Prevent removing last _ALL right from entity collaborator #4464
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This pull request changes the SetCollaborator RPCs of the Identity Server to ensure that every entity has at least one collaborator with the
_ALL
right.We previously thought that users deleting their own account was a problem and worked on handling that (#3458 / #3616; eventually dropped), but in fact it's much more common for users to accidentally revoke their collaborator access from their entities, which should be solved by this PR.
Refs https://www.thethingsnetwork.org/forum/t/move-your-ttig-to-v3-yes/49287/59?u=htdvisser
Testing
I've extended the existing tests a little, but couldn't reliably cover the error itself because of the randomly populated database. Luckily we can still monkey-test this:
Regressions
This could make it impossible to update collaborators of entities that already don't have a collaborator with the
_ALL
right.Notes for Reviewers
This doesn't fully cover accidental loss of access to entities when rights are granted through organizations, but I think it's already better than having no protection at all.
Checklist
README.md
for the chosen target branch.CHANGELOG.md
.CONTRIBUTING.md
, there are no fixup commits left.