Refactor Backend: Merge UserSQL and User

[fm3]

URL of deployed dev instance (used for testing):

• https://refactorbackenduser.webknossos.xyz

Steps to test:

• set up wK with multiple user accounts (try registration form also)
• check that rights/team management still works
• click around, general testing
• user viewport/dataset settings should work (be saved, loaded again after refresh)
• create some tasks, trace some, download project

Issues:

• contributes to Reduce redundant layers of indirection in Backend (SQLDAO / DAO etc) #2521

---

• [ ] Updated changelog
• [ ] Updated migration guide if applicable
• Ready for review

[jstriebel]

This purely waits for the future and checks that it is not None, right? Seems to be the correct refactoring, still wondering what this line does.

[fm3]

This is about functions that return Fox[Boolean]. At several locations, we want to check such booleans which we can only get packed in a Fox. One previous method to deal with that by creating helper functions for each, such as assertTeamManagerOrAdminOf, which unpacks the Fox returned by isTeamManagerOrAdminOf, and then checks the content of that boolean, by casting it to a new Fox via bool2fox. In this PR the number of these helper functions would have increased, so I refactored this into the helper function Fox.assertBoolean. It returns Fox[Unit], which is successful only when the original function returns `Fox.successful(true)´.

[jstriebel]

Ah, ok. How about renaming it to Fox.assertTrue?

[jstriebel]

just out of curiosity: why did you switch here to the for syntax?

[fm3]

userConfigurationStructured now returns a Fox instead of the content directly (this is a common change in this PR). I tend to get confused with nested flatMaps, which would have now been necessary here.

[jstriebel]

got it, thanks 👍

[jstriebel]

Nice 👍

I just reviewed the first files (in the github order), until DataSetController.scala. Let's clarify those things first :-)

[jstriebel]

This seems to be more than a refactoring. If I understand it correctly, this used to be cached in the UserCache, not sure if it was used from there.

And for my understanding: findOneForUserAndDataset comes from slick now, right?

[fm3]

Correct observation, I did not consider that this is now bypassing the Cache. However, I believe that it is not problematic. This configuration is requested via a separate route (not part of the user json) and that route is requested far less often. Also, the UserCache’s cache invalidation should provide that there is not actually a change in behavior (albeit maybe a tiny one in performance)

[jstriebel]

Fine for me 👍

[jstriebel]

Does assertBoolean actually assert it's true? It looks like it should, but it doesn't sound like it does.

[fm3]

I sure hope it does (see above)

[jstriebel]

Could we just use ensureTeamAdministration instead?

[fm3]

Yes, will do.

[fm3]

or not, since this is not team-specific (kind of a special case, all teammanagers are allowed to do this, no matter which team they are in). But I did this replacement in another instance.

[jstriebel]

also here, why the for syntax?

[fm3]

isEditableBy is now also returning a Fox, so the alternative to the for-yield would have been a map of some kind, and I find the for easier to read

[jstriebel]

❤️

[fm3]

filter.applyOn is now also asynchronous so the result has to be unpacked, which is what this line does :)

[jstriebel]

Why not stay with the new ensureTeamAdministration? Seems to be equivalent.

[fm3]

Yes, will do.
(the explanation is that I first wanted to remove the ensureTeamAdministration entirely because I found it a little superfluos and the name a little confusing, but then I saw that it was used in so many places that I stopped removing it. Also, I guess does help reduce clutter a little bit)

[jstriebel]

I think we have this pattern quite often, should we extract this at some point? (Not part of this PR, though.)

[jstriebel]

implicit request =>
for {
  …
  js <- something.publicWrites(request.identity)
} yield Ok(userJs)

[jstriebel]

see #2942

[jstriebel]

Still not done with the review, but have some more questions and proposals.

[jstriebel]

How was isEditableBy actually checked? Did this happen via the ?~>? I thought that was only checking that the option is defined, but not the packed boolean.

[fm3]

good catch, needs Fox.assertTrue. The ?~> just adds the failure message

[jstriebel]

This is now done via the assertBoolean, right? We had the same thing in multiple places, so probably users were able to do actually to much. So we might now forbid things that were working before (wrongly). Let's maybe discuss that later in person.

[fm3]

previously, isEditableBy just returned a boolean (which could be checked without the assertBoolean) – but now the signature has changed, so the way we check it needs to change too, in order to preserve the behavior

[jstriebel]

I wasn't aware of the implicit conversion, see #2941.

