-
Notifications
You must be signed in to change notification settings - Fork 385
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Misc. UserGroup clean-up #10585
base: master
Are you sure you want to change the base?
Misc. UserGroup clean-up #10585
Conversation
Not used anywhere
It's just a style difference at this point. This also makes it more obvious at call site if special OAuth behavior will occur
*/ | ||
public function isGroup($group) | ||
public function isGroup(Group|string $group, ?string $ruleset = null, bool $allowOAuth = false): bool |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
isGroup
has always been for permission checks; existence in group and has permission of group checks should not share the same method.
/** | ||
* Get the user's usergroup corresponding to a specified group. | ||
*/ | ||
public function findUserGroup(Group|string $group, bool $includePending = false): ?UserGroup |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not keen on this type of param type overloading and having conditionals in the body to convert it when the specific type is known before hand; this isn't a parsing function.
It also means findUserGroup
implicitly picks up the auto group creating behaviour of Groups::byIdentifier
as an unexpected side-effect.
applying some of what I was thinking while working around usergroups / group permissions / group history / etc for a while. I thought this would be good to get out of the way before (eventually) looking into expanding group permissions over the API for some project loved things.
imo the main problem with a lot of group checking code is that it factors in the current request's oauth token, so then these methods are only really valid when called on the current user, and as the developer you have to be mindful of which methods concern authorization/permissions/etc and which just get the data they suggest. while not solved in this PR, I consolidated the various kinds of group checks so that in most cases it will be clear when things are intentionally bypassing the contained oauth check
some other time I will look into getting that oauth token check out of the User model. but this was already a rabbit hole so I'm just PRing what I did so far