project/collaborators: implement ownership management #8669
Conversation
haraldschilly
force-pushed
the
project-transfer-ownership-7718
branch
from
6be9911 to
b4795a6
Compare
haraldschilly
changed the title
haraldschilly
force-pushed
the
project-transfer-ownership-7718
branch
18 times, most recently
from
1f9dee6 to
8a97abf
Compare
haraldschilly
force-pushed
the
project-transfer-ownership-7718
branch
from
8a97abf to
2552dd7
Compare
haraldschilly
added
the
PR-TODO-cocalc2
…ount – just uses up resources, when not used, and add delay after creating accounts
haraldschilly
force-pushed
the
project-transfer-ownership-7718
branch
from
db46067 to
1e10ad7
Compare
…f cached values and add test
|
@codex review |
|
Codex Review: Didn't find any major issues. Breezy! ℹ️ About Codex in GitHubYour team has set up Codex to review pull requests in this repo. Reviews are triggered when you
If Codex has suggestions, it will comment; otherwise it will react with 👍. Codex can also answer questions or update the PR. Try commenting "@codex address that feedback". |
haraldschilly
added
PR-needs testing
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
cocalc/src/packages/server/projects/collab.ts
Lines 76 to 80 in ecc4be4
Owner-only removal bypassed via REST endpoint
The new manage_users_owner_only/strict_collaborator_management enforcement is only applied in server/projects/collaborators.ts, but the public REST endpoint /api/v2/projects/collaborators/remove still calls remove_collaborators_from_projects, which only checks generic write access and never consults the owner-only flag. A collaborator can therefore POST to that endpoint and remove other collaborators even when the project or site setting is supposed to limit collaborator management to owners. This leaves the new restriction ineffective for clients using the REST API.
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
@codex review latest change |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
haraldschilly
force-pushed
the
project-transfer-ownership-7718
branch
from
450c20f to
549595f
Compare
|
@codex do another review of the last commit |
There was a problem hiding this comment.
💡 Codex Review
cocalc/src/packages/frontend/projects/actions.ts
Lines 643 to 647 in 549595f
Log collaborator removals only after backend succeeds
The project history entry for remove_collaborator is written before the backend call is made. With the new ownership checks (e.g., owner-only management or blocking owner removals), the server can now reject the removal, yet the log entry will already have been persisted, leaving an audit trail that claims a user was removed when nothing changed. Logging after a successful project_collaborators.remove call (as done for change_user_type below) would keep the history accurate.
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
haraldschilly
force-pushed
the
project-transfer-ownership-7718
branch
from
549595f to
e1570bd
Compare
noFirstProject:trueto many create account calls to avoid that. Also, in one tests was a delay with a cryptic note – copying that to several more placed, also account creation related. This makes more tests pass for me locally.screenshots
The panels below are from the perspective of a collaborator, with and without owner-only management of collaborators (adding/removing). In all situations, though, someone is able to remove oneself.
site setting, enforcing this setting for all projects
changing role
if there is just one owner left, the owner can't demote oneself