anonymous user access to public space

[valentinyanakiev]

fixes #7529

Summary by CodeRabbit

• New Features

  • Added optional authorization parameter authorizedReadAccessCommunity to multiple GraphQL queries.
  • Introduced conditional visibility of isContactable field based on authorization status.

• Improvements

  • Enhanced query flexibility for data retrieval with new authorization control.
  • Refined handling of isContactable property for users, organizations, and virtual contributors.

[coderabbitai]

Walkthrough

The pull request introduces modifications to GraphQL schemas across multiple files, focusing on adding a new optional parameter $authorizedReadAccessCommunity with a default value of false. This parameter is added to queries in RoleSetDetails.graphql and JourneyData.graphql, and it impacts the RoleSetContributors.graphql fragment by conditionally skipping the isContactable field based on the new authorization parameter. Additionally, the handling of the isContactable property is updated in the useRoleSetAdmin hook to ensure consistent initialization.

Changes

File	Change Summary
src/domain/access/graphql/fragments/RoleSetContributors.graphql	Added @skip(if: $authorizedReadAccessCommunity) directive to isContactable field
src/domain/access/graphql/queries/RoleSetDetails.graphql	Added optional $authorizedReadAccessCommunity: Boolean = false parameter to RoleSetRoleAssignment query
src/domain/journey/common/JourneyUnauthorizedDialog/JourneyData.graphql	Added optional $authorizedReadAccessCommunity: Boolean = false parameter to JourneyData query
src/domain/access/RoleSetAdmin/useRoleSetAdmin.ts	Updated handling of isContactable property for users, organizations, and virtual contributors

Assessment against linked issues

Objective	Addressed	Explanation
Resolve authorization errors for unauthenticated users on public spaces [#7529]	❌	The changes do not directly address the error handling for unauthenticated users navigating to public spaces.

Possibly related PRs

• Role set admin #6974: The changes in this PR involve the addition of a new field adminUsers in the RoleSetDetails fragment, which relates to user roles and access, similar to the modifications made to the isContactable field in the main PR that also deals with authorization based on user roles.
• fix my account rules #7218: This PR updates entitlement checks that may indirectly relate to user roles and access, which is a common theme with the changes made in the main PR regarding the visibility of fields based on authorization.
• Fix dashboard access #7360: This PR discusses access control and permissions, which is directly relevant to the changes made in the main PR regarding the conditional visibility of the isContactable field based on authorization status.

---

📜 Recent review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 60bd08c and 10c8f6c.

📒 Files selected for processing (1)

• src/domain/access/RoleSetAdmin/useRoleSetAdmin.ts (1 hunks)

🧰 Additional context used

📓 Path-based instructions (1)

src/domain/access/RoleSetAdmin/useRoleSetAdmin.ts (1)

Pattern src/**/*.{ts,tsx,js}: Review the React.js/TypeScript/JavaScript code for best practices and potential bugs.
Ensure that the code adheres to TypeScript's typing system and modern standards.
Use the following code guide documentation in the codebase: 'docs/code-guidelines.md'.
Ensure sufficient error handling and logging is present, but note:

• We have a global error handler in place. So local try/catch blocks are not required unless they provide value beyond what the global error handler already covers.
• Avoid flagging the absence of local error handling in cases where the global error handler suffices.
• Avoid flagging the absence of logging in cases where the global logger is already in place (graphql usage).

Inform about the recommendation of not using non-null assertion,
except on GraphQL queries where the variable is asserted non-null and followed by a
skip: with the same variable.
Examples:

• Not Required: there's a skip
  {
  variables: { templateId: templateId! },
  skip: !templateId,
  }

Check for common security vulnerabilities such as:

• SQL Injection
• XSS (Cross-Site Scripting)
• CSRF (Cross-Site Request Forgery)
• Insecure dependencies
• Sensitive data exposure

🔇 Additional comments (2)

src/domain/access/RoleSetAdmin/useRoleSetAdmin.ts (2)

145-145: LGTM: Consistent handling of isContactable across entity types.

