First attempt at effective name for admin mock

[sfrunza13]

Fixes #306 or trying to anyways.

I found that I could not set multiple key value pairs on session to commit it so I made a new cookie instead, curious to see what people think.

[humphd]

Let's fix the User returned in https:/DevelopingSpace/starchart/blob/main/app/models/user.server.ts#L7-L21 and re-use/modify the code in https:/DevelopingSpace/starchart/blob/main/app/models/user.server.ts#L61-L77 to add properties to the User object that indicate if this is an admin.

User.isAdmin

This way we can do the /mycustomdomain(-dev)?-admins/.test(group) stuff to set it on the object.

[sfrunza13]

Is making use of isAdmin when setting effectiveName enough or should I do as you said and make a boolean property on a user for whether they are Admin?

Nvm :) got it

[humphd]

Whatever you do, we need to put it on the User so we can pass that info around. But using isAdmin() like you are is good internally for your needs.

[humphd]

If we don't have a user here, should we throw?

[humphd]

It seems odd to not have a user at this point.

[sfrunza13]

right, I had tried to use getUser() before and this is a relic from that. We should have a user and if we don't I will throw.

[humphd]

Looking better, but I want to see us decorate the user object with more details. The front-end is going to need to know the correct username to use, whether this is an admin, etc via the User we return in https:/DevelopingSpace/starchart/blob/main/app/root.tsx#L34.

Please add this info to that User object so it can get passed around the app.

[sfrunza13]

So it's ok to change the prisma schema for user?

[humphd]

You don't need to change the database, change the object we send back when you query it, same as I do with baseDomain which isn't in the db either.

[humphd]

Throw the effectiveUsername on here too. So we know:

• are you an admin?
• what is your real username? (who are you really)
• what is your current effective username? (which user are you actually pretending to be)

[sfrunza13]

I'm not sure how to do this since my effective user name is currently passed as a cookie from request to request on the header and we don't have access to the header in the getUserByUsername method.

[humphd]

OK, I agree this is the wrong place to do this. Let's do it in the root.tsx loader.

On the server side, we'll read the username/effective username out of session. On client, we'll send it with the root on the loader.

[sfrunza13]

So for client to use it I would make a utils method using useMathcesData() like we have for user?

[humphd]

The client would get it from the loader, which can access the request and also the db, and put all the data on the User object we return in root.tsx.

[humphd]

Question: if both getEffectiveName and getUser both require request, can you not return the effectiveUsername on the result of getUser (i.e., you could do this internally in getUser)?

[humphd]

getEffectiveUsername

[humphd]

Also, change all effectiveName uses everywhere to effectiveUsername

[humphd]

Testing this locally, here is what I get on the client:

{
  "username": "user1",
  "displayName": "Johannes Kepler",
  "email": "[email protected]",
  "group": "mycustomdomain-faculty",
  "createdAt": "2023-03-28T17:18:24.557Z",
  "updatedAt": "2023-03-28T17:18:24.557Z",
  "deactivated": false,
  "baseDomain": "user1.starchart.com",
  "isAdmin": {},
  "effectiveUsername": null
}

According to the type of User, the effectiveUsername is string, but here we get null. Should we set the effectiveUsername to be the same as username if it's not set (e.g., regular user)?

Next, the isAdmin is an Object vs. a boolean.

