Fix: Add form validation when removing permissions

[rumzledz]

Description

Note

This PR is meant for actions made via the Permissions Decision Method
There are master bugs related to the Reputation Decision Method which are present on this PR and they will be dealt with separately
Multi-Sig will be dealt with separately

Removing Root permissions from someone in a Parent domain

Removing permissions from someone in a subdomain

Testing

Important

• Make sure you have at least 2 Owners in your Colony's Parent domain because if you accidentally remove Root permissions from the only Owner in your Colony, you'll have to restart your env again
• Give Fry the much coveted Owner permissions in team General
• Give alex-the-ace the Payer permissions in team General
• Give Amy the Admin permissions in team Andromeda
• Give diana-dynamo these Custom permissions in team General
  • Administration
  • Arbitration
• Give eddy-edge these Custom permissions in Serenity
  • Architecture
  • Arbitration

Note

• The Redo action is now disabled for actions that have explicitly removed permissions from a user
• When removing Root permissions from someone in a parent domain, we will now notify the user of the consequences and have them acknowledge our message before they can submit the form
• Toggles for inherited permissions are now disabled

1. Selecting Remove Permissions for a member who has permissions for the selected team (Fry)

Step	Expected Result
Set up the following fields - Team: General - Member: Fry - Permissions: Remove permissions:	You should not see an error message

2. Selecting Remove Permissions for a member who does not have permissions for the selected team (jasmine-jolt)

Step	Expected Result
Set up the following fields - Team: General - Member: jasmine-jolt - Permissions: Remove permissions:	Error message: "Member does not have permissions in this team"

3. Checking that the Remove permission option persists when changing the Team & Member fields (Fry)

Step	Expected Result
1. Set up the following fields - Team: General - Member: Fry - Permissions: Remove permissions:
2. Set the Team field to Andromeda	The Permissions field should still be set to Remove permissions
3. Set the Member field to Leela	The Permissions field should still be set to Remove permissions

4. Removing permissions from someone who has inherited permissions from the Parent domain (Fry)

Step	Expected Result
1. Set up the following fields - Team: Andromeda - Member: Fry - Permissions: Remove permissions:	Error message: "Permissions inherited from a parent team, select the parent team to remove permissions."

5. Upgrading a user's role, when the user has an inherited role (alex-the-ace)

Step	Expected Result
1. Set up the following fields - Team: Andromeda - Member: alex-the-ace - Permissions: Admin	Error message: "This member already has Payer permissions inherited from a parent team. You can select the Custom permission type and enable the Architecture permission to have the required permissions in this team."

6. Downgrading a user's role, when the user has an inherited role (alex-the-ace)

Step	Expected Result
1. Set up the following fields - Team: Andromeda - Member: alex-the-ace - Permissions: Mod:	Error message: "Permissions inherited from a parent team, select the parent team to remove permissions."

7. Applying the same inherited role for a user (alex-the-ace)

Step	Expected Result
1. Set up the following fields - Team: Andromeda - Member: alex-the-ace - Permissions: Payer:	Error message: "This member already has Payer permissions inherited from the parent team"

8. Upgrading a user's role, when the user has inherited Custom permissions (diana-dynamo)

Step	Expected Result
1. Set up the following fields - Team: Andromeda - Member: diana-dynamo - Permissions: Admin	Error message: "This member already has Custom (Arbitration and Administration) permissions inherited from a parent team. You can select the Custom permission type and enable the Architecture and Funding permissions to have the required permissions in this team."

9. Downgrading a user's role, when the user has inherited Custom permissions (diana-dynamo)

Step	Expected Result
1. Set up the following fields - Team: Andromeda - Member: diana-dynamo - Permissions: Mod:	Error message: "Permissions inherited from a parent team, select the parent team to remove permissions."

