Commit graph

52 commits

Author SHA1 Message Date
Pere Lev
29e7581b19
DB: Give each actor a secondary inbox, for collecting errors 2024-04-27 22:46:37 +03:00
Pere Lev
eef4c3f79a
S2S, DB: Store processing result in InboxItem record 2024-04-27 19:15:28 +03:00
Pere Lev
888a30e989
DB: Switch Collab and Permit to use Resource
Since collaborator live URIs were using CollabTopic*, this change breaks
existing live URIs, which means all existing delegation chains are now
broken. FYI if you're playing with your own Vervis deployment.
2024-04-26 02:00:41 +03:00
Pere Lev
4881154579
DB: Permit: Use Resource instead of Actor in extension resource 2024-04-20 04:15:59 +03:00
Pere Lev
acdce58fc6
DB: Add a Resource table, and use it in all local Actors except Person 2024-04-20 03:52:34 +03:00
Pere Lev
ab08e593ef
S2S: Person: Grant: Record role and resource in Permit record 2024-04-19 02:30:33 +03:00
Pere Lev
8024e993a2
DB: Simplify ComponentGather using the new DestUsStart 2024-04-14 15:21:56 +03:00
Pere Lev
b47941af97
DB: Split migration model module + remove DestUsGatherTo* entities 2024-04-14 15:06:50 +03:00
Pere Lev
692c34bdec
S2S: Project: Grant: When getting a new parent, send them a start-Grant
This was accidentally not happening until now.

If I, project A, send a start-Grant to my new parent project B, it means
that whoever has access to project B will have access to my settings as
well (for the specific operations their role allows).
2024-04-13 16:05:37 +03:00
Pere Lev
24aba4d370
S2S: Project: Revoke: Handle child revoking one of the Grants they sent me 2024-04-10 16:27:29 +03:00
Pere Lev
048c429def
S2S: Project: Remove: Implement child/parent mode 2024-04-04 11:54:13 +03:00
Pere Lev
1c10d3fb03
S2S: Project: Grant: Implement parent mode 2024-03-13 15:36:50 +02:00
Pere Lev
1d13d7a551
S2S: Project: Grant: Implement child mode 2024-03-13 00:10:50 +02:00
Pere Lev
3570d502cb
S2S: Project: Grant: Child/parent delegation when adding collab/component 2024-03-11 12:50:15 +02:00
Pere Lev
802df6b15b
UI, AP: Display project and team children and parents 2023-12-12 23:21:06 +02:00
Pere Lev
1f06d689f5
Tables for project/team parent/child tracking 2023-12-11 18:49:42 +02:00
Pere Lev
b2b4d8778d
DB: For each CollabRecipLocal record, produce a matching Permit record 2023-12-09 01:04:21 +02:00
Pere Lev
05d3a1eaef
DB: Tables for the person side of Collabs (i.e. direct-Grants they got)
Until now I've managed to avoid having to implement this piece quite
easily. The only temptation to implement it has been pseudo-client
features, which are basically just a workaround until Vervis gets a
separate client app.

But now, Person actors need to be able to automatically send
delegator-Grants when they receive a direct-Grant from a resource they
either asked to Join or got an Invite to. So, this creates a need to
track these joins and invites on the server side.

I'm not checking the exact minimal pieces necessary for
delegator-Grants. Instead, I'm starting a full implementation of the
person-side of Collab records (AKA direct-Grants), called Permit
records. This will also allow very convenient display of these Grants
and the extensions received through them, as well as UI buttons such as
accepting/rejecting a received Join or Invite.
2023-11-22 18:11:07 +02:00
Pere Lev
88e6818edc
S2S: Project: Send ext-Grants to new collab upon getting their delegator-Grant
Until now, adding a direct collaborator to a Project worked exactly like
with components: Invite or Join, then Accept, finally the direct-Grant.
I missed the fact that much like with project-component relationships,
projects (and teams) need to be able to send extension-Grants to their
direct collaborators.

So in Project's Grant handler it now:

- Recognizes the delegator-Grant coming from a new collaborator
- Sends extension-Grants, using the delegator-Grant as the capability
- When getting a new component and sending extension-Grants for it to
  direct collaborators, Project uses their delegator-Grants as
  capability

And in Project's Accept handler, it no longer sends extension-Grants
(because it doesn't yet have the collaborator's delegator-Grant at this
point).

