Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add check that user can view feature before sending change notification email #4676

Merged
merged 1 commit into from
Jan 9, 2025
Merged

Add check that user can view feature before sending change notification email #4676

merged 1 commit into from
Jan 9, 2025

Conversation

yanndago
Copy link
Collaborator

@yanndago yanndago commented Jan 8, 2025

Changes on features that become confidential should not be sent to users that cannot see them

@yanndago yanndago requested a review from jrobbins January 8, 2025 20:00
@yanndago yanndago merged commit acab78e into GoogleChrome:main Jan 9, 2025
7 checks passed
@jrobbins jrobbins mentioned this pull request Jan 10, 2025
Merged
@jrobbins
Copy link
Collaborator

This caused the notification generation task to fail with an exception.
It looks like maybe triggering_user_email is None:

Starting to notify subscribers for feature {'id': 6341838249394176, 'name': 'enterprise with screenshots', 'summary': 'this is where screenshots go to hide and seek in the open', 'blink_components': ['Enterprise'], 'star_count': 1, 'search_tags': [], 'created': {'by': '[email protected]', 'when': '2024-12-12 20:39:24.363234'}, 'updated': {'by': '[email protected]', 'when': '2025-01-10 01:09:05.583087'}, 'category': 'Miscellaneous', 'category_int': 2, 'feature_notes': None, 'web_feature': None, 'enterprise_feature_categories': [], 'enterprise_product_category': 0, 'stages': [{'id': 5921145998278656, 'created': '2024-12-12 20:39:24.549777', 'feature_id': 6341838249394176, 'stage_type': 1061, 'display_name': None, 'intent_stage': 10, 'pm_emails': [], 'tl_emails': [], 'ux_emails': [], 'te_emails': [], 'intent_thread_url': None, 'announcement_url': None, 'experiment_goals': None, 'experiment_risks': None, 'origin_trial_id': None, 'origin_trial_feedback_url': None, 'ot_action_requested': False, 'ot_approval_buganizer_component': None, 'ot_approval_buganizer_custom_field_id': None, 'ot_approval_criteria_url': None, 'ot_approval_group_email': None, 'ot_chromium_trial_name': None, 'ot_description': None, 'ot_display_name': None, 'ot_documentation_url': None, 'ot_emails': [], 'ot_feedback_submission_url': None, 'ot_has_third_party_support': False, 'ot_is_critical_trial': False, 'ot_is_deprecation_trial': False, 'ot_owner_email': None, 'ot_require_approvals': False, 'ot_use_counter_bucket_number': None, 'ot_webfeature_use_counter': None, 'extensions': [], 'experiment_extension_reason': None, 'ot_stage_id': None, 'finch_url': None, 'rollout_milestone': 133, 'rollout_platforms': ['1', '3'], 'rollout_details': None, 'rollout_impact': 2, 'enterprise_policies': [], 'desktop_first': None, 'android_first': None, 'ios_first': None, 'webview_first': None, 'desktop_last': None, 'android_last': None, 'ios_last': None, 'webview_last': None}], 'accurate_as_of': '2024-12-12 20:39:24.362600', 'creator_email': '[email protected]', 'updater_email': '[email protected]', 'owner_emails': ['[email protected]'], 'editor_emails': [], 'cc_emails': [], 'spec_mentor_emails': [], 'unlisted': False, 'deleted': False, 'editors': [], 'cc_recipients': [], 'spec_mentors': [], 'creator': '[email protected]', 'feature_type': 'New Feature or removal affecting enterprises', 'feature_type_int': 4, 'intent_stage': 'None', 'intent_stage_int': 0, 'active_stage_id': None, 'bug_url': None, 'launch_bug_url': None, 'new_crbug_url': 'https://bugs.chromium.org/p/chromium/issues/entry?components=Enterprise&[email protected]', 'screenshot_links': ['https://img640-dot-cr-status-staging.appspot.com/feature/6341838249394176/attachment/5674880646512640'], 'first_enterprise_notification_milestone': 135, 'enterprise_impact': 2, 'breaking_change': False, 'confidential': True, 'shipping_year': None, 'flag_name': None, 'finch_name': None, 'non_finch_justification': None, 'ongoing_constraints': None, 'motivation': None, 'devtrial_instructions': None, 'activation_risks': None, 'measurement': None, 'availability_expectation': None, 'adoption_expectation': None, 'adoption_plan': None, 'initial_public_proposal_url': None, 'explainer_links': [], 'requires_embedder_support': False, 'spec_link': None, 'api_spec': False, 'interop_compat_risks': None, 'all_platforms': None, 'all_platforms_descr': None, 'non_oss_deps': None, 'anticipated_spec_changes': None, 'security_risks': None, 'ergonomics_risks': None, 'wpt': None, 'wpt_descr': None, 'webview_risks': None, 'devrel_emails': [], 'debuggability': None, 'doc_links': [], 'sample_links': [], 'prefixed': None, 'tags': [], 'tag_review': None, 'tag_review_status': 'Not applicable', 'tag_review_status_int': 4, 'security_review_status': 'Pending', 'security_review_status_int': 1, 'privacy_review_status': 'Pending', 'privacy_review_status_int': 1, 'updated_display': None, 'resources': {'samples': [], 'docs': []}, 'comments': None, 'ff_views': 5, 'safari_views': 5, 'web_dev_views': 4, 'browsers': {'chrome': {'bug': None, 'blink_components': ['Enterprise'], 'devrel': [], 'owners': ['[email protected]'], 'origintrial': False, 'intervention': False, 'prefixed': None, 'flag': False, 'status': {'text': 'No active development', 'val': 1, 'milestone_str': 'No active development'}, 'desktop': None, 'android': None, 'webview': None, 'ios': None}, 'ff': {'view': {'url': None, 'notes': None, 'text': 'No signal', 'val': 5}}, 'safari': {'view': {'url': None, 'notes': None, 'text': 'No signal', 'val': 5}}, 'webdev': {'view': {'text': 'No signals', 'val': 4, 'url': None, 'notes': None}}, 'other': {'view': {'text': None, 'val': None, 'url': None, 'notes': None}}}, 'standards': {'spec': None, 'maturity': {'text': None, 'short_text': 'Unknown status', 'val': 0}}, 'is_released': False, 'is_enterprise_feature': True, 'experiment_timeline': None}

