feat: honor "*" allow-all wildcard in Slack/Mattermost/Twitch user allowlists#605
Open
slvnlrt wants to merge 1 commit into
Open
feat: honor "*" allow-all wildcard in Slack/Mattermost/Twitch user allowlists#605slvnlrt wants to merge 1 commit into
slvnlrt wants to merge 1 commit into
Conversation
Slack, Mattermost, and Twitch allowlists matched user IDs by exact value only, so there was no way to allow every DM/user without enumerating each one — and a list of ["*"] silently matched nobody. The Signal adapter already treats "*" as an explicit allow-all wildcard; this aligns the other string-keyed adapters with that convention. - SlackPermissions::dm_user_allowed / MattermostPermissions::dm_user_allowed (fail-closed: an empty list still blocks all DMs; "*" allows all) - TwitchPermissions::user_allowed (fail-open: an empty list still allows all, preserving existing behavior; "*" allows all; matching is case-insensitive) - the adapters call the new helpers; behavior is unchanged except that "*" now means allow-all instead of matching a literal "*" id Discord and Telegram parse their allowlists into integer id vectors (Vec<u64> / Vec<i64>), so "*" is not representable there; an allow-all for those would need a separate flag and is out of scope here. Adds unit tests covering each adapter's empty / wildcard / exact-match cases.
Contributor
WalkthroughAdds allowlist helper methods for Slack, Twitch, and Mattermost permissions, updates messaging adapters to use those helpers for DM/user filtering, and adds unit tests for wildcard and empty-allowlist behavior. ChangesPermission allowlist changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
🧹 Nitpick comments (1)
src/config/permissions.rs (1)
654-654: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick winUse a descriptive variable name instead of
p.These changed tests abbreviate
permissionsasp; renaming it keeps the test code aligned with the repository naming rule.As per coding guidelines,
src/**/*.rs: “Don't abbreviate variable names. Usequeuenotq,messagenotmsg,channelnotch.”Also applies to: 666-666, 685-685, 701-701, 708-708
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@src/config/permissions.rs` at line 654, The test variables are abbreviated as p, which violates the repository naming rule against short variable names. Rename the permission variable in the affected test cases to a descriptive name such as permissions, and update the related usages in the same test block so the names are consistent with the surrounding Rust code and the existing naming convention.Source: Coding guidelines
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Nitpick comments:
In `@src/config/permissions.rs`:
- Line 654: The test variables are abbreviated as p, which violates the
repository naming rule against short variable names. Rename the permission
variable in the affected test cases to a descriptive name such as permissions,
and update the related usages in the same test block so the names are consistent
with the surrounding Rust code and the existing naming convention.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 698a34f6-c5d0-49bf-ab1e-ac09873577eb
📒 Files selected for processing (4)
src/config/permissions.rssrc/messaging/mattermost.rssrc/messaging/slack.rssrc/messaging/twitch.rs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Aligns the string-keyed messaging adapters — Slack, Mattermost, and Twitch — to honor a
"*"allow-all wildcard in their DM / user allowlists, matching the convention the Signal adapter already uses.Why
Today only Signal treats
"*"as allow-all. The other adapters match user IDs by exact value, so:["*"]silently matches nobody — a footgun, since it reads like "allow all" but matches only a literal"*"id.How
A small helper per permission struct, with each adapter's existing inline check routed through it. Behavior is unchanged except that
"*"now means allow-all:SlackPermissions::dm_user_allowed/MattermostPermissions::dm_user_allowed— fail-closed: an empty list still blocks all DMs;"*"allows all.TwitchPermissions::user_allowed— fail-open: an empty list still allows all users (preserving existing behavior);"*"allows all; matching stays case-insensitive.Each adapter's empty-list semantics are preserved exactly.
Scope
Discord and Telegram parse their allowlists into integer id vectors (
Vec<u64>/Vec<i64>), so"*"is not representable there; an allow-all for those would need a separate flag and is left out of scope.Tests
Adds unit tests for each adapter covering empty / wildcard / exact (and case-insensitive, for Twitch) matching.
cargo test --libis green;cargo fmt --checkandcargo clippyare clean.Note
Adds three new helper methods (
SlackPermissions::dm_user_allowed,MattermostPermissions::dm_user_allowed,TwitchPermissions::user_allowed) that encapsulate the permission check logic and support wildcard matching. The implementation updates call sites inslack.rs,mattermost.rs, andtwitch.rsto use these helpers, consolidating the duplication and fixing the footgun where["*"]previously matched nobody. Unit tests cover empty, wildcard, and exact matching scenarios for each adapter, with case-insensitive matching for Twitch.Written by Tembo for commit d0ee4de. This will update automatically on new commits.