10. Applying the same inherited permissions for a user (diana-dynamo)

Step	Expected Result
1. Set up the following fields - Team: Andromeda - Member: diana-dynamo - Permissions: Custom:
2. Submit the form	Error message: "This member already has these custom permissions inherited from the parent team"

11. Checking if the inherited permission toggles are disabled (diana-dynamo)

Step	Expected Result
1. Set up the following fields - Team: Andromeda - Member: diana-dynamo - Permissions: Custom:
2. Hover over the Administration and Arbitration toggles	You should see a tooltip that says: "Permission already inherited from a parent team"
3. Click the Administration and Arbitration toggles	Nothing should happen as they are disabled

12. Removing Root permissions from someone who does not have inherited permissions from a Parent domain (Amy)

Step	Expected Result
1. Set up the following fields - Team: Andromeda - Member: Amy - Permissions: Remove permissions:	You should see a table with the following UI - it's basically the bullet-pointed list of Colony actions pertinent to the user's Role, in this case it's Admin - The table body copy should say "Removal of the following Colony actions" - The table header should say "Remove {role} type"
2. Fill in all other required fields
3. Submit the form	You should see a table with the following UI - The Redo action button should not be available - You should see the same table UI as you did prior to submission

13. Removing Root permissions from someone in a Parent domain (Fry)

Step	Expected Result
1. Set up the following fields - Team: General - Member: Fry - Permissions: Custom permissions:
2. Fill in all other required fields
3. In the Custom Permissions table, toggle off Root
4. Submit the form	You should see the following Modal: - You should not be able to click the "Update permissions" button
5. Close the modal
6. Set the Permissions field to Remove permissions
7. Submit the form	You should see the following Modal: - You should not be able to click the "Update permissions" button
8. Set the Permissions field to Admin
9 Submit the form	You should see the following Modal: - You should not be able to click the "Update permissions" button - Basically, you should see the permissions you will lose, in this case, downgrading to Admin permissions will take away your Root & Recover permissions
8. Tick the "I understand the risk and want to remove Root permissions" checkbox	The Update permissions button should now be enabled
9. Click the Update permissions button	The modal closes and the form is submitted

14. Upgrading Custom permissions to a Role (diana-dynamo)

Step	Expected Result
1. Set up the following fields - Team: Andromeda - Member: diana-dynamo - Permissions: Custom - Toggle on Funding	The copy underneath the Action title should say "Assign Payer permissions for diana-dynamo in Andromeda by leela"
2. Submit the form
3. Redo the action
4. Wait for the Action form to come up	The permissions field should say "Payer"
5. Submit the form	Error message: "This member already has these permissions" This should not say inherited anymore since the Custom Permissions are customised on Team Andromeda
6. Set the Permissions field to Custom	- Error message: "This member already has these permissions" - The Administration & Arbitration toggles are still disabled because these are inherited from the Parent domain - The Funding toggle is switched on and it should be editable - The Architecture toggle is switched off but you should be able to edit it
7. Set the Team field to Serenity	Error message: "This member already has these custom permissions inherited from the parent team" Which makes sense because the Custom Permissions for this domain are left untouched and are the same as the Parent domain

15. Checking the disabled state of Permissions toggles in the Completed Action component (eddy-edge)

Step	Expected Result
1. Set up the following fields - Team: Serenity - Member: eddy-edge - Permissions: Custom:
2. Switch off the Architecture toggle
3. Submit the form	- On the Completed Action component, you should only see Arbitration switched on - Even though the Arbitration toggle is disabled, verify that it is not greyed out

Diffs

Changes 🏗

• Exposed the Action Form's Primary button props via getFormOptions
• There's a mixture of references to Colony Roles, most notably "roles" or "permissions". In this PR, I have decided to refer to Colony Roles as "Permissions" to help differentiate it from a User Role which is our syntactic sugar to describe a set of permissions
• With the Manage Permissions form, we have a couple of instances where we have to reference a user's role from a DB along with the current role that's selected on the form. So I decided to prepend role/permissions-related variables with either "db" or "form" to differentiate their source I believe this helps with the readability.