Exception on /tasks/email-subscribers [POST]
Traceback (most recent call last):
  File "/layers/google.python.pip/pip/lib/python3.11/site-packages/flask/app.py", line 2190, in wsgi_app
    response = self.full_dispatch_request()
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/layers/google.python.pip/pip/lib/python3.11/site-packages/flask/app.py", line 1486, in full_dispatch_request
    rv = self.handle_user_exception(e)
         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/layers/google.python.pip/pip/lib/python3.11/site-packages/flask_cors/extension.py", line 194, in wrapped_function
    return cors_after_request(app.make_response(f(*args, **kwargs)))
                                                ^^^^^^^^^^^^^^^^^^
  File "/layers/google.python.pip/pip/lib/python3.11/site-packages/flask/app.py", line 1484, in full_dispatch_request
    rv = self.dispatch_request()
         ^^^^^^^^^^^^^^^^^^^^^^^
  File "/layers/google.python.pip/pip/lib/python3.11/site-packages/flask/app.py", line 1469, in dispatch_request
    return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/layers/google.python.pip/pip/lib/python3.11/site-packages/flask/views.py", line 109, in view
    return current_app.ensure_sync(self.dispatch_request)(**kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/layers/google.python.pip/pip/lib/python3.11/site-packages/flask/views.py", line 190, in dispatch_request
    return current_app.ensure_sync(meth)(**kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/srv/framework/basehandlers.py", line 575, in post
    handler_data = self.process_post_data(*args, **kwargs)
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/srv/internals/notifier.py", line 458, in process_post_data
    can_view_feature = permissions.can_view_feature(user, fe)
                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/srv/framework/permissions.py", line 80, in can_view_feature
    return not feature.confidential or _can_view_confidential_feature(user, feature)
                                       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/srv/framework/permissions.py", line 90, in _can_view_confidential_feature
    if is_google_or_chromium_account(user) or can_admin_site(user):
       ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/srv/framework/permissions.py", line 44, in is_google_or_chromium_account
    return user.email().endswith(('@chromium.org', '@google.com'))
           ^^^^^^^^^^^^^^^^^^^^^
AttributeError: 'NoneType' object has no attribute 'endswith'

But, also, the triggering user is the person who made the edit to the feature. That user should always have permission to view the feature. I think what you want to check is the permission for the person being notified. That would need to be done in a different function:
https://github.com/GoogleChrome/chromium-dashboard/blob/main/internals/notifier.py#L277

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jrobbins jrobbins jrobbins approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@yanndago @jrobbins