> insert_ $ PermitTopicExtendResourceRemote extendID actorID
) )
case maybeNew of case maybeNew of
@ -1170,10 +1207,11 @@ personRevoke now recipPersonID (Verse authorIdMsig body) (AP.Revoke lus) = do
(\ extend -> do (\ extend -> do
-- Verify the Permit is mine -- Verify the Permit is mine
sendID <- extendID <-
lift . lift $ case extend of lift . lift $ case extend of
Left k -> permitTopicExtendLocalPermit <$> getJust k Left k -> permitTopicExtendLocalPermit <$> getJust k
Right k -> permitTopicExtendRemotePermit <$> getJust k Right k -> permitTopicExtendRemotePermit <$> getJust k
PermitTopicExtend sendID _ <- lift . lift $ getJust extendID
PermitPersonSendDelegator gestureID _ <- lift . lift $ getJust sendID PermitPersonSendDelegator gestureID _ <- lift . lift $ getJust sendID
PermitPersonGesture permitID _ <- lift . lift $ getJust gestureID PermitPersonGesture permitID _ <- lift . lift $ getJust gestureID
Permit p _ <- lift . lift $ getJust permitID Permit p _ <- lift . lift $ getJust permitID
@ -1188,7 +1226,7 @@ personRevoke now recipPersonID (Verse authorIdMsig body) (AP.Revoke lus) = do
_ -> throwE "Revoke sender isn't the Permit topic" _ -> throwE "Revoke sender isn't the Permit topic"
-- Return data for PermitTopicExtend* deletion -- Return data for PermitTopicExtend* deletion
return extend return (extendID, extend)
) )
found found
@ -1199,10 +1237,18 @@ personRevoke now recipPersonID (Verse authorIdMsig body) (AP.Revoke lus) = do
bitraverse_ bitraverse_
(\ (permitID, gestureID, topicAndEnable) -> do (\ (permitID, gestureID, topicAndEnable) -> do
case topicAndEnable of case topicAndEnable of
Left (_, enableID) -> Left (_, enableID) -> do
deleteWhere [PermitTopicExtendLocalTopic ==. enableID] extends <- selectList [PermitTopicExtendLocalTopic ==. enableID] []
Right (_, enableID) -> let extendIDs = map (permitTopicExtendLocalPermit . entityVal) extends
deleteWhere [PermitTopicExtendRemoteTopic ==. enableID] extendLocalIDs = map entityKey extends
deleteWhere [PermitTopicExtendLocalId <-. extendLocalIDs]
deleteWhere [PermitTopicExtendId <-. extendIDs]
Right (_, enableID) -> do
extends <- selectList [PermitTopicExtendRemoteTopic ==. enableID] []
let extendIDs = map (permitTopicExtendRemotePermit . entityVal) extends
extendRemoteIDs = map entityKey extends
deleteWhere [PermitTopicExtendRemoteId <-. extendRemoteIDs]
deleteWhere [PermitTopicExtendId <-. extendIDs]
deleteBy $ UniquePermitPersonSendDelegator gestureID deleteBy $ UniquePermitPersonSendDelegator gestureID
case topicAndEnable of case topicAndEnable of
Left (topicID, enableID) -> do Left (topicID, enableID) -> do
@ -1230,9 +1276,11 @@ personRevoke now recipPersonID (Verse authorIdMsig body) (AP.Revoke lus) = do
Right (topicID, _) -> delete topicID Right (topicID, _) -> delete topicID
delete permitID delete permitID
) )
(\case (\ (extendID, extend) -> do
case extend of
Left k -> delete k Left k -> delete k
Right k -> delete k Right k -> delete k
delete extendID
) )
case maybeNew of case maybeNew of

