Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[GH-626]: Supported filtering on comment visibility for subscriptions #894

Open
wants to merge 14 commits into
base: master
Choose a base branch
from

Conversation

Nityanand13
Copy link
Contributor

@Nityanand13 Nityanand13 commented Nov 28, 2022

Summary

Added "Comment Visibility" field to subscription modal to filter notifications in the channel.

  1. When a user creates a comment in Jira then the plugin is getting notified through a webhook. Now, with this API we are getting all the information of a comment. If that particular comment has a visibility attribute that it should be visible to the users who belong to a certain group. Then notification is sent to the subscribed channel in mattermost only when that particular group is included in the subscriptions and vice versa.
  2. Apart from adding groups to which a user belongs, he can also add a group ‘visible-to-all-users’. If a particular comment has no visibility attribute, then notification is sent to the subscribed channel in mattermost only when ‘visible-to-all-users’ is present or no filter is present on the mattermost side.

Ticket Link

Fixes #626

#18)

* [MI-2337]: Supported filtering on comment visibility for subscriptions

* [MI-2337]: Review fixes done
1. Improved code quality
2. Improved quality of comments

* [MI-2337]: Review fixes done
1. Improved code quality
2. Changed few names

* [MI-2337]: Review fixes done
1. Improved code quality

* [MI-2337]: Review fixes done
1. Improved code quality
2. Improved comments quality

* [MI-2337]: Review fixes done
1. Improved code quality

* [MI-2384]: Converted class component to functional component of Comment visibility filter (#20)

* [MI-2384]: Converted class component to functional component of comment visibility filter

* [MI-2384]: Review fixes done
1. Improved code quality
2. Fixed lint errors

* [MI-2384]: Review fixes done
1. Improved code quality

* [MI-2384]: Logged the error properly
@mattermod
Copy link
Contributor

Hello @Nityanand13,

Thanks for your pull request! A Core Committer will review your pull request soon. For code contributions, you can learn more about the review process here.

@hanzei hanzei added the 2: Dev Review Requires review by a core committer label Nov 29, 2022
@hanzei hanzei requested a review from javaguirre November 29, 2022 14:08
@hanzei hanzei added the 3: QA Review Requires review by a QA tester label Nov 29, 2022
server/client.go Outdated
@@ -252,6 +255,18 @@ type AutoCompleteResult struct {
Results []Result `json:"results"`
}

type Item struct {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What's Item? We can find a more relevant name I think

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Now I have changed this to GroupItem. It indicates the individual group.

server/client.go Outdated
Name string `json:"name"`
}

type Group struct {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this a UserGroup?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

or VisibilityUserGroup? Is this group being used for anything else?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Now I have changed this to GroupsInfo.It indicate all the groups to which a commentator belongs to.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How about JiraUserGroupCollection for the collection and JiraUserGroup for the singular group?

server/webhook_worker.go Outdated Show resolved Hide resolved
webapp/src/utils/jira_issue_metadata.tsx Outdated Show resolved Hide resolved
Nityanand13 added a commit to Brightscout/mattermost-plugin-jira that referenced this pull request Nov 30, 2022
1. Made a constant
2. Improved code quality
3. Changed few names
* [MI-2337]: Supported filtering on comment visibility for subscriptions

* [MI-2337]: Review fixes done
1. Improved code quality
2. Improved quality of comments

* [MI-2337]: Review fixes done
1. Improved code quality
2. Changed few names

* [MI-2337]: Review fixes done
1. Improved code quality

* [MI-2337]: Review fixes done
1. Improved code quality
2. Improved comments quality

* [MI-2337]: Review fixes done
1. Improved code quality

* [MI-2384]: Converted class component to functional component of Comment visibility filter (#20)

* [MI-2384]: Converted class component to functional component of comment visibility filter

