robere2
commented
1 year ago Note: The reason we do not check permissions before creating them is because services (i.e. Prisma) may generate or change the values supplied. We want to include these generated values in our permission checks.
Normally, when a user mutates an object in the API, the flow looks something like this:
createUserrequest for this example)With streams, they are not published through Prisma. This means that even if a user's value-based permission checks fail, the stream will still be created, as there is nothing to roll back. In other words, by the time the API checks if the user has permission to create the specific stream they are trying to create, it has already been sent off to the glimpse-video-control service for creation.
As an example, consider a user who has permission to stream with a
tovalue pointing toyoutube.combut notfacebook.com. When the API checks the user's permissions, it only makes sure that the user has permission to use thetovalue before sending the value to the glimpse-video-control service. Later, the API will determine that the user doesn't have permission to send tofacebook.com, but at that point it is too late, since the request has already been sent and there is no "rollback" feature.This is not a major issue, since it only applies to modules which don't use the Prisma transaction (at the moment, only the StreamModule, which in our use-case does not have conditional permissions like this at the moment). A more general-purpose rollback mechanism should perhaps be created during the inevitable StreamModule rewrite.