View file

@ -200,9 +200,10 @@ getHomeR = do
Just sendID -> do Just sendID -> do
topicHash <- VR.hashLocalActor topic topicHash <- VR.hashLocalActor topic
hashItem <- getEncodeKeyHashid hashItem <- getEncodeKeyHashid
extIDs <- extIDs <- do
extendIDs <- selectKeysList [PermitTopicExtendPermit ==. sendID] []
map (permitTopicExtendLocalGrant . entityVal) <$> map (permitTopicExtendLocalGrant . entityVal) <$>
selectList [PermitTopicExtendLocalPermit ==. sendID] [Asc PermitTopicExtendLocalId] selectList [PermitTopicExtendLocalPermit <-. extendIDs] [Asc PermitTopicExtendLocalId]
for extIDs $ \ extID -> do for extIDs $ \ extID -> do
info <- getExtInfo $ Left extID info <- getExtInfo $ Left extID
return return
@ -237,7 +238,8 @@ getHomeR = do
case delegator of case delegator of
Nothing -> pure [] Nothing -> pure []
Just sendID -> do Just sendID -> do
es <- selectList [PermitTopicExtendRemotePermit ==. sendID] [Asc PermitTopicExtendRemoteId] extendIDs <- selectKeysList [PermitTopicExtendPermit ==. sendID] []
es <- selectList [PermitTopicExtendRemotePermit <-. extendIDs] [Asc PermitTopicExtendRemoteId]
for es $ \ (Entity _ (PermitTopicExtendRemote _ _ extID)) -> do for es $ \ (Entity _ (PermitTopicExtendRemote _ _ extID)) -> do
ext <- getJust extID ext <- getJust extID
u <- getRemoteActivityURI ext u <- getRemoteActivityURI ext

View file

@ -3253,6 +3253,94 @@ changes hLocal ctx =
, removeEntity "ComponentGatherRemote" , removeEntity "ComponentGatherRemote"
-- 591 -- 591
, addEntities model_591_component_gather , addEntities model_591_component_gather
-- 592
, addEntities model_592_permit_extend
-- 593
, addFieldRefRequired''
"PermitTopicExtendLocal"
(do permitID <- do
personID <- do
mp <- selectFirst [] [Asc Person593Id]
entityKey <$> maybe (error "No people") return mp
insert $ Permit593 personID RoleVisit
itemID <- do
outboxID <- insert Outbox593
let doc = persistJSONObjectFromDoc $ Doc hLocal emptyActivity
insert $ OutboxItem593 outboxID doc defaultTime
gestureID <- insert $ PermitPersonGesture593 permitID itemID
sendID <- insert $ PermitPersonSendDelegator593 gestureID itemID
insertEntity $ PermitTopicExtend593 sendID
)
(Just $ \ (Entity tempExtendID (PermitTopicExtend593 tempSendID)) -> do
l <- selectList [] []
for_ l $ \ (Entity k (PermitTopicExtendLocal593 sendID _ _ _)) -> do
extendID <- insert $ PermitTopicExtend593 sendID
update k [PermitTopicExtendLocal593PermitNew =. extendID]
PermitPersonSendDelegator593 gestureID itemID <- getJust tempSendID
PermitPersonGesture593 permitID _ <- getJust gestureID
OutboxItem593 outboxID _ _ <- getJust itemID
delete tempExtendID
delete tempSendID
delete gestureID
delete itemID
delete outboxID
delete permitID
)
"permitNew"
"PermitTopicExtend"
-- 594
, addFieldRefRequired''
"PermitTopicExtendRemote"
(do let doc = persistJSONObjectFromDoc $ Doc hLocal emptyActivity
permitID <- do
personID <- do
mp <- selectFirst [] [Asc Person593Id]
entityKey <$> maybe (error "No people") return mp
insert $ Permit593 personID RoleVisit
itemID <- do
outboxID <- insert Outbox593
insert $ OutboxItem593 outboxID doc defaultTime
gestureID <- insert $ PermitPersonGesture593 permitID itemID
sendID <- insert $ PermitPersonSendDelegator593 gestureID itemID
insertEntity $ PermitTopicExtend593 sendID
)
(Just $ \ (Entity tempExtendID (PermitTopicExtend593 tempSendID)) -> do
l <- selectList [] []
for_ l $ \ (Entity k (PermitTopicExtendRemote593 sendID _ _ _)) -> do
extendID <- insert $ PermitTopicExtend593 sendID
update k [PermitTopicExtendRemote593PermitNew =. extendID]
PermitPersonSendDelegator593 gestureID itemID <- getJust tempSendID
PermitPersonGesture593 permitID _ <- getJust gestureID
OutboxItem593 outboxID _ _ <- getJust itemID
delete tempExtendID
delete tempSendID
delete gestureID
delete itemID
delete outboxID
delete permitID
)
"permitNew"
"PermitTopicExtend"
-- 595
, removeField "PermitTopicExtendLocal" "permit"
-- 596
, removeField "PermitTopicExtendRemote" "permit"
-- 597
, renameField "PermitTopicExtendLocal" "permitNew" "permit"
-- 598
, renameField "PermitTopicExtendRemote" "permitNew" "permit"
-- 599
, addUnique' "PermitTopicExtendLocal" "" ["permit"]
-- 600
, addUnique' "PermitTopicExtendRemote" "" ["permit"]
-- 601
, addEntities model_601_permit_extend_resource
-- 602
, addFieldPrimRequired "PermitTopicExtend" ("RoleAdmin" :: String) "role"
] ]
migrateDB migrateDB

