Commit graph

1156 commits

Author SHA1 Message Date
Pere Lev
d04f161203
UI, Client: Move invite-component form to ProjectComponentsR and use getCapability 2024-04-29 01:14:56 +03:00
Pere Lev
6cdd332d1d
UI: Remote actor view + follow UI 2024-04-28 21:08:04 +03:00
Pere Lev
a428bd74ab
UI, S2S: Store errors in Errbox + display in notifications 2024-04-28 00:31:48 +03:00
Pere Lev
a60b05b1ca
UI: Error-inbox ("Errbox") display for all local actors 2024-04-27 23:17:22 +03:00
Pere Lev
29e7581b19
DB: Give each actor a secondary inbox, for collecting errors 2024-04-27 22:46:37 +03:00
Pere Lev
ef036fd08b
UI: Project: Parents: Button for approving a parent 2024-04-27 22:02:40 +03:00
Pere Lev
99f6d950a2
UI: Project: Parents: Form for adding a parent by URI 2024-04-27 21:46:49 +03:00
Pere Lev
082eae7a51
UI: Project: Children: Button for approving the Add 2024-04-27 21:37:13 +03:00
Pere Lev
d9d6b9fced
UI: Project: Children: Form for adding a child 2024-04-27 20:58:26 +03:00
Pere Lev
9e24038ec2
Deliver activities to remote audience before local+collections
This is an attempt to prevent remote activities from being received in
the wrong order, for example Accept coming before the Add. Whenever that
happens, the add-a-child-parent-link process cannot be completed.

If this doesn't help, another option is to store, per actor, a list of
activities that weren't used, and check them in relevant S2S handlers.
This might have an implication on forwarding if it's time limited (I
don't remember exactly). But worth trying. Example:

- I receive an Accept on an activity I don't recognize
- I store it in that list, for later
- Later I receive an Add activity, which I successfully process
- Now I check that Accept from earlier, seeing if its `object` happens
  to be the Add I just received
- If yes, I now process this Accept

A potential problem with this, is that I might accumulate a list of such
activities, and end up hopelessly checking them in every S2S handler.
And I wonde if this is really a healthy elegant approach to the ordering
problem. Maybe some sort of activity numbering can help?
2024-04-27 20:13:01 +03:00
Pere Lev
b519bbe7b9
UI: Inbox: For each item, display the result of processing 2024-04-27 19:29:33 +03:00
Pere Lev
eef4c3f79a
S2S, DB: Store processing result in InboxItem record 2024-04-27 19:15:28 +03:00
Pere Lev
d24492bf44
S2S: Person: Revoke: Fix bug: Forgot to delete PermitExtendResource* 2024-04-27 13:20:06 +03:00
Pere Lev
476f65aece
S2S: Project: Remove: Child-active: Fig bug, forgot to remove SourceUsLeaf records 2024-04-27 12:40:29 +03:00
Pere Lev
c2da1da9f4
S2S: Project: Accept: Add-child-passive: Fix bug, no need to record the Accept in the Source 2024-04-27 12:25:13 +03:00
Pere Lev
bb1685f695
UI: Project: Buttons for removing parents 2024-04-27 11:31:09 +03:00
Pere Lev
abefcbd310
UI: Project: Provide buttons for removing children 2024-04-27 10:56:11 +03:00
Pere Lev
07d9f9adab
UI: In my-grants-for-given-resource display, list direct grants as well
Previously, only extensions were being displayed. Adding direct grants
required DB schema changes, which the previous huge commit did.
2024-04-26 03:00:59 +03:00
Pere Lev
888a30e989
DB: Switch Collab and Permit to use Resource
Since collaborator live URIs were using CollabTopic*, this change breaks
existing live URIs, which means all existing delegation chains are now
broken. FYI if you're playing with your own Vervis deployment.
2024-04-26 02:00:41 +03:00
Pere Lev
4881154579
DB: Permit: Use Resource instead of Actor in extension resource 2024-04-20 04:15:59 +03:00
Pere Lev
acdce58fc6
DB: Add a Resource table, and use it in all local Actors except Person 2024-04-20 03:52:34 +03:00
Pere Lev
fc9d56dd34
UI: When logged in, display my delegated access to a given local resource
This displays only delegated Grants, not direct ones. Direct ones will
be added in the next commits, as they require some extra changes in the
database.
2024-04-20 01:59:13 +03:00
Pere Lev
4fe3f9f332
On launch, fetch actors and fill PermitTopicExtendResource records 2024-04-19 03:22:20 +03:00
Pere Lev
ab08e593ef
S2S: Person: Grant: Record role and resource in Permit record 2024-04-19 02:30:33 +03:00
Pere Lev
1f36657084
UI: Removal form: Extend to work on children/parents as well 2024-04-18 22:52:26 +03:00
Pere Lev
7dcb225aa8
HTTP inbox POST delivery: Don't retry on 4xx responses 2024-04-14 20:32:53 +03:00
Pere Lev
8024e993a2
DB: Simplify ComponentGather using the new DestUsStart 2024-04-14 15:21:56 +03:00
Pere Lev
b47941af97
DB: Split migration model module + remove DestUsGatherTo* entities 2024-04-14 15:06:50 +03:00
Pere Lev
97b675130f
Switch to DestUsStart in parent/child Live routes
This breaks the old Live routes, so existing chains will stop working
2024-04-14 13:52:35 +03:00
Pere Lev
8f6f5d61bf
S2S: OCAP verification: Support detection of DestUsStart start-Grants
Until now, a start-Grant could be only a Collab (if it's stand-alone) or
a Stem (if it starts a chain). In other words, either a resource
enabling a direct collaborator, or a component enabling a project that
contains it.

