[LFXV2-1505] Add per-artifact viewer relations to v1_past_meeting FGA type#129
Conversation
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
WalkthroughRemoved artifact-specific types for recording, transcript, and summary and moved their conditional relations into Changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes 🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
charts/lfx-platform/templates/openfga/model.yaml (1)
25-28:⚠️ Potential issue | 🟡 MinorIncrement the minor version to reflect the added relations.
The version remained at 10.0.0 despite adding 12 new relations to
v1_past_meeting. Per the versioning guidelines (lines 15-19), additions of relations require a minor version bump. Change the version to 10.1.0.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@charts/lfx-platform/templates/openfga/model.yaml` around lines 25 - 28, Update the OpenFGA model version block to reflect the added relations by bumping the minor version from 10.0.0 to 10.1.0; specifically edit the version: major/minor/patch mapping in the model.yaml (the version block) so minor becomes 1, ensuring the change aligns with the additions to the v1_past_meeting relations.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Outside diff comments:
In `@charts/lfx-platform/templates/openfga/model.yaml`:
- Around line 25-28: Update the OpenFGA model version block to reflect the added
relations by bumping the minor version from 10.0.0 to 10.1.0; specifically edit
the version: major/minor/patch mapping in the model.yaml (the version block) so
minor becomes 1, ensuring the change aligns with the additions to the
v1_past_meeting relations.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: f3160c5c-aabb-458d-b3fe-f69d97304e09
📒 Files selected for processing (1)
charts/lfx-platform/templates/openfga/model.yaml
There was a problem hiding this comment.
Pull request overview
Updates the OpenFGA authorization model to support per-artifact access control on v1_past_meeting, enabling the meeting service to write tuples for recording, transcript, and AI summary access independently of the base viewer relation.
Changes:
- Added
recording_viewer,transcript_viewer, andai_summary_viewerrelations tov1_past_meeting. - Added conditional, self-referential
past_meeting_for_*_*_viewreference relations to gate artifact access by host/attendee/invitee roles.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
… type Add recording_viewer, transcript_viewer, and ai_summary_viewer relations to v1_past_meeting, each backed by self-referential past_meeting_for_*_view reference relations that delegate to the existing host/attendee/invitee roles. This allows the meeting service to express per-artifact access settings (recording_access, transcript_access, ai_summary_access) as named tuples on the parent past meeting object rather than scattering them across per-artifact FGA objects. Generated with [Claude Code](https://claude.ai/code) Signed-off-by: Andres Tobon <andrest2455@gmail.com>
andrest50
force-pushed
the
fix/LFXV2-1505-artifact-viewer-relations
branch
from
476940e to
3fec56e
Compare
…ial flag tuples Document the expected tuple shape for the per-artifact conditional access relations so it is clear how the meeting service is expected to write them. Also clarify that "participant" access level means invitee+attendee. Declined to rename past_meeting_for_participant_*_view: "participant" is the access level name (invitee OR attendee), which matches the recording_access / transcript_access / ai_summary_access vocabulary in the meeting service. Generated with [Claude Code](https://claude.ai/code) Signed-off-by: Andres Tobon <andrest2455@gmail.com>
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@charts/lfx-platform/templates/openfga/model.yaml`:
- Around line 304-325: You added new relations to the type v1_past_meeting but
did not bump the authorization model version; update the model version string
(currently "10.1.0") to the next minor version (e.g., "10.2.0") in the model
header so the schema change is versioned alongside the new relations (ensure the
version field that declares the model version is updated wherever it appears).
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 3da2b440-4fec-49be-b4b1-8ea1f08a0ddc
📒 Files selected for processing (1)
charts/lfx-platform/templates/openfga/model.yaml
…ry FGA types These three artifact types are no longer needed. Access control for recordings, transcripts, and AI summaries is now handled entirely via named relations on v1_past_meeting (recording_viewer, transcript_viewer, ai_summary_viewer) using self-referential flag tuples. No Heimdall ruleset or query service references to these types remain. Generated with [Claude Code](https://claude.ai/code) Signed-off-by: Andres Tobon <andrest2455@gmail.com>
Removing three FGA types (v1_past_meeting_recording, v1_past_meeting_transcript, v1_past_meeting_summary) is a major change per versioning guidelines. Generated with [Claude Code](https://claude.ai/code) Signed-off-by: Andres Tobon <andrest2455@gmail.com>
Resolve merge conflict and bump minor version for new relations added to v1_past_meeting FGA type. Generated with [Claude Code](https://claude.ai/code) Signed-off-by: Andres Tobon <andrest2455@gmail.com>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 1 out of 1 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
…ionships Keep v1_past_meeting_recording, v1_past_meeting_transcript, and v1_past_meeting_summary types in the authorization model since existing tuples referencing these types are still active and must not be broken before the new per-artifact relations are fully patched in. Generated with [Claude Code](https://claude.ai/code) Signed-off-by: Andres Tobon <andrest2455@gmail.com>
Summary
Adds
recording_viewer,transcript_viewer, andai_summary_viewerrelations to thev1_past_meetingFGA type. Each is backed by three self-referentialpast_meeting_for_*_viewreference relations that delegate to the existinghost/attendee/inviteeroles.This unblocks the companion meeting-service change (linuxfoundation/lfx-v2-meeting-service#146) which writes FGA tuples using these new relations when a past meeting's
recording_access,transcript_access, orai_summary_accessis set.Ticket
LFXV2-1505
🤖 Generated with Claude Code