View file

@ -72,6 +72,8 @@ module Vervis.Migration.Entities
, model_578_source_remove , model_578_source_remove
, model_583_dest_start , model_583_dest_start
, model_591_component_gather , model_591_component_gather
, model_592_permit_extend
, model_601_permit_extend_resource
) )
where where
@ -280,3 +282,10 @@ model_583_dest_start = $(schema "583_2024-04-13_dest_start")
model_591_component_gather :: [Entity SqlBackend] model_591_component_gather :: [Entity SqlBackend]
model_591_component_gather = $(schema "591_2024-04-14_component_gather") model_591_component_gather = $(schema "591_2024-04-14_component_gather")
model_592_permit_extend :: [Entity SqlBackend]
model_592_permit_extend = $(schema "592_2024-04-18_permit_extend")
model_601_permit_extend_resource :: [Entity SqlBackend]
model_601_permit_extend_resource =
$(schema "601_2024-04-18_permit_extend_resource")

View file

@ -57,3 +57,6 @@ import Web.ActivityPub
makeEntitiesMigration "584" makeEntitiesMigration "584"
$(modelFile "migrations/584_2024-04-14_delete_gather.model") $(modelFile "migrations/584_2024-04-14_delete_gather.model")
makeEntitiesMigration "593"
$(modelFile "migrations/593_2024-04-18_permit_extend.model")

View file

@ -915,20 +915,38 @@ PermitPersonSendDelegator
-- Witnesses extension-Grants that the topic has sent, extending chains from -- Witnesses extension-Grants that the topic has sent, extending chains from
-- its components/subprojects or projects/superteams -- its components/subprojects or projects/superteams
PermitTopicExtendLocal PermitTopicExtend
permit PermitPersonSendDelegatorId permit PermitPersonSendDelegatorId
role Role
PermitTopicExtendLocal
permit PermitTopicExtendId
topic PermitTopicEnableLocalId topic PermitTopicEnableLocalId
grant OutboxItemId grant OutboxItemId
UniquePermitTopicExtendLocal permit
UniquePermitTopicExtendLocalGrant grant UniquePermitTopicExtendLocalGrant grant
PermitTopicExtendRemote PermitTopicExtendRemote
permit PermitPersonSendDelegatorId permit PermitTopicExtendId
topic PermitTopicEnableRemoteId topic PermitTopicEnableRemoteId
grant RemoteActivityId grant RemoteActivityId
UniquePermitTopicExtendRemote permit
UniquePermitTopicExtendRemoteGrant grant UniquePermitTopicExtendRemoteGrant grant
PermitTopicExtendResourceLocal
permit PermitTopicExtendId
actor ActorId
UniquePermitTopicExtendResourceLocal permit
PermitTopicExtendResourceRemote
permit PermitTopicExtendId
actor RemoteActorId
UniquePermitTopicExtendResourceRemote permit
------------------------------------------------------------------------------ ------------------------------------------------------------------------------
-- Components, from project perspective -- Components, from project perspective
------------------------------------------------------------------------------ ------------------------------------------------------------------------------