-
Notifications
You must be signed in to change notification settings - Fork 86
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix message queries #1305
Fix message queries #1305
Conversation
An issue that this PR does not yet address is that we are not allowing a user to view the
|
To clarify the above, the If we were to go with the second option above, we would need to also query messages joined with conversations where the user is the target, and scope the messages queryable by that. |
The former option is likely simpler but more inflexible. The second option will always provide us with the data we want but at a higher overhead. |
Thinking about this further, there is, as of yet, no data on the message record that the user could not see that is not scoped in some other way. They can and should see the body, who initiated the conversation, the subject, the author, and the project. The conversations would be scoped if they tried to access the endpoints for them. We may only need the query for now and can open up a follow-on issue to scope the JSON in the event we add more sensitive fields to the message record. |
Valid points. The way I see it, from a user's point of view, they care about the conversation and conversation part. The message record is a special, project-only thing which allows projects to message multiple users at once. I agree we may only need what we have for now, but if that becomes false, the most logical solution for me would be to clone the respective fields to the conversation and handle it that way. The users then care about conversations and conversation parts only, while projects also care about messages. That being said, I think then we need to think about needing the message in the first place. In the hypothetical scenario where we are messaging multiple users, we are creating multiple conversations and one message. Since all those conversations are duplicating fields on the message, the only role the message serves is some sort of strange "hard grouping" of conversations. We could easily go with "soft" grouping on the client. It would probably save us a bunch of database as well as API queries. |
The messages are going to be necessary, particularly when we add in auto-messages. In the current UI they appear superfluous, but there is more coming there that does not make them superfluous. |
@joshsmith I've pushed up the agreed-upon change in The A more concrete example Project admin sends With the old policy, With the new message policy, We don't want the user to see |
- adds user_id query for messages - update Message policy to allow viewing of Message records where user is target of Conversation child
bd8d5d5
to
bb3ec89
Compare
Can't approve since my PR, but 👍 and will merge. |
What's in this PR?
Fixes some issues with messages.
WIP.
user_filter