Skip to content

feat: add notifications inbox db #16599

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 40 commits into from
Mar 3, 2025
Merged

feat: add notifications inbox db #16599

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
40 commits
Select commit Hold shift + click to select a range
90c7b64
work on db queries
defelmnq Feb 18, 2025
e205049
work on dbauthz
defelmnq Feb 19, 2025
ef91969
work on dbauthz
defelmnq Feb 19, 2025
72e6de4
fmt and lint
defelmnq Feb 19, 2025
9edb384
change queries to match targets
defelmnq Feb 20, 2025
dc74ac4
test dbauthz
defelmnq Feb 20, 2025
6c9e41f
move notification migration
defelmnq Feb 20, 2025
1f18eca
make gen
defelmnq Feb 20, 2025
d02609f
Merge remote-tracking branch 'origin/main' into notif-inbox/int-334
defelmnq Feb 20, 2025
3bb9c57
rename inbox notifications
defelmnq Feb 20, 2025
27c1592
rename inbox notifications
defelmnq Feb 20, 2025
08c55c3
Improve authz
defelmnq Feb 21, 2025
b441448
add references in db
defelmnq Feb 21, 2025
1814c58
fix test icon
defelmnq Feb 21, 2025
9f46f51
improve foreign keys
defelmnq Feb 21, 2025
ddc65e6
add back querier file
defelmnq Feb 21, 2025
d1ce11e
improve uuid in seeding
defelmnq Feb 21, 2025
1f2fa24
improve dbauthz testing
defelmnq Feb 21, 2025
791ed76
format migration
defelmnq Feb 21, 2025
e141354
format migration
defelmnq Feb 21, 2025
a14723b
format migration
defelmnq Feb 21, 2025
e413ab9
rename functions
defelmnq Feb 21, 2025
452583e
add back index
defelmnq Feb 21, 2025
5aa54e1
fix query name missing
defelmnq Feb 21, 2025
da56e8f
regen file
defelmnq Feb 21, 2025
30b5ac4
add count queries
defelmnq Feb 23, 2025
8230ef3
improve queries to add pagination
defelmnq Feb 23, 2025
783bfe0
fix dbauthz tests
defelmnq Feb 23, 2025
c5aa917
fix sqlc queries
defelmnq Feb 23, 2025
da50947
improve dbauthz testing
defelmnq Feb 23, 2025
c1da7f8
improve sql queries
defelmnq Feb 24, 2025
f03976c
add type for read status
defelmnq Feb 24, 2025
94763e8
iterate on testing dbauthz
defelmnq Feb 24, 2025
0c5d322
change zero value of timestamp
defelmnq Feb 24, 2025
66d6fd6
add returns check in tests
defelmnq Feb 25, 2025
c45dfce
Merge remote-tracking branch 'origin/main' into notif-inbox/int-334
defelmnq Feb 25, 2025
b54dbef
rename migration
defelmnq Feb 25, 2025
e2e895b
improve queries comments
defelmnq Feb 25, 2025
e6abcbd
cange type for read status
defelmnq Feb 25, 2025
f691cf5
merge
defelmnq Mar 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
rename inbox notifications 
fix rbac roles
  • Loading branch information
@defelmnq
defelmnq committed Feb 21, 2025
commit 27c159281997b82ec09ed92225e49bfc0775c42e
31 changes: 28 additions & 3 deletions coderd/database/dbauthz/dbauthz_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4495,6 +4495,7 @@ func (s *MethodTestSuite) TestNotifications() {
Title: "test title",
Content: "test content notification",
Icon: "test icon",
Actions: json.RawMessage("{}"),
})

check.Args(u.ID).Asserts(rbac.ResourceInboxNotification.WithID(notifID).WithOwner(u.ID.String()), policy.ActionRead).Returns([]database.InboxNotification{notif})
Expand All @@ -4517,6 +4518,7 @@ func (s *MethodTestSuite) TestNotifications() {
Title: "test title",
Content: "test content notification",
Icon: "test icon",
Actions: json.RawMessage("{}"),
})

check.Args(u.ID).Asserts(rbac.ResourceInboxNotification.WithID(notifID).WithOwner(u.ID.String()), policy.ActionRead).Returns([]database.InboxNotification{notif})
Expand All @@ -4542,6 +4544,7 @@ func (s *MethodTestSuite) TestNotifications() {
Title: "test title",
Content: "test content notification",
Icon: "test icon",
Actions: json.RawMessage("{}"),
})

check.Args(database.FetchInboxNotificationsByUserIDFilteredByTemplatesAndTargetsParams{
Expand Down Expand Up @@ -4571,6 +4574,7 @@ func (s *MethodTestSuite) TestNotifications() {
Title: "test title",
Content: "test content notification",
Icon: "test icon",
Actions: json.RawMessage("{}"),
})