With the new project nesting feature now implemented, there's a new kind
of start-Grant: A child project, once enabled by its parent, sending the
first delegation, giving access-to-self.
2024-04-14 12:49:42 +03:00
Pere Lev
789411f5d2
S2S: Project: Grant: Before extending a Grant, test to avoid infinite loop 2024-04-14 03:04:05 +03:00
Pere Lev
6dd6dc17e5
S2S: Enforce max chain length when verifying OCAPs 2024-04-13 17:00:44 +03:00
Pere Lev
692c34bdec
S2S: Project: Grant: When getting a new parent, send them a start-Grant
This was accidentally not happening until now.

If I, project A, send a start-Grant to my new parent project B, it means
that whoever has access to project B will have access to my settings as
well (for the specific operations their role allows).
2024-04-13 16:05:37 +03:00
Pere Lev
dae57c394d
UI: Personal Overview: Display info of received permits, not just the Grant URI 2024-04-13 15:34:26 +03:00
Pere Lev
68a3fcd7c8
S2S: Fix bug, CSRF check was accidentally enabled for ProjectInboxR 2024-04-12 21:24:47 +03:00
Pere Lev
719999242a
S2S: Project: Grant: Fix capability check, do it in MaybeT, not ExceptT 2024-04-10 22:37:12 +03:00
Pere Lev
f54caef7ca
S2S: Project: Fix search of activities in DB 2024-04-10 20:09:23 +03:00
Pere Lev
0b08a7692a
UI: Browse: List project's enabled children 2024-04-10 17:27:40 +03:00
Pere Lev
24aba4d370
S2S: Project: Revoke: Handle child revoking one of the Grants they sent me 2024-04-10 16:27:29 +03:00
Pere Lev
a16fb6cd19
S2S: Project: Revoke: Handle parent revoking the delegator-Grant 2024-04-10 11:25:15 +03:00
Pere Lev
223fbf3d0e
S2S: Project: Accept: Implement remove-child mode 2024-04-04 15:33:09 +03:00
Pere Lev
bf8ae421ff
S2S: Project: Accept: Split the different modes into separate functions 2024-04-04 13:03:48 +03:00
Pere Lev
048c429def
S2S: Project: Remove: Implement child/parent mode 2024-04-04 11:54:13 +03:00
Pere Lev
7a0ea1f63d
S2S: Project: Remove: Switch to full OCAP verification 2024-03-28 11:26:34 +02:00
Pere Lev
e4ea55ee15
S2S: Project: Remove: Copy topicRemove code to Project, preparing for new code 2024-03-28 11:20:53 +02:00
Pere Lev
a1df4b3bdb
Vocab: Expand Remove activity parsing in preparation for child/parent mode 2024-03-27 15:48:06 +02:00
Pere Lev
992e17f1ca
UI, Client: Forms for adding and accepting a parent or child 2024-03-20 01:50:09 +02:00
Pere Lev
acc42896f5
C2S: Add: Fix bug in addressing verification 2024-03-19 11:39:05 +02:00
Pere Lev
b80d897e0c
UI: Project: Parents: Display parent invite info & status 2024-03-18 21:40:14 +02:00
Pere Lev
d32da785b8
UI: Project: Children: Display child invites, their details & status 2024-03-18 20:53:32 +02:00
Pere Lev
256a51baa1
Client: Invite: Fix bug in resource addressing verification 2024-03-16 12:00:53 +02:00
Pere Lev
78ec76d571
Client: Add some debugging messages, clientInvite failing for remote resource 2024-03-16 10:03:45 +02:00
Pere Lev
5dadc13cce
Deck: Serve AP version of collabs list page 2024-03-14 22:25:27 +02:00
Pere Lev
9096e371ce
Export renderSubURI to aid debugging 2024-03-14 22:25:08 +02:00
Pere Lev
ac2ef9d1b3
S2S: Temporarily disable integrity proof verification
There's a bug in it, I want to make progress with the ongoing funded tasks and
fix the bug after that.
2024-03-14 21:58:07 +02:00
Pere Lev
66ecaa88e7
