oxen-io
diff --git a/‎api.yaml‎
Lines changed: 35 additions & 4 deletions b/‎api.yaml‎
Lines changed: 35 additions & 4 deletions
diff --git a/‎sogs/migrations/__init__.py‎
Lines changed: 2 additions & 13 deletions b/‎sogs/migrations/__init__.py‎
Lines changed: 2 additions & 13 deletions
diff --git a/‎sogs/migrations/room_accessible.py‎
Lines changed: 72 additions & 0 deletions b/‎sogs/migrations/room_accessible.py‎
Lines changed: 72 additions & 0 deletions
diff --git a/‎sogs/model/room.py‎
Lines changed: 64 additions & 17 deletions b/‎sogs/model/room.py‎
Lines changed: 64 additions & 17 deletions
@@ -37,8 +37,8 @@ paths:
       tags: [Rooms]
       summary: "Returns a list of available rooms on the server."
       description: >
-        Rooms to which the user does not have access (e.g. because they are banned) are not
-        included.
+        Rooms to which the user does not have access (e.g. because they are banned or the room or
+        requires specific access) are not included.
       responses:
         200:
           description: successful operation
@@ -63,8 +63,8 @@ paths:
                 $ref: "#/components/schemas/Room"
         403:
           description: >
-            Forbidden. Returned if the user is banned from the room or otherwise does not have read
-            access to the room.
+            Forbidden. Returned if the user is banned from the room or does not have access to the
+            room.
           content: {}
     put:
       tags: [Rooms]
@@ -104,6 +104,15 @@ paths:
                     Sets the default "read" permission (if true: users can read messages) for users
                     in this room who do not otherwise have specific permissions applied.
                   example: true
+                default_accessible:
+                  type: boolean
+                  description: >
+                    Sets the default "accessible" permission for users in this room who do not
+                    otherwise have specific permissions applied.  This accessible permission only
+                    affects users who do not have read permission: accessible without read still
+                    allows the user to access room metadata (but not messages), while both false
+                    prevents room metadata access as well.
+                  example: true
                 default_write:
                   type: boolean
                   description: >
@@ -186,6 +195,8 @@ paths:
                     $ref: "#/components/schemas/Room/properties/global_admin"
                   default_read:
                     $ref: "#/components/schemas/Room/properties/default_read"
+                  default_accessible:
+                    $ref: "#/components/schemas/Room/properties/default_accessible"
                   default_write:
                     $ref: "#/components/schemas/Room/properties/default_write"
                   default_upload:
@@ -1043,6 +1054,17 @@ paths:
                     room's messages even if the room's default allows reading.  Specifying this as
                     null will explicitly delete any user-specific read override (effectively
                     returning the user's read permission to the room's default).
+                accessible:
+                  type: boolean
+                  nullable: true
+                  example: false
+                  description: >
+                    If true this grants permission to read the room's metadata when the user doesn't
+                    have read permission.  That is, having this true and read false means the user
+                    cannot read messages, but can get information about the room, while both false
+                    means the user cannot access any details of the room.  Specifying this as null
+                    will explicitly delete any user-specific accessible override, returning the
+                    user's effective permission to the room's default.
                 write:
                   type: boolean
                   nullable: true
@@ -1659,6 +1681,15 @@ components:
             Whether new users have permission to read posts in this room by default.  This property
             is only returned if the calling user has moderator/admin permissions.
           example: true
+        default_accessible:
+          type: boolean
+          description: >
+            Whether new users have permission to access this room's information.  This property only has
+            an effect for users who do not have read permission; it is designed to be set to false
+            (along with default_read) in order to create a room that users can neither read messages
+            from nor access any room metadata.  This property is only returned if the calling user
+            has moderator/admin permissions.
+          example: true
         default_write:
           type: boolean
           description: >
 
