[LFXV2-603] Add authorization model types for past meeting artifacts #65
+70
−1
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Added three new OpenFGA authorization model types to support access control for past meeting artifacts: past_meeting_recording, past_meeting_transcript, and past_meeting_summary. Each type supports three visibility levels: - Public (anyone can view) - All participants (invitees and attendees) - Only hosts Write permissions are limited to organizers from the past meeting. Auditors and writers always have viewer access regardless of visibility settings. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Signed-off-by: Andres Tobon <[email protected]>
|
Note Other AI code review bot(s) detectedCodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review. WalkthroughAdds three new OpenFGA types for past meeting artifacts (recording, transcript, summary) with relations derived from past_meeting and a public viewer rule. Updates the OpenFGA AuthorizationModelRequest major version from 4 to 5 in charts/lfx-platform/templates/openfga/model.yaml. Changes
Sequence Diagram(s)sequenceDiagram
autonumber
actor U as User
participant S as Service/API
participant FGA as OpenFGA
Note over S,FGA: Access check for new artifact types (recording/transcript/summary)
U->>S: Request to view past_meeting_recording:{id}
S->>FGA: Check(user, past_meeting_recording:{id}, viewer)
alt viewer direct public
FGA-->>S: allow (user:* matches)
else derived via writer/auditor
FGA->>FGA: Resolve writer/auditor from past_meeting
FGA-->>S: allow/deny
else participant path
FGA->>FGA: Resolve invitee/attendee from past_meeting
FGA-->>S: allow/deny
end
S-->>U: Permit or Deny
Note over S: Same flow applies to transcript and summary
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Possibly related PRs
Pre-merge checks and finishing touches✅ Passed checks (5 passed)
✨ Finishing touches🧪 Generate unit tests
📜 Recent review detailsConfiguration used: CodeRabbit UI Review profile: CHILL Plan: Pro Disabled knowledge base sources:
📒 Files selected for processing (1)
🧰 Additional context used🧠 Learnings (1)📚 Learning: 2025-08-08T21:57:43.678ZApplied to files:
Comment |
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR adds authorization model types for past meeting artifacts including recordings, transcripts, and summaries. The changes implement three visibility levels (public, participants only, and hosts only) with appropriate access controls for each artifact type.
- Added three new OpenFGA authorization model types:
past_meeting_recording,past_meeting_transcript, andpast_meeting_summary - Implemented consistent access control patterns across all artifact types with viewer, writer, and auditor roles
- Bumped major version from 4 to 5 to reflect the addition of new authorization model types
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
Signed-off-by: Andres Tobon <[email protected]>
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
Disabled knowledge base sources:
- Jira integration is disabled by default for public repositories
You can enable these sources in your CodeRabbit configuration.
📒 Files selected for processing (2)
charts/lfx-platform/Chart.yaml(1 hunks)charts/lfx-platform/templates/openfga/model.yaml(2 hunks)
Changed the viewer relation definition for past_meeting_recording, past_meeting_transcript, and past_meeting_summary types to be managed separately based on visibility settings. The viewer relation now only includes [user:*] by default, with the expectation that the backend service will manage viewer tuples based on the visibility group (public, participants, or hosts only). This simplifies the authorization model and gives the backend more explicit control over who can view artifacts based on the past meeting's visibility settings. Also bumped the patch version from 5.3.1 to 5.3.2. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Signed-off-by: Andres Tobon <[email protected]>
jordane
reviewed
Oct 2, 2025
Updated the viewer relation for all three past meeting artifact types (recording, transcript, summary) to include writers and auditors by default, regardless of visibility settings. This ensures that: - Organizers (writers) can always view artifacts they manage - Auditors can always audit artifacts without restriction - Other viewers are managed separately based on artifact_visibility Also updated comments to clarify that visibility is based on the artifact_visibility setting rather than the general meeting visibility. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Signed-off-by: Andres Tobon <[email protected]>
jordane
reviewed
Oct 2, 2025
Updated comments for all three past meeting artifact types to use consistent terminology referencing "artifact_visibility" instead of mixing "past meeting" and "private" terminology. This makes it clearer that visibility is controlled by the artifact_visibility setting, not the general meeting visibility. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Signed-off-by: Andres Tobon <[email protected]>
…nto andrest50/past-meeting-artifacts
andrest50
force-pushed
the
andrest50/past-meeting-artifacts
branch
from
f3c7ca0 to
7889019
Compare
jordane
approved these changes
Oct 2, 2025
This was referenced Nov 4, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
past_meeting_recording,past_meeting_transcript, andpast_meeting_summaryTicket
LFXV2-603
🤖 Generated with Claude Code