Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[GH-326] Added subscription flag for filtering out confidential issues, and disallow guests from creating subscriptions #376

Merged
merged 8 commits into from
Mar 8, 2024
Merged

[GH-326] Added subscription flag for filtering out confidential issues, and disallow guests from creating subscriptions #376

merged 8 commits into from
Mar 8, 2024

Conversation

Kshitij-Katiyar
Copy link
Contributor

Summary

  • Added an additional flag for confidential issues in the subscription slash command.
  • Added the check that guest users cannot create a subscription.

Issue

@Kshitij-Katiyar
[MI-3045]: Added checks for confidential issues at the time of making…
ddd4074 
… subscriptions (#37)

* [MI-3045]:Added checks for confidential issues

* [MI-3045]:Added unit test cases

* [MI-3045]:Fixed self review comments

* [MI-3045]:Fixed unit test cases

* [MI-3045]:Fixed lint errors

* [MI-3045]:Fixed review comments

* [MI-3045]:Fixed context deadline error

* [MI-3045]:Fixed review comments

* [MI-3045]:Fixed statements
@mattermost-build
Copy link
Contributor

Hello @Kshitij-Katiyar,

Thanks for your pull request! A Core Committer will review your pull request soon. For code contributions, you can learn more about the review process here.

@codecov
Copy link

codecov bot commented May 4, 2023
edited
Loading

Codecov Report

Attention: Patch coverage is 75.00000% with 5 lines in your changes are missing coverage. Please review.

Project coverage is 33.99%. Comparing base (98fdf4f) to head (bfb8f9c).
Report is 11 commits behind head on master.

Files Patch % Lines
server/subscription/subscription.go 0.00% 2 Missing ⚠️
server/webhook/issue.go 60.00% 1 Missing and 1 partial ⚠️
server/command.go 83.33% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master     #376      +/-   ##
==========================================
+ Coverage   33.40%   33.99%   +0.59%     
==========================================
  Files          22       22              
  Lines        3979     3992      +13     
==========================================
+ Hits         1329     1357      +28     
+ Misses       2519     2499      -20     
- Partials      131      136       +5

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

mickmister
mickmister reviewed May 4, 2023
View reviewed changes
server/webhook.go Outdated Show resolved Hide resolved
server/webhook.go Outdated Show resolved Hide resolved
server/command.go Outdated Show resolved Hide resolved
server/command.go
@@ -21,6 +21,7 @@ const commandHelp = `* |/gitlab connect| - Connect your Mattermost account to yo
* |/gitlab subscriptions add owner[/repo] [features]| - Subscribe the current channel to receive notifications about opened merge requests and issues for a group or repository
* |features| is a comma-delimited list of one or more the following:
* issues - includes new and closed issues
* confidential_issues - includes new and closed confidential issues
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We may want to make this opt-in, so as to not break existing subscriptions. If this is the case, the flag should be exclude_confidential_issues. Thoughts on this? @jupenur @esarafianou

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mickmister Fixed all the review comments apart for this one. Waiting for replies.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@hanzei Do you have an opinion on this?

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mickmister Hadn't been notified about this ping and bumped into it today.

The ideal behavior is secure by default. That would mean excluding confidential issues by default.

Since this is a breaking change for existing subscriptions, we can consider a major release.

server/command_test.go Outdated Show resolved Hide resolved
@mickmister mickmister changed the title [GH-326] Added checks for confidential issues at the time of making subscriptions [GH-326] Added subscription flag for filtering out confidential issues, and disallow guests from creating subscriptions May 4, 2023
Kshitij-Katiyar added a commit to Brightscout/mattermost-plugin-gitlab that referenced this pull request May 5, 2023
@Kshitij-Katiyar
[MI-3060]:Fixed review comments of PR mattermost#376 on gitlab plugin
eb231e2
@Kshitij-Katiyar Kshitij-Katiyar mentioned this pull request May 5, 2023
Merged
@Kshitij-Katiyar
[MI-3060]:Fixed review comments of PR mattermost#376 on gitlab plugin (
ddbc11f 
…#38)

* [MI-3060]:Fixed review comments of PR mattermost#376 on gitlab plugin

* [MI-3060]:Fixed test cases

* [MI-3060]:Updated the msg

* [MI-3060]:Fixed the test cases
@mattermost-build
Copy link
Contributor

This PR has been automatically labelled "stale" because it hasn't had recent activity.
A core team member will check in on the status of the PR to help with questions.
Thank you for your contribution!

