Add support for invite-only groups.

Review Request #1889 — Created Nov. 1, 2010 and submitted


Review Board


Add support for invite-only groups.

This provides support for marking a group as invite-only. An invite-only
group cannot be viewed by non-members of the group, either through the web
or the API.

A review request targetting only invite-only groups cannot be viewed unless
the user is either explicitly specified on the review request or they're
a member of at least one of the targetted groups.

If a review request has any public groups listed, then the review request will
be visible. We operate on the principle that things are by default open, and
to make a review request private, it must go out to private groups.

This will be extended later to support repository access control.

Users will be able to see review requests and groups that you may not have
access to in the various lists. This may change in a future commit, but right
now the filtering is done on access and not on list. The only place where
this is actually a problem is on the "All Review Requests" page, since if it's
on your dashboard, you won't be able to see it. The Groups page filters
as well.
Unit tests passed.

I tested this with a dummy user on my dev server and verified that I couldn't access the groups or review requests I didn't have permission to access. Same with the API.
Review request changed
  1. By and large this looks pretty good. Should we filter the autocomplete and/or prevent people from sending reviews to groups that they're not a member of?
    What about feeds, reports, "All Review Requests", search?
    1. I definitely want to add filtering for review requests. I need to think of how best to do it, but I think I know what I want to do there. I'll tackle that separately. I don't know about filtering groups, though. Maybe you should be able to see the groups. Actually, maybe we should have a "visible" flag like we do with repositories. Might also be handy for hiding old groups.
      Whether or not to prevent users from specifying invite-only groups is something we need to think about. There's no security risk in sending to an invite-only group, and it may actually be desirable. Say there's a "security" group that is invite-only. Consists only of a security team. It might still be good to be able to specify them as reviewers when their opinion is needed. So I'd lean toward allowing that still, but definitely filtering out ones that the user wouldn't have access to.
  2. It would be nice if this could also be used for the LocalSite work.
    1. Yeah. We should just add the local_site check into is_accessible_by, probably. That'll require some new testing. I'll do that in another change.