Let's double check all the changes where user.isEditableBy was used before, if they have assertBoolean/assertTrue.

[jstriebel]

+1 for extracting validateJson

[jstriebel]

Why is the includeAnonymous Filter removed?

[fm3]

the backend does not support anonymous users anymore (was for amazon mturk users).

[jstriebel]

Why not keep findOneById? I think we use it quite often.

[jstriebel]

Also unpacking with the Messages("user.notFound") should be possible in an abstract findOneById, maybe having a match expression switching the message-identifier.

[fm3]

Not sure I understand you here. UserSQLDAO replaces UserDAO here. The findOne methods everywhere expect an ObjectId, which is why there is no explicit “byId” in the name. The “user.notFound” failure message is added here since the SQLDAOs have more specific database-related failure messages

[jstriebel]

👍 , see #2940

[jstriebel]

What exactly is flattened here? Could we use async to circumvent those (for {} yield { for {} yield x }).flatten patterns?

[fm3]

the outer for-yield returns a Fox, with the content taken from the yield block.
that content, in this case, is itself a Fox.
Hence, the Fox[Fox[ObjectId]] is flattened to Fox[ObjectId].
I haven’t yet tried scala-async, and I’m a bit sceptical of it, especially in combination with Foxes, but maybe that is something we can explore in the future

[jstriebel]

This syntax is not very intuitive to me. Having something like the following would be awesome (in my opinion, of course):

async def assertCouldBeAdministratedBy(user: UserSQL) = 
  if (await couldBeAdministratedBy(user))
    Success()
  else {
    // not sure with the syntax here, but something like
    throw Messages("notAllowed")
    Failure()
  }

a) What is your opinion about this, @fm3 ?
b) Is something similar possible?

[jstriebel]

(having the bool2fox conversion explicitely would help to make it clearer, but I still find an if statement appropriate)

[fm3]

should be Fox.assertTrue(team.couldBeAdministratedBy(user)) ?~> Messages("notAllowed"). will change.

[jstriebel]

👍

[jstriebel]

Why now !activated? Probably the attribute name would help here.

[jstriebel]

I guess you forgot to exchange all calls to logTime to logTimeIfNeeded. This would also be fine as an inner function, I guess.

[fm3]

actually, there are no calls to logTime or to logTimeIfNeeded. We don’t log time to BrainTracing anymore, haven’t been doing that for severall months (instead they fetch time via our API now). I’m removing that functionality in #2939

[jstriebel]

👍

[jstriebel]

@fm3 Did you double check to change all register calls to registerIfNeeded? Also here, maybe just use an inner function, if the new register should actually not be called.

[fm3]

I made register private, forbidding external calls to it

[jstriebel]

True, didn't notice this!

[jstriebel]

isAdminOf(otherUser._organization) would be the same and more precise

[jstriebel]

yield teamManagerTeamIds.nonEmpty || isAdminOf(_organization)

[jstriebel]

Also, use isTeamManagerInOrg(_organization) should be used, so I guess it's just

isTeamManagerInOrg(_organization) || isAdminOf(_organization)

[jstriebel]

… || isAdminOf(team._organization)

[jstriebel]

Awesome PR! I went through it now once. I list the requested changes here just to have an overview:

• Fox.assertBoolean -> Fox.assertTrue
• use ensureTeamAdministration when possible
• double check old user.isEditableBy usages for assertBoolean/assertTrue
• use Fox.assertTrue(team.couldBeAdministratedBy(user)) ?~> Messages("notAllowed") around line 152 of Team.scala
• merge in removal of logTimeIfNeeded/logTime from organization-specific newUserMailingList and overTimeMailingList #2939
• refactor isManager/… in User.scala

The only open question from my side is the comment

• Why now !activated? Probably the attribute name would help here.

👓

[fm3]

Thanks a lot! I will incorporate your feedback!
the negation in !activated was previously done within the UserDAO (which is now gone) – the field name is isDeactivated – I will explicitly add the name in the call.

[jstriebel]

@fm3 : I think the change in Team.scala is missing, but besides that LGTM! Let's merge #2939 (on Monday?) first and with that remove logTime/logTimeIfNeeded. Then this is ready 🚢

[jstriebel]

🚢