-
-
Notifications
You must be signed in to change notification settings - Fork 917
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Maintainer Role #4883
Maintainer Role #4883
Conversation
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #4883 +/- ##
==========================================
+ Coverage 96.95% 96.97% +0.01%
==========================================
Files 421 424 +3
Lines 8777 8892 +115
==========================================
+ Hits 8510 8623 +113
- Misses 267 269 +2 ☔ View full report in Codecov by Sentry. |
eb41a17
to
88d6d70
Compare
dfb390c
to
09a620d
Compare
15144b9
to
020b96a
Compare
5f2b2de
to
7146007
Compare
89fe285
to
a4b0999
Compare
30fe85f
to
e37bcc3
Compare
08188b8
to
32645db
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it looks good, I need to finish reading through the tests so I'll approve when I'm done, but wanted to get these comments in.
32645db
to
c513739
Compare
… to check for the level of access
Replace the raw sql with something nicer
Make authorization failures more helpful on ownership changes. We were sometimes returning just the text 'Forbidden' when really we need to say that you can't edit your own role or explain the authorization problem, if possible, then redirect back to the rubygem page.
Co-authored-by: Martin Emde <martinemde@users.noreply.github.com>
491c85d
to
a8d7713
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I reviewed changes since last time. Looks good.
What's this about?
RubyGems.org currently has a single implicit role assigned to everyone who is an owner of a given gem. This role lets any gem owner do any, and all, things to a gem without restriction, such as adding & removing other owners, publishing new versions, yanking versions etc. In recent years, a strong desire in the community as emerged for a role system to be introduced for groups & businesses to better align their organizational structure and reduce the impact blast of any potential account take over.
What this Pull Request introduces
What this Pull Request is not introducing
Technical Details
We've added a new field to the
Ownership
table that records the user's current role. Inside Rails this is mapped from a string, eithermaintainer
orowner
to a new mapped integer inAccess
which is the thing that's stored in Postgres.This integer is then used to determine what level of access is granted inside the Rubygem policy.
Decisions made for this Pull Request
The blast radius of this change if things goes wrong is very big, worst case is we stop anyone from publishing new versions. So a priority on maintaining the status quo was put in place to guide this PR.
Owner vs Maintainer
Screenshots
Viewing current owners and their role
Updating a user's role
User notification of their role being updated