Skip to content

[fga] WorkspaceService.controlAdmission #18549

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Aug 21, 2023
Merged

[fga] WorkspaceService.controlAdmission #18549

merged 3 commits into from
Aug 21, 2023

Conversation

geropl
Copy link
Member

@geropl geropl commented Aug 18, 2023
edited by github-actions bot
Loading

Description

This introduced WorkspaceService.controlAdmission, incl. workspace sharing implemented with FGA

Summary generated by Copilot

🤖 Generated by Copilot at 73ce811

This pull request adds a new feature to allow sharing workspaces with any user in an organization. It modifies the authorization logic and database schema for workspaces, and adds new methods and tests to the WorkspaceService and Authorizer classes. It also updates the Spicedb schema and permissions to support the new shared relation.

Related Issue(s)

Relates to: EXP-207

How to test

  • create user's 1 and 2
  • user 1: start a workspace, and enable sharing ✔️
  • user 2: open the share link, and see how you can properly interact with the workspace ✔️
  • user 1: disable workspace sharing ✔️
  • user 2: re-load the workspace page, and note how you lost access ✔️

Documentation

Preview status

Gitpod was successfully deployed to your preview environment.

Build Options

Build
  • /werft with-werft
    Run the build with werft instead of GHA
  • leeway-no-cache
  • /werft no-test
    Run Leeway with --dont-test
Publish
  • /werft publish-to-npm
  • /werft publish-to-jb-marketplace
Installer
  • analytics=segment
  • with-dedicated-emulation
  • workspace-feature-flags
    Add desired feature flags to the end of the line above, space separated
Preview Environment / Integration Tests
  • /werft with-local-preview
    If enabled this will build install/preview
  • /werft with-preview
  • /werft with-large-vm
  • /werft with-gce-vm
    If enabled this will create the environment on GCE infra
  • with-integration-tests=all
    Valid options are all, workspace, webapp, ide, jetbrains, vscode, ssh. If enabled, with-preview and with-large-vm will be enabled.
  • with-monitoring

/hold

@geropl geropl marked this pull request as ready for review August 18, 2023 14:50
@geropl geropl requested a review from a team as a code owner August 18, 2023 14:50
svenefftinge
svenefftinge reviewed Aug 18, 2023
View reviewed changes
components/server/src/workspace/workspace-service.ts
level: "owner" | "everyone",
check: (workspace: Workspace, instance?: WorkspaceInstance) => Promise<void> = async () => {},
): Promise<void> {
await this.auth.checkPermissionOnWorkspace(userId, "access", workspaceId);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should probably have a specific permission for changing the sharing properties in another PR. At least if we decide to keep this feature.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Jep. Was on the brink to introduce one, then kept the current behavior. 👍

svenefftinge
svenefftinge approved these changes Aug 18, 2023
View reviewed changes
Copy link
Contributor

@svenefftinge svenefftinge left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sweet! ❤️

@geropl
Copy link
Member Author

geropl commented Aug 21, 2023

/unhold

@roboquat roboquat merged commit 5daf36e into main Aug 21, 2023
@roboquat roboquat deleted the gpl/fga-share-ws branch August 21, 2023 06:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@svenefftinge svenefftinge svenefftinge approved these changes

Assignees
No one assigned
Labels
size/XL team: team-experience
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@geropl @svenefftinge @roboquat