[Debt] Update how roles are set as part of communities changes

[vd1992]

🤖 Resolves #10351

👋 Introduction

Describe what this PR is solving.

🕵️ Details

Add any additional details that could assist with reviewing or testing this PR.

🧪 Testing

Assist reviewers with steps they can take to test that the PR does what it says it does.

1. ...
2. ...

📸 Screenshot

Add a screenshot (if possible).

🚚 Deployment

Add any additional details that are required for deploying the application.

Examples of when this is required include:

• re-running database seeders
• environment variable changes

Notes

• Remove deployment section if no steps are needed
• Add deployment label to the linked issue if deployment steps are needed

[codecov-commenter]

⚠️ Please install the to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

Attention: Patch coverage is 57.69231% with 33 lines in your changes missing coverage. Please review.

Project coverage is 38.66%. Comparing base (b34af3f) to head (dcceb4d).

Files	Patch %	Lines
api/app/Policies/UserPolicy.php	75.00%	15 Missing ⚠️
...eamMembersPage/components/EditTeamMemberDialog.tsx	0.00%	9 Missing ⚠️
...s/UpdateUserPage/components/EditTeamRoleDialog.tsx	0.00%	9 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff              @@
##               main   #10791      +/-   ##
============================================
+ Coverage     38.61%   38.66%   +0.04%     
- Complexity     1654     1695      +41     
============================================
  Files          1013     1013              
  Lines         30906    30980      +74     
  Branches       6442     6450       +8     
============================================
+ Hits          11934    11977      +43     
- Misses        18797    18827      +30     
- Partials        175      176       +1     

Flag	Coverage Δ
integrationtests	67.87% <75.00%> (+0.05%)	⬆️
unittests	31.47% <0.00%> (-0.03%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[vd1992]

Okay @tristan-orourke

I did the suggested sync removal in 7e2d841 and the replace/deprecate in 7c660bb
Then set up the permission asserting in the remaining commits

Thoughts on things so far? Right direction?

[tristan-orourke]

Great job on the frontend, I like how you got replaced sync with attach & detach.

The downside is that the UserPolicy->updateRoles method is real ugly, now. 😆 And I expected that, but now that I see it I have a suggestion. What if we create a mutation class to handle updateUserRoles, and move some of the logic (especially for processing the input) from the Policy to there? The goal would be to end up with a policy method (or possibly break it down into several) which is straightforward and easy to read.

[vd1992]

The downside is that the UserPolicy->updateRoles method is real ugly, now. 😆 And I expected that, but now that I see it I have a suggestion. What if we create a mutation class to handle updateUserRoles, and move some of the logic (especially for processing the input) from the Policy to there? The goal would be to end up with a policy method (or possibly break it down into several) which is straightforward and easy to read.

I'm not sure I follow. The policy check precedes the mutation, so I don't see how you can shift the logic into the latter.

The operation itself is complex given it involves attach and detach, team-based roles. non-team roles, and all the possible roles and permissions present. I don't know how we can circumvent a complex policy check given it is a complex authorization process short of refactoring the role mutations in the front and back into separate granular mutations for each single role you can add/remove.