@mickmister mickmister added 2: Dev Review Requires review by a core committer 3: QA Review Requires review by a QA tester and removed Lifecycle/1:stale labels May 19, 2023
@mickmister
Copy link
Contributor

@Kshitij-Katiyar Heads up that there are conflicts to resolve here

@hanzei hanzei added the Awaiting Submitter Action Blocked on the author label May 21, 2023
@Kshitij-Katiyar
Copy link
Contributor Author

@mickmister Fixed the merge conflicts

mickmister
mickmister reviewed May 25, 2023
View reviewed changes
server/webhook.go Outdated Show resolved Hide resolved
server/command.go
@@ -21,6 +21,7 @@ const commandHelp = `* |/gitlab connect| - Connect your Mattermost account to yo
* |/gitlab subscriptions add owner[/repo] [features]| - Subscribe the current channel to receive notifications about opened merge requests and issues for a group or repository
* |features| is a comma-delimited list of one or more the following:
* issues - includes new and closed issues
* confidential_issues - includes new and closed confidential issues
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@hanzei Do you have an opinion on this?

spirosoik
spirosoik approved these changes May 29, 2023
View reviewed changes
Copy link
Member

@spirosoik spirosoik left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@mattermost-build
Copy link
Contributor

This PR has been automatically labelled "stale" because it hasn't had recent activity.
A core team member will check in on the status of the PR to help with questions.
Thank you for your contribution!

@hanzei hanzei self-requested a review June 9, 2023 07:41
hanzei
hanzei approved these changes Jun 23, 2023
View reviewed changes
Copy link
Collaborator

@hanzei hanzei left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

server/command.go Outdated Show resolved Hide resolved
server/webhook.go Outdated Show resolved Hide resolved
@hanzei hanzei removed 2: Dev Review Requires review by a core committer Awaiting Submitter Action Blocked on the author Lifecycle/1:stale labels Jun 23, 2023
@hanzei
Copy link
Collaborator

hanzei commented Jun 23, 2023

@DHaussermann The PR is ready for your review

@mattermost-build
Copy link
Contributor

This PR has been automatically labelled "stale" because it hasn't had recent activity.
A core team member will check in on the status of the PR to help with questions.
Thank you for your contribution!

@mickmister
Copy link
Contributor

@Kshitij-Katiyar Heads up that there are conflicts to resolve here

@hanzei hanzei added the Awaiting Submitter Action Blocked on the author label Sep 7, 2023
@hanzei hanzei removed the request for review from DHaussermann October 16, 2023 20:43
@hanzei
Copy link
Collaborator

hanzei commented Nov 29, 2023

@Kshitij-Katiyar gentle reminder to resolve the conflicts

@avas27JTG avas27JTG added this to the v1.9.0 milestone Dec 5, 2023
@ayusht2810
Copy link
Contributor

@hanzei resolved the conflicts.

@hanzei hanzei requested review from AayushChaudhary0001 and removed request for DHaussermann January 23, 2024 14:28
@AayushChaudhary0001
Copy link

@raghavaggarwal2308 While testing this PR, none of the above conditions were found working. The guest user on MM was able to create a subscription and also there wasn't any flag for confidential issues in subscription slash command. Please go-through this once.

@raghavaggarwal2308
Copy link
Contributor

@raghavaggarwal2308 While testing this PR, none of the above conditions were found working. The guest user on MM was able to create a subscription and also there wasn't any flag for confidential issues in subscription slash command. Please go-through this once.

@AayushChaudhary0001

  1. The flag is added in the "--features" section while creating a subscription.
  2. The user who has guest access to a Gitlab project cannot create a subscription on MM.

AayushChaudhary0001
AayushChaudhary0001 approved these changes Feb 28, 2024
View reviewed changes
Copy link

@AayushChaudhary0001 AayushChaudhary0001 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @raghavaggarwal2308 for the assistance.

The above PR has been tested for the following features:-

  • There is a seperate flag added for creating a subscription for confidential issues.
  • A user with a guest access of any repo on Gitlab cannot create a subscription in MM.

The PR was working fine for both the above conditions, LGTM. Approved.

@hanzei hanzei added 4: Reviews Complete All reviewers have approved the pull request and removed 3: QA Review Requires review by a QA tester labels Feb 28, 2024
@avas27JTG avas27JTG merged commit 54a9c46 into mattermost:master Mar 8, 2024
9 checks passed
@avas27JTG avas27JTG deleted the MM-326 branch March 8, 2024 13:34
@ayusht2810 ayusht2810 mentioned this pull request Mar 22, 2024
Closed
@raghavaggarwal2308 raghavaggarwal2308 mentioned this pull request Jul 1, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@esarafianou esarafianou esarafianou left review comments

@spirosoik spirosoik spirosoik approved these changes

@mickmister mickmister mickmister approved these changes

@hanzei hanzei hanzei approved these changes

@AayushChaudhary0001 AayushChaudhary0001 AayushChaudhary0001 approved these changes

Assignees
No one assigned
Labels
4: Reviews Complete All reviewers have approved the pull request
Projects
None yet
Milestone
v1.9.0
Development

Successfully merging this pull request may close these issues.
10 participants
@Kshitij-Katiyar @mattermost-build @mickmister @hanzei @ayusht2810 @AayushChaudhary0001 @raghavaggarwal2308 @spirosoik @esarafianou @avas27JTG