DB: Fix per-actor SQLite DB creation 2024-03-14 21:56:21 +02:00
Pere Lev
6e55659410
Fix bug in HTTP delivery actor storage, delivery wasn't working 2024-03-14 16:34:09 +02:00
Pere Lev
1c10d3fb03
S2S: Project: Grant: Implement parent mode 2024-03-13 15:36:50 +02:00
Pere Lev
f187c66d69
S2S: Group: Accept: Fix bug, collab approval wasn't working 2024-03-13 15:35:50 +02:00
Pere Lev
1d13d7a551
S2S: Project: Grant: Implement child mode 2024-03-13 00:10:50 +02:00
Pere Lev
533d8e2ff7
S2S: Project: Grant: Prepare for adding the child/parent modes 2024-03-11 20:21:24 +02:00
Pere Lev
3570d502cb
S2S: Project: Grant: Child/parent delegation when adding collab/component 2024-03-11 12:50:15 +02:00
Pere Lev
bdce87cf76
S2S: Project: Accept: Implement child/parent mode 2024-02-28 09:47:42 +02:00
Pere Lev
ff2c5659af
S2S: Project: Accept: Switch from basic to full OCAP verification 2024-02-01 20:26:49 +02:00
Pere Lev
bce8079cb5
S2S: Project: Add: Handle adding a child/parent; also update C2S Add 2024-02-01 16:51:52 +02:00
Pere Lev
ab786eb67c
UI, Vocab: Link from project/team to children & parents pages 2023-12-13 00:09:28 +02:00
Pere Lev
802df6b15b
UI, AP: Display project and team children and parents 2023-12-12 23:21:06 +02:00
Pere Lev
1f06d689f5
Tables for project/team parent/child tracking 2023-12-11 18:49:42 +02:00
Pere Lev
ee91a6403e
UI: Add 'Accept' button to invites you haven't yet accepted 2023-12-09 10:24:20 +02:00
Pere Lev
ce1e542401
UI: HomeR: Display personal invites 2023-12-09 08:55:39 +02:00
Pere Lev
e65563cd19
UI: For each Permit, display delegator-Grant and extensions 2023-12-09 07:58:16 +02:00
Pere Lev
119779b9b3
UI: Display personal resources using Permit records 2023-12-09 07:13:34 +02:00
Pere Lev
5af2fdd58b
UI: Group: Buttons for adding and removing members 2023-12-09 03:03:06 +02:00
Pere Lev
702ad39b96
S2S: Group: Adapt collab-mode code from Project 2023-12-09 02:46:11 +02:00
Pere Lev
b2b4d8778d
DB: For each CollabRecipLocal record, produce a matching Permit record 2023-12-09 01:04:21 +02:00
Pere Lev
12e2284389
C2S: When creating a resource, insert a Permit record 2023-12-07 18:50:44 +02:00
Pere Lev
e2462627a5
Remove old empty Vervis.Federation.Collab module 2023-12-07 18:22:51 +02:00
Pere Lev
cfc8add212
S2S: Common: Remove: When deleting Collab record, delete CollabDeleg*s too 2023-12-07 18:21:35 +02:00
Pere Lev
6dceaa1cff
S2S: Person: Revoke: Delete Permit records 2023-12-07 17:03:26 +02:00
Pere Lev
11a79b00fb
S2S: Person: Implement response to direct-Grant and extension-Grant 2023-12-02 21:09:13 +02:00
Pere Lev
39dc2089b2
S2S: Person: Accept: If topic is approving an Invite, update Permit record 2023-11-23 18:21:41 +02:00
Pere Lev
442e36dcc1
C2S: Accept: If accepting an Invite-for-me, update the Permit record 2023-11-23 01:03:50 +02:00
Pere Lev
0c0007c892
C2S: Person: Implement Join handler, inserting a Permit record to DB 2023-11-22 23:12:32 +02:00
Pere Lev
3c0a3d1317
S2S: Person: Update Invite handler to create a Permit record 2023-11-22 19:30:33 +02:00
Pere Lev
05d3a1eaef
DB: Tables for the person side of Collabs (i.e. direct-Grants they got)
Until now I've managed to avoid having to implement this piece quite
easily. The only temptation to implement it has been pseudo-client
features, which are basically just a workaround until Vervis gets a
separate client app.

