◐ Shell
clean mode source ↗

feat: add chat ACL database foundation by DanielleMaywood · Pull Request #25080 · coder/coder

github-actions

Clean decomposition of a database foundation for chat ACL sharing. The schema design is sound: JSONB ACL columns on the chats table, CHECK constraints to enforce the root-only ACL invariant, and a view to resolve inheritance for child chats. The selective application of the view CTE (only to queries that can return child chats) shows good understanding of the inheritance model. Pattern reuse from WorkspaceACL is appropriate given the existing RBAC infrastructure.

1 P2, 5 P3, 3 nits, 2 P4, 1 note. The P2 is test coverage for the view's COALESCE inheritance logic, which is the core deliverable of this PR. The P3s are a mix of design awareness (ForUpdate ACL mismatch, missing view CTE on GetActiveChatsByAgentID), latent type safety (Value() nil marshaling), and untested constraints.

Several reviewers noted that the explicit 30-column enumeration in the view creates a maintenance coupling: every future column addition to chats requires a DROP/recreate migration for the view. This is inherent to PostgreSQL views with COALESCE overrides and will surface as a sqlc codegen failure, so the breakage is compile-time.

"A split-personality Chat struct where the data depends on the query that produced it, with no signal to the consumer." (Hisoka)

coderd/database/queries/chats.sql:1463

P3 [DEREM-6] GetActiveChatsByAgentID reads from the raw chats table without the chats_with_effective_acl view CTE. The query has no parent_chat_id IS NULL filter, so it can return child chats with empty ACLs instead of inherited ones.

Three other read queries (GetChatByID, GetChildChatsByParentIDs, GetChatsByWorkspaceIDs) were upgraded in this PR to use the view. This one was missed. The dbauthz wrapper uses fetchWithPostFilter, which will run RBAC checks against the returned Chat objects. When ACL enforcement arrives, child chats from this query will appear to have zero grants.

Fix: add the same WITH chats AS (SELECT * FROM chats_with_effective_acl) CTE. (Meruem)

🤖

🤖 This review was automatically generated with Coder Agents.