The implementation maintains consistency by:

• Users: Initializing with the backend value or false
• Organizations: Always false
• Virtual Contributors: Always false

This aligns well with the authorization requirements.

Also applies to: 159-159, 174-174

---

145-145: Verify the nullish coalescing operator usage.

The use of ?? is correct here as it specifically handles undefined and null cases. However, ensure that the GraphQL schema properly defines the nullability of isContactable to match this assumption.

✅ Verification successful

Nullish coalescing operator usage is correctly implemented.

The GraphQL schema defines isContactable as a Boolean field that can be null, and the ?? operator properly handles this by defaulting to false when the value is null or undefined. This implementation aligns with the schema definition and authorization constraints.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check the GraphQL schema definition for isContactable field
ast-grep --pattern 'type RoleSetMemberUser {
  $$$
  isContactable: $_
  $$$
}'

Length of output: 81

---

Script:

#!/bin/bash
# Find GraphQL schema files and search for isContactable
fd -e graphql -e gql . | while read -r file; do
  echo "=== $file ==="
  rg "isContactable" "$file" -A 2 -B 2
done

# Also search in .ts files as the schema might be defined there
rg "isContactable.*Boolean" -A 2 -B 2

Length of output: 67558

✨ Finishing Touches

• 📝 Generate Docstrings (Beta)

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

src/domain/access/graphql/fragments/RoleSetContributors.graphql (1)

3-3: LGTM! Consider adding documentation.

The skip directive is correctly implemented and aligns well with the anonymous access requirements. The field will be appropriately hidden when unauthorized access is granted.

Consider adding a comment to document the purpose of this skip condition:

+  # Skip contactability status for anonymous/unauthorized access
   isContactable @skip(if: $authorizedReadAccessCommunity)

src/domain/access/graphql/queries/RoleSetDetails.graphql (1)

22-22: LGTM! Consider query optimization.

The new parameter is correctly implemented and maintains backward compatibility.

Consider optimizing the query by conditionally including fields based on roles and authorization:

 query RoleSetRoleAssignment(
   $roleSetId: UUID!
   $roles: [RoleName!]!
   $includeUsers: Boolean = true,
   $includeOrganizations: Boolean = true,
   $includeVirtualContributors: Boolean = true,
   $authorizedReadAccessCommunity: Boolean = false
 ) {
   lookup {
     roleSet(ID: $roleSetId) {
       id
+      # Only fetch authorization when needed
+      authorization @skip(if: $authorizedReadAccessCommunity) {
+        id
+        myPrivileges
+      }
       usersInRoles(roles: $roles) @include(if: $includeUsers) {
         role
         users {
           ...RoleSetMemberUser
         }
       }
       # ... rest of the query
     }
   }
 }

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 777e5f1 and 60bd08c.

⛔ Files ignored due to path filters (2)

• src/core/apollo/generated/apollo-hooks.ts is excluded by !**/generated/**
• src/core/apollo/generated/graphql-schema.ts is excluded by !**/generated/**

📒 Files selected for processing (3)

• src/domain/access/graphql/fragments/RoleSetContributors.graphql (1 hunks)
• src/domain/access/graphql/queries/RoleSetDetails.graphql (1 hunks)
• src/domain/journey/common/JourneyUnauthorizedDialog/JourneyData.graphql (1 hunks)

🧰 Additional context used

📓 Path-based instructions (3)

src/domain/access/graphql/fragments/RoleSetContributors.graphql (1)

Pattern src/**/*.{graphql,gql}: Review the GraphQL schema and queries for best practices, potential bugs, and adherence to the project's GraphQL standards.
Ensure that the schema is well-defined and queries are optimized.
Check for security vulnerabilities.