@@ -9,6 +9,7 @@
     message_views,
     new_columns,
     new_tables,
+    room_accessible,
     seqno_etc,
     user_perm_futures,
     v_0_1_x,
@@ -33,23 +34,11 @@ def migrate(conn):
         seqno_etc,
         message_views,
         user_perm_futures,
+        room_accessible,
     ):
         changes = False
         with db.transaction(conn):
             changes = migration.migrate(conn)
         if changes:
             db.metadata.clear()
             db.metadata.reflect(bind=db.engine, views=True)
-
-
-#        migrate_v01x,
-#        add_new_tables,
-#        add_new_columns,
-#        create_message_details_deleter,
-#        check_for_hacks,
-#        seqno_etc_updates,
-#        update_message_views,
-#        user_perm_future_updates,
-
-#        add_accessible_perm_bit,
-#    ):
@@ -0,0 +1,72 @@
+import logging
+
+
+def migrate(conn):
+    """Add the room.accessible permission flag, and associated column/view changes"""
+
+    from .. import db
+
+    if 'accessible' in db.metadata.tables['rooms'].c:
+        return False
+
+    logging.warning("DB migration: adding 'accessible' room permission columns")
+
+    conn.execute("ALTER TABLE rooms ADD COLUMN accessible BOOLEAN NOT NULL DEFAULT TRUE")
+    conn.execute("ALTER TABLE user_permission_overrides ADD COLUMN accessible BOOLEAN")
+    conn.execute("DROP TRIGGER IF EXISTS user_perms_empty_cleanup")
+    conn.execute("DROP VIEW IF EXISTS user_permissions")
+
+    sqlite = db.engine.name == "sqlite"
+    conn.execute(
+        f"""
+CREATE VIEW user_permissions AS
+SELECT
+    rooms.id AS room,
+    users.id AS {'user' if sqlite else '"user"'},
+    users.session_id,
+    CASE WHEN users.banned THEN TRUE ELSE COALESCE(user_permission_overrides.banned, FALSE) END AS banned,
+    CASE WHEN users.moderator THEN TRUE ELSE COALESCE(user_permission_overrides.read, rooms.read) END AS read,
+    CASE WHEN users.moderator THEN TRUE ELSE COALESCE(user_permission_overrides.accessible, rooms.accessible) END AS accessible,
+    CASE WHEN users.moderator THEN TRUE ELSE COALESCE(user_permission_overrides.write, rooms.write) END AS write,
+    CASE WHEN users.moderator THEN TRUE ELSE COALESCE(user_permission_overrides.upload, rooms.upload) END AS upload,
+    CASE WHEN users.moderator THEN TRUE ELSE COALESCE(user_permission_overrides.moderator, FALSE) END AS moderator,
+    CASE WHEN users.admin THEN TRUE ELSE COALESCE(user_permission_overrides.admin, FALSE) END AS admin,
+    -- room_moderator will be TRUE if the user is specifically listed as a moderator of the room
+    COALESCE(user_permission_overrides.moderator OR user_permission_overrides.admin, FALSE) AS room_moderator,
+    -- global_moderator will be TRUE if the user is a global moderator/admin (note that this is
+    -- *not* exclusive of room_moderator: a moderator/admin could be listed in both).
+    COALESCE(users.moderator OR users.admin, FALSE) as global_moderator,
+    -- visible_mod will be TRUE if this mod is a publicly viewable moderator of the room
+    CASE
+        WHEN user_permission_overrides.moderator OR user_permission_overrides.admin THEN user_permission_overrides.visible_mod
+        WHEN users.moderator OR users.admin THEN users.visible_mod
+        ELSE FALSE
+    END AS visible_mod
+FROM
+    users {'JOIN' if sqlite else 'CROSS JOIN'} rooms LEFT OUTER JOIN user_permission_overrides ON
+        (users.id = user_permission_overrides.{'user' if sqlite else '"user"'} AND rooms.id = user_permission_overrides.room)
+"""  # noqa E501
+    )
+    if sqlite:
+        conn.execute(
+            """
+CREATE TRIGGER user_perms_empty_cleanup AFTER UPDATE ON user_permission_overrides
+FOR EACH ROW WHEN NOT (NEW.banned OR NEW.moderator OR NEW.admin)
+    AND COALESCE(NEW.accessible, NEW.read, NEW.write, NEW.upload) IS NULL
+BEGIN
+    DELETE from user_permission_overrides WHERE room = NEW.room AND user = NEW.user;
+END
+"""
+        )
+
+    else:
+        conn.execute(
+            """
+CREATE TRIGGER user_perms_empty_cleanup AFTER UPDATE ON user_permission_overrides
+FOR EACH ROW WHEN (NOT (NEW.banned OR NEW.moderator OR NEW.admin)
+    AND COALESCE(NEW.accessible, NEW.read, NEW.write, NEW.upload) IS NULL)
+EXECUTE PROCEDURE trigger_user_perms_empty_cleanup();
+"""
+        )
+
+    return True
@@ -46,6 +46,7 @@ class Room:
         info_updates - counter on room metadata that is automatically incremented whenever room
             metadata (name, description, image, etc.) changes for the room.
         default_read - True if default user permissions includes read permission
+        default_accessible - True if default user permissions include accessible permission
         default_write - True if default user permissions includes write permission
         default_upload - True if default user permissions includes file upload permission
     """
@@ -104,8 +105,8 @@ def _refresh(self, *, id=None, token=None, row=None, perms=False):
                 'info_updates',
             )
         )
-        self._default_read, self._default_write, self._default_upload = (
-            bool(row[c]) for c in ('read', 'write', 'upload')
+        self._default_read, self._default_accessible, self._default_write, self._default_upload = (
+            bool(row[c]) for c in ('read', 'accessible', 'write', 'upload')
         )
 