NOTE, THIS TEMPORARILY BREAKS grant chains: If you create a Project and
add a Deck to it, you won't get an extension-Grant-for-the-Deck from the
Project, because the Project doesn't yet have your delegator-Grant.

The next commits will implement the Person-side of Collab records, and
will cause Person actors to automatically send the delegator-Grant,
fixing the break.
2023-11-22 14:16:08 +02:00
Pere Lev
5d0f707c55
DB: Allow to record the delegator-Grant sent by people to projects/teams 2023-11-21 20:44:09 +02:00
Pere Lev
8d543c0016
S2S: Group: Implement Create handler, sending back an admin-Grant 2023-11-21 16:52:16 +02:00
Pere Lev
ea7476db9d
C2S: Implement team creation 2023-11-21 15:48:14 +02:00
Pere Lev
5e87dd99d3
DB: Make the Accept unique per CollabFulfillsInvite 2023-06-28 14:18:45 +03:00
Pere Lev
afc45257b4
S2S: topicInvite, projectInvite: If approved, send an Accept 2023-06-28 14:10:09 +03:00
Pere Lev
034194f2aa
DB & Vocab: Specify role in Add, store it in Component & Stem 2023-06-27 22:56:52 +03:00
Pere Lev
6ae079a310
S2S: Project Add handler 2023-06-27 17:55:59 +03:00
Pere Lev
89185164b8
DB: Store the 'type' of remote actors 2023-06-27 13:27:51 +03:00
Pere Lev
224025b9b6
DB: Entities for project-component system 2023-06-27 03:20:30 +03:00
Pere Lev
372fd35f2c
Project routes, handlers and creation UI 2023-06-26 22:02:54 +03:00
Pere Lev
3db602e3bd
DB entity for Project 2023-06-26 17:26:20 +03:00
Pere Lev
0bd2ca8d5d
DB: Allow actors to mark they've just been created by someone
This will be used for sending that someone a grant with Admin access
2023-06-19 11:38:25 +03:00
Pere Lev
581838e550
Support the 6 ForgeFed roles + launch repo/deck/loom actor upon creation 2023-06-17 21:35:00 +03:00
Pere Lev
d33f272ede
Switch to converged handlers than handle both local and remote activities
I was writing a topicLocalInvite handler when I realized how cumbersome
it's becoming, to have separate handlers for local activities. While it
allows me to pick custom specific message names and parameters (which is
why I took that approach in the first place), it causes a lot of
duplication and complexity (because I have to write the remote-activity
handlers anyway; adding local ones doesn't reduce complexity).

So this commit switches the entire system to communicate only using
AP/FF activities, including between local actors.
2023-06-15 15:44:43 +03:00
fr33domlover
c9db823c8c Implement actor-model system and start moving Person actor to it
This patch makes Vervis temporarily unusable, because all actors' inbox POST
handlers use the new system, but the actual federation handler code hasn't been
ported. The next patches will port all the S2S activities supported so far, as
well as C2S.
2023-04-29 10:40:44 +00:00
fr33domlover
72796a6bdc UI, S2S: Implement Join flow in S2S + deck devs page now lists join requests 2022-11-14 15:11:25 +00:00
fr33domlover
fa7f765e2e DB: Remote Ticket.status field 2022-10-20 15:41:47 +00:00
fr33domlover
fdf6a83c40 DB, UI: Prepare DB schema for Join flow + display deck collaborators & invites 2022-10-20 12:53:54 +00:00
fr33domlover
71bceec18b C2S, S2S: Re-enable createNoteC and personCreateNoteF 2022-10-16 11:26:24 +00:00
fr33domlover
32c87e3839 Improve the AP async HTTP delivery API and per-actor key support
New iteration of the ActivityPub delivery implementation and interface.
Advantages over previous interface:

* When sending a ByteString body, the sender is explicitly passed as a
  parameter instead of JSON-parsing it out of the ByteString
* Clear 3 operations provided: Send, Resend and Forward
* Support for per-actor keys
* Actor-type-specific functions (e.g. deliverRemoteDB_D) removed
* Only the most high-level API is exposed to Activity handler code, making
  handler code more concise and clear