src/domain/access/graphql/queries/RoleSetDetails.graphql (1)

Pattern src/**/*.{graphql,gql}: Review the GraphQL schema and queries for best practices, potential bugs, and adherence to the project's GraphQL standards.
Ensure that the schema is well-defined and queries are optimized.
Check for security vulnerabilities.

src/domain/journey/common/JourneyUnauthorizedDialog/JourneyData.graphql (1)

Pattern src/**/*.{graphql,gql}: Review the GraphQL schema and queries for best practices, potential bugs, and adherence to the project's GraphQL standards.
Ensure that the schema is well-defined and queries are optimized.
Check for security vulnerabilities.

🔇 Additional comments (2)

src/domain/journey/common/JourneyUnauthorizedDialog/JourneyData.graphql (1)

1-1: LGTM! Verify fragment dependencies.

The new parameter is correctly implemented with appropriate default value, maintaining backward compatibility.

Let's verify that all referenced fragments are updated to handle the new parameter:

✅ Verification successful

Verified: Parameter correctly controls access to sensitive user data

The $authorizedReadAccessCommunity parameter is properly implemented in all fragments, specifically controlling access to sensitive contact information in the RoleSetMemberUser fragment. No other fragments require this parameter as they don't expose sensitive data.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check if all referenced fragments handle $authorizedReadAccessCommunity

# List all referenced fragments
echo "Referenced fragments:"
rg -l "fragment (ProfileJourneyData|ContextJourneyData|JourneyCommunity|RoleSetMemberUser|RoleSetMemberOrganization|ContributorDetails|ReferenceDetails|MetricsItem)" --type graphql

# Check for potential missing @skip directives in these fragments
echo -e "\nChecking for fields that might need @skip directive:"
rg "type.*User.*{" -A 10 --type graphql

Length of output: 520

---

Script:

#!/bin/bash
# Find GraphQL files and analyze fragments
echo "=== Finding GraphQL files ==="
fd -e graphql

echo -e "\n=== Checking fragment contents ==="
fd -e graphql -x cat {} \; | grep -A 5 "fragment"

echo -e "\n=== Checking @skip directives ==="
fd -e graphql -x cat {} \; | grep -B 2 -A 2 "@skip"

Length of output: 35860

src/domain/access/graphql/queries/RoleSetDetails.graphql (1)

Line range hint 1-1: Verify complete authorization flow.

The changes implement a consistent approach to anonymous access control. However, we should verify the complete authorization flow to ensure proper access restrictions.

Let's check for potential security gaps:

✅ Verification successful

Authorization implementation verified and found to be robust

The codebase implements a comprehensive authorization system with:

• Dedicated authorization queries for different entity types (roles, platform, organization)
• Consistent use of authorization flags for conditional field access
• Proper privilege checking through authorization objects

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify authorization checks across the codebase

# Check for other queries that might need the authorization parameter
echo "Queries potentially needing authorization:"
rg "query.*\(" --type graphql -l | xargs rg "User.*{" -l

# Check for proper authorization checks in resolvers
echo -e "\nChecking resolver implementations:"
rg "class.*Resolver" -A 10

Length of output: 377

---

Script:

#!/bin/bash
# Search for GraphQL queries and authorization patterns
echo "=== GraphQL Queries with Authorization ==="
fd -e graphql -x cat {} | grep -B2 -A2 "query.*Authorization"

echo -e "\n=== Authorization Checks in Resolvers ==="
# Look for resolver files and authorization patterns
fd -e ts -e js | xargs grep -l "Resolver\|@Resolver" | while read -r file; do
  echo "=== File: $file ==="
  cat "$file" | grep -A 5 -B 5 "authorize\|permission\|@Auth\|@Allow"
done

echo -e "\n=== Security Decorators Usage ==="
rg "@(Auth|Authorized|Allow|Permission)" -A 2

Length of output: 7580

[ccanos]

Closed in favor of #7541