RHS Subscriptions

[lieut-data]

Summary

Highlight channel subscriptions in the RHS:

When there are no subscriptions:

And when not signed in:

For this change, I tried to stick with the existing dependencies as I didn't want to take on ownership of upgrading package-lock.json. (The styles would have been much clearer with styled-components, or even SASS.)

For context on this feature, see the private channel https://community.mattermost.com/private-core/channels/gitlab-strategic-integration.

[lieut-data]

The tests are failing, it seems because there simply is no test target for the webapp. Wondering if something changed in the upstream orbs?

[lieut-data]

This constrains the websocket event to members of the channel, /but/ I see there is logic in the plugin around some users being denied access to some subset of projects. Worse, it looks like these permission checks actually involve a round trip per user -- is there some background information I can learn about?

[ashishbhate]

IIUC, but isn't it implied that access to the channel gives access to the subscription information?
So shouldn't this be left to channel admins (by controlling channel memberships)?

[mickmister]

@lieut-data It looks like the /gitlab subscriptions list command does not filter on any sort of permission checks, which is sort of the equivalent of this websocket message right? I'm thinking we may not need any further access control other than scoping it to the specific channel, as you've done here.

[lieut-data]

Awesome, thank you for this feedback -- will leave this as-is.

[codecov]

Codecov Report

Base: 28.48% // Head: 33.06% // Increases project coverage by +4.57% 🎉

Coverage data is based on head (2b6f434) compared to base (0d69bb5).
Patch coverage: 65.62% of modified lines in pull request are covered.

Additional details and impacted files

@@            Coverage Diff             @@
##           master     #333      +/-   ##
==========================================
+ Coverage   28.48%   33.06%   +4.57%     
==========================================
  Files          20       20              
  Lines        2619     2683      +64     
==========================================
+ Hits          746      887     +141     
+ Misses       1789     1689     -100     
- Partials       84      107      +23     

Impacted Files	Coverage Δ
server/command.go	26.34% <50.00%> (+0.11%)	⬆️
server/plugin.go	15.38% <53.84%> (+5.84%)	⬆️
server/api.go	23.20% <75.00%> (+23.19%)	⬆️
server/subscriptions.go	50.98% <0.00%> (+3.92%)	⬆️
server/utils.go	72.97% <0.00%> (+35.13%)	⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

[ashishbhate]

LGTM, I don't know the Gitlab side of things very well (or plugins in general, tbh) so my review focuses on the actual written code.

I'll defer to the other reviewers on the high-level view.

[ashishbhate]

We should probably check the err returned here. IIRC, we've had some incidents on the server around JSON Marshalling so a quick error check helps.

[ashishbhate]

IIUC, but isn't it implied that access to the channel gives access to the subscription information?
So shouldn't this be left to channel admins (by controlling channel memberships)?

[mickmister]

Great work @lieut-data! I left some non-blocking suggestions and questions. Let me know what you think 👍

[mickmister]

This will cause CI to use this npm version, which is ahead of this project's lockfile version. When you ran npm install with npm 16.4.0, did you receive the message of patching up the lockfile? We indeed need to update the project to use node 16+

[lieut-data]

Ah, good catch! When my first attempt to compile and deploy failed, I assumed it was the node version and mistakenly copied the version from webapp, then opted not to git add package-lock.json but forgot about my changes here in .nvmrc. I'll fix this to point at the latest v14 here which I believe uses the old lock version.

[mickmister]

Can you please ensure this works locally with nvm install or nvm use if you already have this version installed?

[mickmister]

If you do test this out, please remove the node_modules folder before testing. Likely, there won't be any issues since CI is passing

[lieut-data]

Gah, I forgot to revert this. One second.

[lieut-data]

Wait, sorry, I've got too much on the go...

Yes, I can confirm this .nvmrc works locally. What I did forget to revert was the addition of styled-components to package.json.

[lieut-data]

(Also triple checked after blowing away node_modules).

[mickmister]

@lieut-data Thoughts on putting these styles in a css file? It's unfortunate that scss isn't available but I think using a regular css file should be manageable in this case

[lieut-data]

Actually, now that you've helped me with the node version, I wonder if we'd be open to just depending on the external styled-components vs. having to export global CSS rules and deal with that complexity? Let me take a stab at seeing how that plays out.