But now, Person actors need to be able to automatically send
delegator-Grants when they receive a direct-Grant from a resource they
either asked to Join or got an Invite to. So, this creates a need to
track these joins and invites on the server side.

I'm not checking the exact minimal pieces necessary for
delegator-Grants. Instead, I'm starting a full implementation of the
person-side of Collab records (AKA direct-Grants), called Permit
records. This will also allow very convenient display of these Grants
and the extensions received through them, as well as UI buttons such as
accepting/rejecting a received Join or Invite.
2023-11-22 18:11:07 +02:00
Pere Lev
88e6818edc
S2S: Project: Send ext-Grants to new collab upon getting their delegator-Grant
Until now, adding a direct collaborator to a Project worked exactly like
with components: Invite or Join, then Accept, finally the direct-Grant.
I missed the fact that much like with project-component relationships,
projects (and teams) need to be able to send extension-Grants to their
direct collaborators.

So in Project's Grant handler it now:

- Recognizes the delegator-Grant coming from a new collaborator
- Sends extension-Grants, using the delegator-Grant as the capability
- When getting a new component and sending extension-Grants for it to
  direct collaborators, Project uses their delegator-Grants as
  capability

And in Project's Accept handler, it no longer sends extension-Grants
(because it doesn't yet have the collaborator's delegator-Grant at this
point).

NOTE, THIS TEMPORARILY BREAKS grant chains: If you create a Project and
add a Deck to it, you won't get an extension-Grant-for-the-Deck from the
Project, because the Project doesn't yet have your delegator-Grant.

The next commits will implement the Person-side of Collab records, and
will cause Person actors to automatically send the delegator-Grant,
fixing the break.
2023-11-22 14:16:08 +02:00
Pere Lev
5d0f707c55
DB: Allow to record the delegator-Grant sent by people to projects/teams 2023-11-21 20:44:09 +02:00
Pere Lev
7517db9619
Client, UI: Team: Creation, invite/join display, list in personal overview 2023-11-21 18:28:05 +02:00
Pere Lev
8584c6387c
S2S: Group: Implement Follow & Undo handlers, adapted from Project 2023-11-21 17:02:58 +02:00
Pere Lev
8d543c0016
S2S: Group: Implement Create handler, sending back an admin-Grant 2023-11-21 16:52:16 +02:00
Pere Lev
ea7476db9d
C2S: Implement team creation 2023-11-21 15:48:14 +02:00
Pere Lev
2797e5f3be
UI: Team & team members HTML page + AP JSON object 2023-11-21 15:01:51 +02:00
Pere Lev
80a08dea0a
UI: Browse: Update intro text & list projects' components 2023-11-21 10:56:09 +02:00
Pere Lev
840b13eff1
UI: Tweak the footer repo/commit display 2023-11-21 10:55:38 +02:00
Pere Lev
22c7b88a79
Remove federation check from PublishResolveR 2023-11-13 14:15:13 +02:00
Pere Lev
34386bcf52
S2S: Deck: Resolve: Use the full OCAP-authorization algorithm
deckResolve now supports Resolve requests that use extension-Grants. It
iterates the verifies the Grant-chain using the process described in the
ForgeFed specification.
2023-11-12 17:43:11 +02:00
Pere Lev
1a3a46b6b2
Implement OCAP "Verifying an invocation" process from ForgeFed spec
Vervis currently supports only direct grants. The new process supports
delegation chains as well. This commit just implements the new process
as a new function, without yet using it anywhere. The next commits will
plug it into Deck actor handlers.
2023-11-07 10:51:42 +02:00
Pere Lev
b420c982c0
UI: Add page for publishing a Resolve with custom ticket and OCAP URIs 2023-11-05 20:41:24 +02:00
Pere Lev
91ed2c82b5
UI: Add reopen-this-ticket button to ticket page 2023-11-05 17:50:55 +02:00
Pere Lev
ebe676d94b
Client: Port/implement pseudo-client for unresolve-a-ticket 2023-11-05 17:41:16 +02:00