Skip to content

Comments

feat(eval): implement sysadmin eval permissions#884

Merged
electron271 merged 3 commits intomainfrom
eval
Jun 3, 2025
Merged

feat(eval): implement sysadmin eval permissions#884
electron271 merged 3 commits intomainfrom
eval

Conversation

@electron271
Copy link
Member

@electron271 electron271 commented Jun 3, 2025
edited by sourcery-ai bot
Loading

guh

Summary by Sourcery

Implement configurable sysadmin permissions for the eval command, allowing or disallowing sysadmins to execute eval based on a new setting and providing clear warnings at startup and on unauthorized use.

New Features:

  • Add ALLOW_SYSADMINS_EVAL configuration flag to control sysadmin eval access.

Enhancements:

  • Initialize bot owner IDs dynamically to include sysadmins when allowed and emit startup warnings accordingly.
  • Refine eval permission check to handle sysadmins separately and provide distinct feedback messages.

Documentation:

  • Update settings.yml.example to document the new ALLOW_SYSADMINS_EVAL option.

@electron271 electron271 requested a review from Copilot June 3, 2025 04:27
@electron271 electron271 self-assigned this Jun 3, 2025
@sourcery-ai
Copy link
Contributor

sourcery-ai bot commented Jun 3, 2025
edited
Loading

Reviewer's Guide

This PR introduces a new ALLOW_SYSADMINS_EVAL config flag and updates both the bot startup logic and the eval command to grant or deny sysadmin eval permissions based on that flag.

Sequence Diagram: Bot Startup Owner ID Configuration

sequenceDiagram
    participant AppStartup
    participant CONFIG
    participant TuxBot

    AppStartup->>AppStartup: Bot starting...
    AppStartup->>CONFIG: Get BOT_OWNER_ID
    CONFIG-->>AppStartup: bot_owner_id
    AppStartup->>AppStartup: owner_ids = {bot_owner_id}
    AppStartup->>CONFIG: Get ALLOW_SYSADMINS_EVAL
    CONFIG-->>AppStartup: allow_sysadmins_eval_flag
    alt allow_sysadmins_eval_flag is true
        AppStartup->>CONFIG: Get SYSADMIN_IDS
        CONFIG-->>AppStartup: sysadmin_ids_list
        AppStartup->>AppStartup: owner_ids.update(sysadmin_ids_list)
        AppStartup->>AppStartup: Log warning (Sysadmins can use eval)
    else allow_sysadmins_eval_flag is false
        AppStartup->>AppStartup: Log warning (Sysadmins cannot use eval)
    end
    AppStartup->>TuxBot: Initialize with dynamic owner_ids
Loading

Class Diagram: Update to Config Class

classDiagram
    class Config {
        +BOT_OWNER_ID: int
        +SYSADMIN_IDS: list[int]
        +ALLOW_SYSADMINS_EVAL: bool
        +DEFAULT_PROD_PREFIX: str
    }
Loading

File-Level Changes

Change Details Files
Add ALLOW_SYSADMINS_EVAL to configuration
  • Define ALLOW_SYSADMINS_EVAL in Config class
  • Extend example settings.yml with the new flag
 tux/utils/config.py
config/settings.yml.example
Make owner_ids dynamic according to ALLOW_SYSADMINS_EVAL
  • Build owner_ids set from BOT_OWNER_ID and optionally SYSADMIN_IDS
  • Log a warning when sysadmin evals are enabled or disabled
  • Pass the computed owner_ids into Tux initialization
 tux/app.py
Enforce sysadmin eval permissions in the eval command
  • Check for CONFIG.ALLOW_SYSADMINS_EVAL before allowing sysadmins to eval
  • Send distinct warning and messages when sysadmins are blocked
  • Update log text to mention sysadmins alongside owners
 tux/cogs/admin/eval.py
Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

Copilot AI reviewed Jun 3, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR implements sysadmin eval permissions, enabling sysadmins to execute eval commands conditionally based on a new configuration flag.

  • Introduces a new configuration flag (ALLOW_SYSADMINS_EVAL) in the configuration file.
  • Updates the eval command logic in the admin cog to handle sysadmin permissions.
  • Adjusts the bot startup procedure to include sysadmin IDs as owners when allowed and updates the example settings with detailed instructions.

Reviewed Changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

File Description
tux/utils/config.py Added ALLOW_SYSADMINS_EVAL config entry for toggling eval usage.
tux/cogs/admin/eval.py Modified eval command to check sysadmin permissions based on config.
tux/app.py Updated owner_ids initialization by including sysadmin IDs conditionally.
config/settings.yml.example Updated documentation with warnings and instructions about sysadmin eval usage.

sourcery-ai[bot]
sourcery-ai bot reviewed Jun 3, 2025
View reviewed changes
Copy link
Contributor

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @electron271 - I've reviewed your changes and found some issues that need to be addressed.

Blocking issues:

  • ephemeral flag isn't supported on standard prefix command context.send (link)
Here's what I looked at during the review
  • 🔴 General issues: 1 blocking issue, 2 other issues
  • 🟢 Security: all looks good
  • 🟢 Testing: all looks good
  • 🟢 Complexity: all looks good
  • 🟢 Documentation: all looks good
Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

@cloudflare-workers-and-pages
Copy link

cloudflare-workers-and-pages bot commented Jun 3, 2025

Deploying tux with  Cloudflare Pages  Cloudflare Pages

Latest commit: aa96f49
Status: ✅  Deploy successful!
Preview URL: https://249f65d6.tux-afh.pages.dev
Branch Preview URL: https://eval.tux-afh.pages.dev

View logs

@electron271 electron271 merged commit 566b2ec into main Jun 3, 2025
9 checks passed
@electron271 electron271 deleted the eval branch June 3, 2025 04:32
@sentry
Copy link

sentry bot commented Jun 3, 2025

Suspect Issues

This pull request was deployed and Sentry observed the following issues:

  • ‼️ KeyError: 'ALLOW_SYSADMINS_EVAL' CogLoader Setup View Issue

Did you find this useful? React with a 👍 or 👎

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sourcery-ai sourcery-ai[bot] sourcery-ai[bot] left review comments

Copilot code review Copilot Copilot left review comments

Assignees

@electron271 electron271

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@electron271