[mickmister]

@lieut-data In general, our plugins have been using scss. I know Playbooks is using styled-components and no scss now, though I'd like to keep consistency with the other plugin projects our team manages in this aspect.

Using css instead of scss can be a pain, because you don't have the same easily accessible nesting capabilities with css. Of course there's the equivalent syntax in css, which may not be too bad in this case.

I'll leave it up to you to decide how to apply styles here. I'm 2/5 on not introducing styled-components here though. Hopefully you can understand why 🙂

[lieut-data]

I'm happy to keep things simpler for the maintainers and will switch to CSS.

[mickmister]

@lieut-data It looks like the /gitlab subscriptions list command does not filter on any sort of permission checks, which is sort of the equivalent of this websocket message right? I'm thinking we may not need any further access control other than scoping it to the specific channel, as you've done here.

[ashishbhate]

I just ran into this while deploying:

JoinPath was added in Go 1.19 https://pkg.go.dev/net/url#URL.JoinPath

The go.mod for this project states that it works with go 1.16.

The mattermost-server project requires go 1.18.

[lieut-data]

Thank you for this: I didn't even check the supported versions on this method!

[mickmister]

LGTM! Just one request to remove the styled-components dependency. Great work @lieut-data!

[mickmister]

Just so I understand, is the selector repeated to increase specificity?

[mickmister]

We can remove this since styled-components is not being used anymore

[mickmister]

@spirosoik I'll leave it up to you if you would like to review before merge, or we can call this dev reviewed since @ashishbhate and I both looked at it. As @ashishbhate mentioned, he's not as familiar with the project, which is why I'm giving you a decision here. Please let me know your thoughts

[lieut-data]

@spirosoik & @DHaussermann, is there anything you'd like to take a peek at before we merge?

[DHaussermann]

Hi @lieut-data I took a look at this PR. This is woking as expected. I did see a coupe issues. Points 1. and 2. maybe worth investigating before we merge to see if there are quick solutions.

• Connection state and state where the signed in user is shown seem to work fine
• RHS is correctly aware of current channel open when fetching list and updated in real time as channels change
• New elements have reasonable contrast in all themes
• Performed CRUD testing on subscription
• Adds, Edit and Deletes do all work to update the RHS view

1. The App Bar icon works as expected. But, there is no fail-over icon shown in the channel header if App Bar is in the off state (Also likely no legacy monochromatic icon exists for GitLab yet)
2. When deleting a subscription a "refresh" event such as a channel change or RHS open / close must occur for the newly deleted subscription to no longer show. (Using the add command to change the feature list of an existing subscription does update in real time
3. When App Bar is first enabled a webapp refresh is required to see the icon. No issue if the App bar is already on when the plugin is enabled. 0/5 This feels like an App Bar issue not specific to GitLab a vaguely remember seeing this before. @mickmister may know about what causes this.

[spirosoik]

LGTM

[lieut-data]

Thanks again, @DHaussermann!

re: 1, I'm syncing with Neil on next steps: stay tuned!

re: 2, I'm not currently able to reproduce, with subscriptions being added and deleted as the slash commands are being invoked. Is there any extra detail you can help provide on how you reproduced?

Subscriptions.-.Websockets.mp4

re: 3, I agree with your assessment.

[lieut-data]

re: 1, I synced with Neil and we agreed to keep this "apps bar only". Thanks for raising that, @DHaussermann :)

[DHaussermann]

@lieut-data for 1. this is a bit strange I saw this 2 or 3 times in a row so, I thought it was consistently reproducible. Now I can not see the issue either. Delete works in real time. I wonder if something else may have been happening on the server at the time? I've also gone back and checked 2 other servers and they are working normally as well.

Give the relatively low impact and that I have no concrete details. I feel we should consider it resolved. If I see this again - now that I know it intermittent - I'll see if there is info on the network tab I can capture and the I can open a separate issue to prioritize and address.

[DHaussermann]

Tested and passed as per testing notes above ☝️

For the issues found:

1. No change will be made and the icon will only show in the App Bar
2. Is no longer reproducible. Dylan will open a new issue with console details if it is seen again
3. Is not specific to the GitHub integration

As such no further code changes or functional testing needed for this PR.
LGTM!

@lieut-data Please merge when you have a chance.

[lieut-data]

Sweet, thank you @DHaussermann :)