* [MI-2384]: Review fixes done
1. Improved code quality
2. Fixed lint errors

* [MI-2384]: Review fixes done
1. Improved code quality

* [MI-2384]: Logged the error properly

* [MI-2337]: Done the review fixes of PR mattermost#894
1. Made a constant
2. Improved code quality
3. Changed few names
* [MI-2337]: Supported filtering on comment visibility for subscriptions

* [MI-2337]: Review fixes done
1. Improved code quality
2. Improved quality of comments

* [MI-2337]: Review fixes done
1. Improved code quality
2. Changed few names

* [MI-2337]: Review fixes done
1. Improved code quality

* [MI-2337]: Review fixes done
1. Improved code quality
2. Improved comments quality

* [MI-2337]: Review fixes done
1. Improved code quality

* [MI-2384]: Converted class component to functional component of Comment visibility filter (#20)

* [MI-2384]: Converted class component to functional component of comment visibility filter

* [MI-2384]: Review fixes done
1. Improved code quality
2. Fixed lint errors

* [MI-2384]: Review fixes done
1. Improved code quality

* [MI-2384]: Logged the error properly

* [MI-2337]: Done the review fixes of PR mattermost#894
1. Made a constant
2. Improved code quality
3. Changed few names

* [MI-2337]: Fixed CI errors and few review comments of PR mattermost#894

* [MI-2337]: Review fixes done
1. Improved code quality
@Nityanand13 Nityanand13 requested review from javaguirre and removed request for mickmister December 13, 2022 12:05
@mattermod
Copy link
Contributor

This PR has been automatically labelled "stale" because it hasn't had recent activity.
A core team member will check in on the status of the PR to help with questions.
Thank you for your contribution!

@hanzei
Copy link
Collaborator

hanzei commented Feb 21, 2023

@mickmister Head up that the PR is ready for your review

@hanzei hanzei added this to the v3.3.0 milestone Feb 22, 2023
@mattermost-build
Copy link
Contributor

This PR has been automatically labelled "stale" because it hasn't had recent activity.
A core team member will check in on the status of the PR to help with questions.
Thank you for your contribution!

@hanzei hanzei requested a review from calebroseland May 21, 2023 07:34
@hanzei hanzei removed the request for review from mickmister May 30, 2023 19:12
@hanzei hanzei requested a review from mickmister September 1, 2023 10:01
@codecov-commenter
Copy link

codecov-commenter commented Sep 11, 2023

Codecov Report

Attention: Patch coverage is 5.47945% with 69 lines in your changes missing coverage. Please review.

Project coverage is 29.41%. Comparing base (3d90500) to head (649d520).
Report is 10 commits behind head on master.

Current head 649d520 differs from pull request most recent head 5e21750

Please upload reports for the commit 5e21750 to get more accurate results.

Files Patch % Lines
server/issue.go 0.00% 34 Missing ⚠️
server/webhook_worker.go 0.00% 23 Missing ⚠️
server/client.go 0.00% 7 Missing ⚠️
server/subscribe.go 37.50% 3 Missing and 2 partials ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##           master     #894      +/-   ##
==========================================
- Coverage   33.37%   29.41%   -3.97%     
==========================================
  Files          53       52       -1     
  Lines        8008     7861     -147     
==========================================
- Hits         2673     2312     -361     
- Misses       5112     5351     +239     
+ Partials      223      198      -25     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Copy link
Contributor

@mickmister mickmister left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great work on this improvement @Nityanand13 👍

I have a few topics for discussion, one in particular is how to properly handle the case when the Jira comment author is not connected to Mattermost. This poses a challenge with the tradeoffs of defaulting to secure or not. There are some other suggestions as well, but mostly LGTM

server/webhook_worker.go Outdated Show resolved Hide resolved
server/webhook_worker.go Outdated Show resolved Hide resolved
Comment on lines 83 to 88
visibilityAttribute := ""
if isCommentRelatedWebhook(wh) {
if visibilityAttribute, err = ww.getVisibilityAttribute(msg, v); err != nil {
return err
}
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If the comment author is not connected to Mattermost, we end up not processing the webhook event no matter what. I think there's a design gap in the security model of this feature. This is a difficult problem to solve, the case of a comment author not connected to Mattermost.


