utopia icon indicating copy to clipboard operation
utopia copied to clipboard
verified publisher icon concrete-utopia

Project visibility

Open liady opened this issue 2 years ago • 7 comments

Projects visibility (private/public)

This PR adds the capability to define a project as public (open to all), or private (open only to owner). This works with Okta's FGA, and is the foundation for adding inremental support for fine grained permissions. Refer to our paper doc ("Multiplayer II: Fine Project! Grained Access?") for the detailed spec.

Implementation Contents

  • A new table was added to the database to save project's visibility status (currently PRIVATE, PUBLIC, WITH_LINK), and a matching definition was added in Prisma's schema.
  • Authorization model was written in Okta's FGA, to reflect the possible permissions.
  • Infrastructure for contacting Okta's FGA (fgaService), and a permissionsService that abstracts it.
  • When changing a project's visibility, we store it in our DB (for our usage), and also send a tuple to Okta that defines that user:* (which means "all users") have/doesn't have a viewer relation to the project, and the can_view permission is derived from it.
  • When calling our /project endpoint, a check is being made to see if there is a can_view permission for this project, and if not - a 404 page is being generated.
  • UI added - project visibility UI in the Projects page (menu and badge).
  • Tests that mock Okta's FGA service (since there is no official mocking for now)

Current Auth Model: image

Example 404 behavior:

liady avatar Feb 21 '24 00:02 liady

Performance test results: (Chart1)
(Chart2)

github-actions[bot] avatar Feb 21 '24 00:02 github-actions[bot]

Job #10881: Bundle Size — 61.97MiB (~-0.01%).

4990b65(current) vs 2296c28 master#10872(baseline)

[!WARNING] Bundle contains 58 duplicate packages – View duplicate packages

Bundle metrics  Change 2 changes Regression 1 regression
                 Current
Job #10881		      Baseline
Job #10872
Regression  Initial JS 45.28MiB(~+0.01%) 45.28MiB
No change  Initial CSS 0B 0B
Change  Cache Invalidation 20.22% 20.68%
No change  Chunks 36 36
No change  Assets 40 40
No change  Modules 4384 4384
No change  Duplicate Modules 508 508
No change  Duplicate Code 30.66% 30.66%
No change  Packages 467 467
No change  Duplicate Packages 58 58
Bundle size by type  Change 2 changes Regression 1 regression Improvement 1 improvement
                 Current
Job #10881		      Baseline
Job #10872
Regression  JS 61.96MiB (~+0.01%) 61.96MiB
Improvement  HTML 12.72KiB (-0.39%) 12.77KiB

View job #10881 reportView feat/project-visibility branch activityView project dashboard

relativeci[bot] avatar Feb 28 '24 19:02 relativeci[bot]

Try me

github-actions[bot] avatar Feb 28 '24 19:02 github-actions[bot]

Try me

github-actions[bot] avatar Feb 28 '24 19:02 github-actions[bot]

Performance test results:

github-actions[bot] avatar Feb 28 '24 19:02 github-actions[bot]

@ruggi I agree, we should defintely have a middleware layer for endpoints. It was left out of this initial PR since it only handles the "can_view" permission (and not editing/collaborating).

liady avatar Mar 01 '24 17:03 liady

@ruggi I agree, we should defintely have a middleware layer for endpoints. It was left out of this initial PR since it only handles the "can_view" permission (and not editing/collaborating).

sure, but I don't see a reason for not going for the better option right now – also considering that with this change in its current form we already introduce technical debt (and a behavior discrepancy between that route and any other route used by the editor and the BFF). As this is an introductory PR it feels like a great place for stubbing a very simple middleware that we can improve upon going forward, rather than modifying a route that will need to be re-changed later :)

ruggi avatar Mar 04 '24 08:03 ruggi

Performance test results:

github-actions[bot] avatar Mar 08 '24 13:03 github-actions[bot]