Resolves #2339, #2241 and #2755

[arrenv]

@rumzledz Great work on this, I appreciate your hard work and for working through the cases.

Everything seems to work as expected, in which the warning and confirmation modal appears in the situation whenever the Root permission is removed.

My only request would be to close down the modal on clicking the confirmation. That way we return to the action panel, and users can access their Userhub without having to have it float over the top.

[rumzledz]

@iamsamgibbs all right after speaking with Arren, here's the new issue as promised #3083. It comes with its own complexities as an edge case so as discussed, it will be dealt with separately 👌

[iamsamgibbs]

Nice job!

One small issue with testing step 6. This might be better to address as a separate PR for the sake of getting this merged. The error message appears as expected, but disappears when changing any other field.

Screen.Recording.2024-09-17.at.14.33.51.mov

Otherwise I think we are maybe good?!

Proof of testing

Step 1:

Step 2:

Step 3:
No screenshot

Step 4:

Step 5:

Step 6:
Has an issue

Step 7:

Step 8:

Step 9:

Step 10:

Step 11:

Step 12:

Step 13:

Step 14:

[rdig]

So codewise this is all good. You deserve praise for just having to deal with this mess of components.

I've ran the setup phase, as well as all the test steps, but cannot replicate test steps: 10, 12, 13 and 15

I suspect their parameters changed through all the subsequent changes you've made to the PR and the description was not updated.

If that's the case, just let me know, and I'll re-run those steps with the new instructions.

Setup phase:

Test 1:

Test 2:

Test 3:

Test 4:

Test 5:

Test 6:

Test 7:

Test 8:

Test 9:

Test 10:

Cannot replicate!: No error message shows up

Test 11:

Test 12:

Cannot replicate!: Getting an error, preventing me from submitting the form

Test 13:

Cannot replicate!: I was able to submit the form / modal

Test 14:

Test 15:

Cannot replicate: Cannot switch off the Architecture toggle

[Nortsova]

It seems that this PR is also fixing this #3382 and #3344

Here it testing steps:

Redo Manage permission action #3344

Step	Expected Result
1. Open any Manage permissions action that was created
2. Press "Redo"
3. Update "Member"	You should see that "Role" filed is empty or Role from database now
4. Select role
5. Update "Team"	You should see that "Role" filed is empty or Role from database now
6. Select role and submit	You should be able to submit the form without error:

Redo Manage permission action Multi-sig #3382

Step	Expected Result
1. Install Multi-sig extension
2. Open Manage permissions form
3. Set up the following fields - Team: Andromeda - Member: alex-the-ace - Permissions: Admin
4. Submit form
5. Press "Redo" and try to change "Authority" field	You should be able to do that and Role should be selected for specific member, team from database:

[Nortsova]

Great job @rumzledz 🌟 Enormous amount of work done ✅

Here is a small bug that I found, for some reason, if I select Multi-sig permission I don't see "Mod" role:

Let's rebase and maybe that will fix this

[rumzledz]

Hey @rdig! I forgot to mention that I retested steps 10, 12, 13 & 15 yesterday before rebasing and I was able to do them. I've rebased yesterday, retested and I'm still able to do them. Hopefully you'll be able to see it working again when you retest 🤞

[iamsamgibbs]

Great job dealing with all of this @rumzledz ! Let's get it merged!

The only weird behaviour I've noticed is the validation on the permissions field disappearing when the title is updated, but I think this can be addressed as a separate issue.

weird.behaviour.mov

I did a tiny bit of multi-sig testing and it seems like there are no issues there:

Screen.Recording.2024-10-25.at.13.27.55.mov

I did screenshot and record all of the testing steps, but I won't dump them all here as it'll end up as a huge reply, but all the testing steps work as expected.

Great job! I can't believe this form will finally be fixed forever once this is merged and there will never be another issue with it again! :)