         if (
@@ -310,6 +311,16 @@ def default_read(self):
         """Returns True if this room is publicly readable (e.g. by a new user)"""
         return self._default_read
 
+    @property
+    def default_accessible(self):
+        """
+        Returns True if this room has the publicly accessible (e.g. by a new user) permission set.
+        Note that the the accessible permission only applies when `read` is false: if a user has
+        read permission then they implicitly have accessibility permission even if this field is
+        false.
+        """
+        return self._default_accessible
+
     @property
     def default_write(self):
         """Returns True if this room is publicly writable (e.g. by a new user)"""
@@ -329,6 +340,19 @@ def default_read(self, read: bool):
                 query("UPDATE rooms SET read = :read WHERE id = :r", r=self.id, read=read)
                 self._refresh(perms=True)
 
+    @default_accessible.setter
+    def default_accessible(self, accessible: bool):
+        """Sets the default accessible permission of the room"""
+
+        if accessible != self._default_accessible:
+            with db.transaction():
+                query(
+                    "UPDATE rooms SET accessible = :accessible WHERE id = :r",
+                    r=self.id,
+                    accessible=accessible,
+                )
+                self._refresh(perms=True)
+
     @default_write.setter
     def default_write(self, write: bool):
         """Sets the default write permission of the room"""
@@ -367,6 +391,7 @@ def check_permission(
         admin=False,
         moderator=False,
         read=False,
+        accessible=False,
         write=False,
         upload=False,
     ):
@@ -382,6 +407,9 @@ def check_permission(
         - admin -- if true then the user must have admin access to the room
         - moderator -- if true then the user must have moderator (or admin) access to the room
         - read -- if true then the user must have read access
+        - accessible -- if true then the user must have accessible access; note that this permission
+          is satisfied by *either* the `accessible` or `read` database flags (that is: read implies
+          accessible).
         - write -- if true then the user must have write access
         - upload -- if true then the user must have upload access; this should usually be combined
           with write=True.
@@ -392,9 +420,10 @@ def check_permission(
         """
 
         if user is None:
-            is_banned, can_read, can_write, can_upload, is_mod, is_admin = (
+            is_banned, can_read, can_access, can_write, can_upload, is_mod, is_admin = (
                 False,
                 bool(self.default_read),
+                bool(self.default_accessible),
                 bool(self.default_write),
                 bool(self.default_upload),
                 False,
@@ -404,15 +433,24 @@ def check_permission(
             if user.id not in self._perm_cache:
                 row = query(
                     """
-                    SELECT banned, read, write, upload, moderator, admin FROM user_permissions
+                    SELECT banned, read, accessible, write, upload, moderator, admin
+                    FROM user_permissions
                     WHERE room = :r AND "user" = :u
                     """,
                     r=self.id,
                     u=user.id,
                 ).first()
                 self._perm_cache[user.id] = [bool(c) for c in row]
 
-            is_banned, can_read, can_write, can_upload, is_mod, is_admin = self._perm_cache[user.id]
+            (
+                is_banned,
+                can_read,
+                can_access,
+                can_write,
+                can_upload,
+                is_mod,
+                is_admin,
+            ) = self._perm_cache[user.id]
 
         if is_admin:
             return True
@@ -424,6 +462,7 @@ def check_permission(
             return False
         return (
             not is_banned
+            and (not accessible or can_access or can_read)
             and (not read or can_read)
             and (not write or can_write)
             and (not upload or can_upload)
@@ -437,6 +476,9 @@ def check_unbanned(self, user: Optional[User]):
     def check_read(self, user: Optional[User] = None):
         return self.check_permission(user, read=True)
 
