CBG-4345 don't panic if role documents can't be read #7816
+468
−195
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
There was a problem hiding this comment.
Pull Request Overview
This PR addresses panic issues when role documents cannot be read by converting functions that previously panicked into error-returning functions. The changes ensure graceful error handling throughout the authentication and channel access system, particularly when role documents are missing or corrupted.
Key changes:
- Modified authentication functions to return errors instead of panicking when role documents can't be read
- Updated all callers to handle the new error returns
- Added proper error logging and user-friendly error responses
Reviewed Changes
Copilot reviewed 22 out of 22 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| auth/principal.go | Updated interface definitions to return errors for channel access methods |
| auth/user.go | Modified user methods to return errors when role loading fails instead of panicking |
| auth/role.go | Updated role methods to return errors for channel access operations |
| auth/user_collection_access.go | Added error handling to collection-specific channel access methods |
| auth/role_collection_access.go | Updated collection role methods to return errors |
| auth/collection_access.go | Modified interface definitions for collection access to include error returns |
| db/crud.go | Updated MakeUserCtx to handle errors from user channel operations |
| db/changes.go | Added error handling throughout changes feed processing |
| db/design_doc.go | Updated view filtering to handle channel access errors |
| db/functions/function.go | Added error handling for channel authorization in functions |
| db/functions/js_function.go | Updated JavaScript function execution to handle user context errors |
| rest/handler.go | Modified audit logging to handle role retrieval errors gracefully |
| rest/bulk_api.go | Updated bulk operations to handle channel access errors properly |
| rest/admin_api.go | Added error handling to principal marshaling |
| rest/diagnostic_api.go | Updated diagnostic API to handle channel access errors |
| rest/user_api_test.go | Updated tests to handle new error returns |
| rest/role_api_test.go | Modified tests to check for errors in channel operations |
| db/util_testing.go | Added error handling to test utilities |
| db/database_test.go | Updated tests to handle new error signatures |
| auth/user_test.go | Modified tests to check for errors in user operations |
| auth/auth_test.go | Updated authentication tests to handle new error returns |
| auth/collection_access_test.go | Added error checking to collection access tests |
| if availableChannels == nil { | ||
| // TODO: CBG-1948 | ||
| panic("no channels for user?") | ||
| base.AssertfCtx(h.ctx(), "User %q has no channels in handleAllDocs", base.UD(h.user.Name())) |
There was a problem hiding this comment.
The panic replacement uses base.AssertfCtx followed by returning an error. This is inconsistent - either use the assertion (which may panic in debug builds) or return the error, but not both. Consider removing the assertion and only returning the HTTP error.
Suggested change
| base.AssertfCtx(h.ctx(), "User %q has no channels in handleAllDocs", base.UD(h.user.Name())) |
Copilot uses AI. Check for mistakes.
Co-authored-by: Copilot <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
CBG-4345 don't panic if role documents can't be read
This is behind #7814
Pre-review checklist
fmt.Print,log.Print, ...)base.UD(docID),base.MD(dbName))docs/apiDependencies (if applicable)
Integration Tests
GSI=true,xattrs=truehttps://jenkins.sgwdev.com/job/SyncGatewayIntegration/136/