Let's say a subscription is set to "comment visibility must be empty". If we can't fetch the comment because the author is not connected to MM, then we can't know the visibility of the comment. And so we would then always be avoiding the webhook events with every comment made by a user that is not connected. That's not really behavior that we want.

Though we can only assume that it is a sensitive comment if we can't fetch its visibility. Otherwise the feature would create posts for sensitive comments.

@esarafianou Do you have any thoughts on this? Essentially, this feature allows subscriptions to filter out sensitive comments, but if the comment author is not connected to MM, then we have no way of knowing whether the comment is sensitive or not. Defaulting to secure avoids unwanted data leakage, but it then requires all comment authors to be connected to MM for any comments to be posted ever.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mickmister Seems I had missed this. Is this still relevant?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mickmister I have removed the extra API call for getting the comment visibility data as in the current implementation of Jira plugin we are always making an API call to get the comment event data. So, the user have to be connected in every case of comment events.

This will be fixed with the API token approach we discussed earlier. So, maybe we can proeed with this for now and it will be fixed later.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

API token approch implemented via #1102

@@ -26,8 +26,10 @@ import (
)

const autocompleteSearchRoute = "2/jql/autocompletedata/suggestions"
const commentVisibilityRoute = "2/user"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm thinking we want to use project roles for this

I have a WIP here that implements the data fetching piece, but not the comment filtering piece master...comment-security

err = client.RESTGet("2/project/"+projectKey, nil, &result)
if err != nil {
return http.StatusInternalServerError,
errors.WithMessage(err, "error fetching comment security levels")
}
roles := result.Roles
out := &AutoCompleteResult{}
for role := range roles {
out.Results = append(out.Results, Result{
Value: role,
DisplayName: role,
})
}

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mickmister We are getting the user groups here. I don't think the project roles API returns that response

server/issue.go Outdated Show resolved Hide resolved
webapp/src/utils/jira_issue_metadata.tsx Outdated Show resolved Hide resolved
@mickmister
Copy link
Contributor

Also this will need to be tested on Jira Cloud and Jira Server

1. Path of API call to get commen data
2. Testcases
1. Removed extra API call for getting comment visibility details
2. Removed unnecessary commentVisibility attribute
@raghavaggarwal2308
Copy link
Contributor

@mickmister Fixed the review comments added by you.

@mickmister mickmister removed their request for review July 10, 2024 02:21
@mattermost-build
Copy link
Contributor

This PR has been automatically labelled "stale" because it hasn't had recent activity.
A core team member will check in on the status of the PR to help with questions.
Thank you for your contribution!

@wiggin77
Copy link
Member

/update-branch

@mattermost-build
Copy link
Contributor

We don't have permissions to update this PR, please contact the submitter to apply the update.

@wiggin77
Copy link
Member

@raghavaggarwal2308 can you shepherd this through the outstanding comments?

@raghavaggarwal2308
Copy link
Contributor

@wiggin77 There are two unresolved comments above:

  1. [GH-626]: Supported filtering on comment visibility for subscriptions #894 (comment): This has been resolved now as the API token approach is implemented now. Basically the issue was that when we receive a comment event we needed to fetch some more comment details using the author ID of the comment but if the author is not connected to Jira from MM then we will not have the auth token and wont be able to fetch the details and end us not posting the event in the channel at all.

  2. [GH-626]: Supported filtering on comment visibility for subscriptions #894 (comment): Michael was suggesting to use some alternate API, which did not seem to be valid for our use case.

@raghavaggarwal2308
Copy link
Contributor

@esarafianou Can you please give this PR a review?

@wiggin77 wiggin77 removed their request for review January 15, 2025 19:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
2: Dev Review Requires review by a core committer 3: QA Review Requires review by a QA tester Lifecycle/1:stale
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Support filtering on comment visibility for subscriptions