+    def check_accessible(self, user: Optional[User] = None):
+        return self.check_permission(user, accessible=True)
+
     def check_write(self, user: Optional[User] = None):
         return self.check_permission(user, write=True)
 
@@ -1118,19 +1160,20 @@ def get_bans(self):
 
     def set_permissions(self, user: User, *, mod: User, **perms):
         """
-        Grants or removes read, write, and/or upload permissions to the given user in this room.
-        `mod` must have moderator access in the room.
+        Grants or removes read, accessible, write, and/or upload permissions to the given user in
+        this room.  `mod` must have moderator access in the room.
 
-        Permitted keyword args are: read, write, upload.  Each can be set to True, False, or None to
-        apply an explicit grant, explicit revocation, or return to room defaults, respectively.
-        (That is, None removes the override, if currently present, so that the user permission will
-        use the room default; the others set this user's permission to allowed/disallowed).
+        Permitted keyword args are: read, accessible, write, upload.  Each can be set to True,
+        False, or None to apply an explicit grant, explicit revocation, or return to room defaults,
+        respectively.  (That is, None removes the override, if currently present, so that the user
+        permission will use the room default; the others set this user's permission to
+        allowed/disallowed).
 
         If a permission key is omitted then it will not be changed at all if it already exists, and
         will be NULL if a new permission row is being created.
         """
 
-        perm_types = ('read', 'write', 'upload')
+        perm_types = ('read', 'accessible', 'write', 'upload')
 
         if any(k not in perm_types for k in perms.keys()):
             raise ValueError(f"Room.set_permissions: only {', '.join(perm_types)} may be specified")
@@ -1156,6 +1199,7 @@ def set_permissions(self, user: User, *, mod: User, **perms):
                 r=self.id,
                 u=user.id,
                 read=perms.get('read'),
+                accessible=perms.get('accessible'),
                 write=perms.get('write'),
                 upload=perms.get('upload'),
             )
@@ -1348,6 +1392,7 @@ def get_rooms_with_permission(
     *,
     tokens: Optional[Union[list, tuple]] = None,
     read: Optional[bool] = None,
+    accessible: Optional[bool] = None,
     write: Optional[bool] = None,
     upload: Optional[bool] = None,
     banned: Optional[bool] = None,
@@ -1363,7 +1408,7 @@ def get_rooms_with_permission(
             omitted, all rooms are returned.  Note that rooms are returned sorted by token, *not* in
             the order specified here; duplicates are not returned; nor are entries for non-existent
             tokens.
-    read/write/upload/banned/moderator/admin:
+    read/accessible/write/upload/banned/moderator/admin:
         Any of these that are specified as non-None must match the user's permissions for the room.
         For example `read=True, write=False` would return all rooms where the user has read-only
         access but not rooms in which the user has both or neither read and write permissions.
@@ -1387,6 +1432,8 @@ def get_rooms_with_permission(
         WHERE "user" = :u {'AND token IN :tokens' if tokens else ''}
             {'' if banned is None else ('AND' if banned else 'AND NOT') + ' perm.banned'}
             {'' if read is None else ('AND' if read else 'AND NOT') + ' perm.read'}
+            {'' if accessible is None else ('AND' if accessible else 'AND NOT') +
+                ' (perm.read OR perm.accessible)'}
             {'' if write is None else ('AND' if write else 'AND NOT') + ' perm.write'}
             {'' if upload is None else ('AND' if upload else 'AND NOT') + ' perm.upload'}
             {'' if moderator is None else ('AND' if moderator else 'AND NOT') + ' perm.moderator'}
@@ -1400,15 +1447,15 @@ def get_rooms_with_permission(
     ]
 
 
-def get_readable_rooms(user: Optional[User] = None):
+def get_accessible_rooms(user: Optional[User] = None):
     """
-    Get a list of rooms that a user can access; if user is None then return all publicly readable
+    Get a list of rooms that a user can access; if user is None then return all publicly accessible
     rooms.
     """
     if user is None:
-        result = query("SELECT * FROM rooms WHERE read ORDER BY token")
+        result = query("SELECT * FROM rooms WHERE (read OR accessible) ORDER BY token")
     else:
-        return get_rooms_with_permission(user, read=True, banned=False)
+        return get_rooms_with_permission(user, accessible=True, banned=False)
     return [Room(row) for row in result]