Also added in this patch:

* Foundation for per-actor key support
* 1 key per actor allowed in DB
* Disabled C2S and S2S handlers now un-exported for clarity
* Audience and capability parsing automatically done for all C2S handlers
* Audience and activity composition automatically done for Vervis.Client
  builder functions

Caveats:

* Actor documents still don't link to their per-actor keys; that should be the
  last piece to complete per-actor key support
* No moderation and anti-spam tools yet
* Delivery API doesn't yet have good integration of persistence layer, e.g.
  activity is separately encoded into bytestring for DB and for HTTP; this will
  be improved in the next iteration
* Periodic delivery now done in 3 separate steps, running sequentially; it
  simplifies the code, but may be changed for efficiency/robustness in the next
  iterations
* Periodic delivery collects per-actor keys in a
  1-DB-transaction-for-each-delivery fashion, rather than grabbing them in the
  big Esqueleto query (or keeping the signed output in the DB; this isn't done
  currently to allow for smooth actor key renewal)
* No support yet in the API for delivery where the actor key has already been
  fetched, rather than doing a DB transaction to grab it; such support would be
  just an optimization, so it's low-priority, but will be added in later
  iterations
2022-10-12 16:50:11 +00:00
fr33domlover
9cb90c58c0 DB: Remember whether a Bundle came from person input or auto-generated 2022-09-22 17:23:33 +00:00
fr33domlover
de2e29d505 C2S: offerTicketC re-enabled and supporting looms and remote origin repo
What's missing:

- Match patch VCS, origin repo VCS and target repo VCS
- Hook into postPersonInboxR
- If only origin is provided, generate patches / otherwise somehow remember the
  commits proposed
2022-09-21 12:50:26 +00:00
fr33domlover
9906231d04 DB, Web: Allow origin repo for Cloths, mention in getClothR JSON 2022-09-18 15:55:42 +00:00
fr33domlover
c495d78d05 C2S, UI: Loom creation and Repo linking to a Loom
RepoSourceR, for a repo that doesn't have a loom, lists looms that want to
serve that repo with buttons for bidirectionally linking the repo to a loom

Once linked, the repo navbar has a Patches/MRs link pointing to the LoomClothsR
of the linked Loom
2022-09-17 08:31:22 +00:00
fr33domlover
ac867e56f2 S2S: Switch from Grant->Accept->Enable to Invite->Accept->Grant
Giving access now starts with an Invite activity, followed by Accept from the
Invite's recipient. Finally, the resource sends a Grant, which is the actual
OCap.
2022-09-05 16:19:52 +00:00
fr33domlover
0d96ee0775 DB: Add CollabTopicLocalReceive and CollabRecipLocalReceive tables
I was going to link the matching Accept tables to them, but then switched to
the Invite-Accept-Grant model and going to implement it in the next patches. So
I'm committing these new tables just in case I decide to revert to the current
model.
2022-09-01 17:44:43 +00:00
fr33domlover
4269385e15 DB: Add received::UTCTime field to InboxItem
To record *when* an activity, local or remote, was inserted into the specific
inbox. I'm surprised I haven't been keeping that data until now :P
2022-09-01 11:21:31 +00:00
fr33domlover
b0576f9bf6 DB: Separate tables for CollabTopicLocalAccept and CollabTopicRemoteAccept
Previously there was just CollabTopicAccept, which worked only for local topics
but pretended to apply to both, due to directly pointing to Collab, thus
possible to insert rows even if there's a CollabTopicRemote.

The new situation is a new CollabTopicLocal table to which the local topic
things point, thus keeping the local and remote data separate and difficult to
confuse.
2022-08-30 08:28:44 +00:00
fr33domlover
b7eb7a17d2 C2S: Implement acceptC, allowing people to accept Grants given to them 2022-08-29 20:56:30 +00:00
fr33domlover
d741d0e918 C2S: grantC: Insert Collab records for Grants with remote topics too 2022-08-28 13:51:43 +00:00
fr33domlover
10645bf02b DB: Add Collab tables for recording Recip's and Topic's Accept activities 2022-08-21 18:10:03 +00:00