check.Args(database.FetchUnreadInboxNotificationsByUserIDFilteredByTemplatesAndTargetsParams{
Expand Down Expand Up @@ -4600,14 +4604,34 @@ func (s *MethodTestSuite) TestNotifications() {
Title: "test title",
Content: "test content notification",
Icon: "test icon",
Actions: json.RawMessage("{}"),
})

check.Args(notifID).Asserts(rbac.ResourceInboxNotification.WithID(notifID).WithOwner(u.ID.String()), policy.ActionRead).Returns(notif)
}))

s.Run("InsertInboxNotification", s.Subtest(func(_ database.Store, check *expects) {
owner := uuid.UUID{}
check.Args(database.InsertInboxNotificationParams{}).Asserts(rbac.ResourceInboxNotification.WithOwner(owner.String()), policy.ActionCreate)
s.Run("InsertInboxNotification", s.Subtest(func(db database.Store, check *expects) {
u := dbgen.User(s.T(), db, database.User{})
o := dbgen.Organization(s.T(), db, database.Organization{})
tpl := dbgen.Template(s.T(), db, database.Template{
OrganizationID: o.ID,
CreatedBy: u.ID,
})

notifID := uuid.New()

targets := []uuid.UUID{u.ID, tpl.ID}

check.Args(database.InsertInboxNotificationParams{
ID: notifID,
UserID: u.ID,
TemplateID: tpl.ID,
Targets: targets,
Title: "test title",
Content: "test content notification",
Icon: "test icon",
Actions: json.RawMessage("{}"),
}).Asserts(rbac.ResourceInboxNotification.WithOwner(u.ID.String()), policy.ActionCreate)
}))

s.Run("SetInboxNotificationAsRead", s.Subtest(func(db database.Store, check *expects) {
Expand All @@ -4631,6 +4655,7 @@ func (s *MethodTestSuite) TestNotifications() {
Title: "test title",
Content: "test content notification",
Icon: "test icon",
Actions: json.RawMessage("{}"),
})

notif.ReadAt = sql.NullTime{Time: readAt, Valid: true}
Expand Down
2 changes: 1 addition & 1 deletion coderd/database/migrations/000296_notifications_inbox.down.sql
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
DROP TABLE IF EXISTS notifications_inbox;
DROP TABLE IF EXISTS inbox_notifications;
25 changes: 25 additions & 0 deletions coderd/database/migrations/testdata/fixtures/000296_notifications_inbox.up.sql
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
INSERT INTO
inbox_notifications (
id,
user_id,
template_id,
targets,
title,
content,
icon,
actions,
read_at,
created_at
)
VALUES (
'68b396aa-7f53-4bf1-b8d8-4cbf5fa244e5', -- uuid
'45e89705-e09d-4850-bcec-f9a937f5d78d', -- uuid
'193590e9-918f-4ef9-be47-04625f49c4c3', -- uuid
ARRAY[]::UUID[], -- uuid[]
'Test Notification',
'This is a test notification',
'https://test.coder.com/favicon.ico',
'{}',
'2024-01-01 00:00:00',
'2024-01-01 00:00:00'
);
11 changes: 11 additions & 0 deletions coderd/rbac/roles_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -354,6 +354,17 @@ func TestRolePermissions(t *testing.T) {
false: {setOtherOrg, setOrgNotMe, templateAdmin, userAdmin},
},
},
{
Name: "InboxNotification",
Actions: []policy.Action{
policy.ActionCreate, policy.ActionRead, policy.ActionUpdate,
},
Resource: rbac.ResourceInboxNotification.WithID(uuid.New()).InOrg(orgID).WithOwner(currentUser.String()),
AuthorizeMap: map[bool][]hasAuthSubjects{
true: {owner, orgMemberMe, orgAdmin},
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why does orgMemberMe have privileges to policy.ActionCreate inbox notifications?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

From my RBAC understanding orgMemberMe is the current user.
Associated to this part on the which we use the currentUser id.

In the definition of the ResourceInboxNotification, I assign the currentUser to InboxNotification using the WithOwner(currentUser.String()) method.

TL;DR - orgMemberMe is the owner of the resource in the test - and the owner of the resource should be able to access it.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we might want memberMe in here as well?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@defelmnq I understand why the current user should be able to read their own messages, but why should they be allowed to create new messages? That should be a system privilege.

false: {setOtherOrg, orgUserAdmin, orgTemplateAdmin, orgAuditor, templateAdmin, userAdmin, memberMe},
},
},
{
Name: "UserData",
Actions: []policy.Action{policy.ActionReadPersonal, policy.ActionUpdatePersonal},
Expand Down
Loading