Refactored groupPermissions

[kurtisassad]

Link to Issue

Closes: #7951

Description of Changes

• Removes Topics.group_ids, and migrates them to a unique GroupPermission record
• Refactors all application code to use the new model. On the backend this includes create_group, update_group, delete_group, as well as the unused CreateGroup.command.ts.
• Refactors front end to use the new fine grained permissions model to gate UI features.

Test Plan

• Turn the Users.isAdmin on for your account for a community

• Create a group with some member on the allowlist

• Update this group, make sure it works. Delete this group, make sure it works.

• Re-add the group, ensure it is associated with at least one topic. Make yourself not a User.isAdmin. Now try creating a thread/commenting/reacting on a thread with a specific topic that is part of the group. You should be gated from performing these actions.

• Check the gating on the /discussions, /discusssion/[thread-id], and /new/discussion pages. When gated it should look like the following (Depending on the forum actions gated and the specific topics gated for):

Discussions page:

Discussion page:

Create thread page:

Overview page:

[masvelio]

FE code looks good to me

[timolegros]

Good work. Would like to remove the unknown type casts and optimize queries where possible. Will run through test plan after comments are handled.

Why is the column removal not included in the migration?

[timolegros]

bulkInsert?

[kurtisassad]

bulkInsert won't work here because we have an array of enums, but we need to specify the field as a string[] in sequelize otherwise the tests will fail when trying to sync. As a result Sequelize tries to cast them into an array of strings which sql complains about.

[timolegros]

I don't exactly understand but is this not something we can work-around with type assertions? Also, this is already a raw query so we should be able to just prepare all the values at once (and not use bulkInsert). A nested for-loop query is a bad idea.

[mzparacha]

Found a bug with group updates

1. Create a group with no members in allow list (adds requirement that allow some existing users)
2. Now verify you have some community members who are part of that group
3. Update that group and add some members to allow list
4. Now notice in the /members page when you filter by that specific group, only the member added in the allow list is displayed, and other members aren't (you'd have to rebase master to test the filter on /members as it got changes in Fix UI issues with community members page #8471)

Screen.Recording.2024-08-06.at.7.18.44.PM.mov

[rbennettcw]

Some small comments. Lmk when tests/conflicts are fixed and I'll test locally.

[rbennettcw]

The addition of the useForumActionGated hook is awesome to help simplify FE code. The canPerformAction call seems a bit redundant though– I think that should be called within the hook and return the result from the hook.

[kurtisassad]

Good catch, I will merge this into the useForumActionGated

[rbennettcw]

We should always use a type for raw queries, e.g. models.sequelize.query<GroupPermissionInstance>(...), then there's no need to cast the type later.

Also, I think wildcards * should be avoided. It's easier to write but tricker to debug due to lack of transparency.

[rbennettcw]

No need to await if you're returning a promise. It'll resolve either way. Also, if setting the type on the query, this would simply become return Promise.all(upsertPromises)

[timolegros]

return await and return Promise... are not the same and I think return await is recommended now:
https://github.com/goldbergyoni/nodebestpractices/blob/master/sections/errorhandling/returningpromises.md

[masvelio]

@kurtisassad any chance to make this PR mergable? Otherwise, let's close it to clean up the PR list