[humphd]

if (user?.isAdmin) {
  return user;
}
throw redirect('/');

[humphd]

I think this should be:

useEffectiveUsername()

The user object will be identical. It's just that we're going to use this hook to get the specific "username" that the current user is using, which will either be:

1. user.effectiveUsername if the cookie is set and we're using someone else's username
2. user.username if the cookie is not set and we're using our own username

export async function useEffectiveUsername(): User['username'] {
  // The user must be logged in to call this.  Use `useOptionalUser()` if you're not sure
  const { username, effectiveUsername } = useUser();
 
  // Your username is either your real username, or the username you are temporarily using as an admin 
  return effectiveUsername || username;
}

[sfrunza13]

I'm not sure how to go about this still, I have replaced what I had with what is suggested and it works for when we display it like on header instead of rendering a property of the user object I just render the effective username but we would have to have a different effective user object for the use of baseDomain for example. Or we could change how the method works so that getUserByUsername checks whether isAdmin and a non-empty effective username exist together and if that is the case will instead use the effectiveUsername when building domain. On second thought idk if this is possible because I don't think we have the extended User object in there since that is where we extend it in the first place. Maybe we just need to retrieve another effective user object like I was trying to do earlier?

[humphd]

The type here should be User['username'] so it matches what username is when we pass it around.

[humphd]

Let's return this like so:

return effictiveUsername as User['username'];

And you can drop the return type on the function.

[humphd]

When the property name and value are the same, just use it once:

return { ...user, effectiveUsername };

[humphd]

if (!username) {

[humphd]

Question: if we're going to have a user and an effectiveUser (two different objects), is there any point having this value on the User type now? Should both user and effectiveUser be of type User?

[sfrunza13]

I don't think we do need it since everything kind of comes from the cookie now, is there a better way of doing this than with the cookie? Maybe keeping track of it on this property we are thinking about removing, but this is dynamically appended every time we load same as baseDomain so that does not make sense. Anyways, I am ok with removing it I think.

[sfrunza13]

Honestly it's kind of hard keeping track of stuff, and this isn't a big change either 😅

[humphd]

I would move your comment from User to this, so it explains what this is vs. user

[humphd]

Can we remove this?

[humphd]

Can you format this differently?

user: await getUser(request),

/**
 * effictiveUser: ...
 * ...
 * ...
 */
effectiveUser: await ...

Also, effectiveUser vs. effectiveUsername.

[humphd]

You can drop this comment

[humphd]

I think this is right.

In a follow-up, we should add/update e2e tests for this stuff.

Does anything call useUser() now, or is it all useEffectiveUser()? Maybe the header will do it when an admin logs in and we want to show different usernames?

We should also file an issue to hook up the isAdmin stuff to the /admin route.

[sfrunza13]

Everything calls useEffectiveUser, if there is no effectiveUsername it will call getUser() in session server. As it stands there is no call to useUser(). I think we may be able to take it out of the root loader.

[humphd]

Everything calls useEffectiveUser, if there is no effectiveUsername it will call getUser() in session server. As it stands there is no call to useUser(). I think we may be able to take it out of the root loader.

OK, thanks for confirming. I think we'll still want it to show that an admin is impersonating another user, but probably in no other cases.

[humphd]

@sfrunza13 can you rebase and fix this conflict? Then we can get this in too!

[sfrunza13]

yes, I will do this

[humphd]

Run these at the same time:

const [username, effectiveUsername] = await Promise.all([getUsername(request), getEffectiveUsername(request)]);

[humphd]

It makes me nervous that effectiveUsername could be ''. When could this happen and why? Can we avoid that?

[sfrunza13]

This was what I remembered from our discussion, admins would have an empty effectiveUsername until they select one

[humphd]

Can "empty" be undefined vs ''?

[humphd]

I might update this wording slightly:

// if the user doesn't have an effective username, we're using their normal username (not impersonating)

[humphd]

Here you use getUser() and in 69 you use getUserByUsername(). Can we use the same path in both cases? Not critical, but it feels odd that we have different code paths.

[humphd]

Same comment as above, run at same time.

[humphd]

Also, please squash this down into 1 commit at this point.

[humphd]

This is great, thanks for persevering through the many reviews. I've left 2 final updates, and this is R+ from me.

[humphd]

nit: you can use name?: string to mean "this is a string or undefined".

[humphd]

Should name really be called effectiveUsername? I think using name is ambiguous.

[sfrunza13]

The above was some misclicks