Improve permissions checking/handling (#61)

* Initial work

* Support parsing user permissions from the API

* Ignore Sentry events in debug builds

Fixes #59

* A lot of work on permissions enforcement

* Work on insufficient permissions composable

* Add required permissions dialog

* Finish up permissions improvements

* Fully implement permissions error alert
* Callout UI work
* Warning callout if you can't see hidden teams

* Detekt style fixes, remove TODOs

* Style

* Add Detekt to concourse PR pipeline steps

* Fix detekt-check inputs

* Fix run-detekt task input/output mapping

* Fix path

* Minor copy edit

* Add release management info to readme

* Flesh out release management instructions

* Address review comments

* hopefully maybe fix callout padding

* Increase overall padding on missing teams callout

* Style

* Add detekt to build-main job

Co-authored-by: Evan Strat <[email protected]>

Author: evan10s

README.md

@@ -75,7 +75,7 @@ Detekt is used for linting Kotlin code.  The recommended command to run it is
 
 _(Windows)_
 ```bash
-gradlew detektAll -PdetektAutoFix=true
+./gradlew detektAll -PdetektAutoFix=true
 ```
 
 _(*nix)_
@@ -99,4 +99,60 @@ You can install the Fastlane dependencies by running `bundle install` from the r
 `which sentry-cli` is run. `which` does not exist on Windows, but the similarly named `where`
 command does, so you can get around any errors stemming from this by aliasing the command `where`
 to `which`.
- - You need to install [GitVersion](https://github.com/GitTools/GitVersion) yourself.
+ - You need to install [GitVersion](https://github.com/GitTools/GitVersion) yourself.
+
+## Release management
+
+Below are some instructions on the MyRoboJackets Android release process. Note that you will need
+additional permissions on this repo and the MyRoboJackets Android Google Play application to
+fully carry out this step:
+- Permission on this repo to create tags and releases (write access)
+- Permissions on the MyRoboJackets Android Google Play app. At a minimum:
+  - `Release apps to testing tracks`
+  - `Release to production, exclude devices, and use Play App Signing`
+
+App releases don't have to perfectly coincide with PRs being merged, especially if two PRs are
+merged in close proximity. Our Concourse pipeline has jobs to automatically handle building,
+signing, and uploading production releases of the app.
+
+1. After you've merged all PRs to be included in the release, ensure the `.update-priority`
+file is set correctly according to the table below. Use priority 2 as the default. If you want to
+use priority 4 or 5, post in #apiary-mobile first.
+   1. Update priority affects if and how often users receive in-app update prompts to update the
+app to the latest version.
+
+| Update priority | Description | Examples | Update timeline for users |
+| --- | --- |--- | --- |
+| 0/1/2 | Very low  or low priority | UI touchups that don't impact functionality, releases with options to opt-in to beta features | No prompt initially. Optional prompt starting 14 days after release. Immediate update 21 days after release. |
+| 3 | Medium priority |  Medium-priority bug fixes, performance improvements, non-time-sensitive feature launches | No prompts for the first 3 days. Optional starting 4 days after release. Immediate update 21 days after release. |
+| 4 | High priority or time-sensitive | High priority bug fixes, time-sensitive feature launches | Optional for the first 24 hours, then immediate. |
+| 5 | Critical bug fixes | Crashes/bugs impacting major features, urgent vulnerabilities | Immediate update required. |
+
+2. Create a new release on `main` using a tag with a name like `v1.0.0`. Use semantic versioning
+to determine how to increment the version number.
+   1. Go to https://github.com/RoboJackets/apiary-mobile/releases
+   2. Press the **Draft a new release** button.
+   3. Decide on the new version tag; it **must** start with `v`. In general, you should increment 
+the previous release's version using [semantic versioning](https://semver.org/) guidelines (most 
+releases will be a 0.1.0 (minor) or 0.0.1 (patch) increment). Press **Choose a tag**, then enter the
+new tag name to create it on publish.
+   4. Leave **Release title** blank. Instead, press **Generate release notes**. The release title
+and description should automatically fill in with the changes since the last release.
+      1. In general, you shouldn't need to manually set the value of the `Previous tag` field,
+      unless the release notes seem incorrect.
+3. When you publish the release (which creates a new tag), a Concourse job to create a draft Google 
+Play internal test release will begin shortly.
+   1. If it doesn't start, a common reason is that it wasn't alphabetically the latest tag, so the
+   [`tagged-release`](https://concourse.sandbox.aws.robojackets.net/teams/information-technology/pipelines/apiary-mobile/resources/tagged-release)
+   resource didn't trigger a new build. We can disable old versions of the resource to trigger a new
+   build.
+4. If the Concourse [build-release job](https://concourse.sandbox.aws.robojackets.net/teams/information-technology/pipelines/apiary-mobile/jobs/build-release)
+finishes successfully, you'll find a new draft release on the Internal Test track in Google Play. 
+At this point, you should do some small QA efforts to verify the new build. Post in #apiary-mobile
+to have some people help you test. Note that access to the internal test track must be granted via
+the Google Play Console.
+   1. Internal testers may need to uninstall the app to see the update if it was recently published.
+6. If no issues are found, it's time to release! Promote the build to the Production track in
+Google Play, add release notes, and save the release.
+7. Google Play typically spends a day or two reviewing the release, then makes it available. In
+general, expect it to take at least ~24 hours for a production release to be available to users.

app/src/main/java/org/robojackets/apiary/ApiaryMobileApplication.kt

@@ -14,6 +14,7 @@ import timber.log.Timber
 class ApiaryMobileApplication : Application() {
     override fun onCreate() {
         super.onCreate()
+
         if (BuildConfig.DEBUG) {
             Timber.plant(Timber.DebugTree())
         } else {

app/src/main/java/org/robojackets/apiary/MainActivity.kt

@@ -37,8 +37,8 @@ import org.robojackets.apiary.attendance.AttendanceScreen
 import org.robojackets.apiary.attendance.ui.AttendableSelectionScreen
 import org.robojackets.apiary.attendance.ui.AttendableTypeSelectionScreen
 import org.robojackets.apiary.auth.AuthStateManager
-import org.robojackets.apiary.auth.AuthenticationScreen
 import org.robojackets.apiary.auth.oauth2.AuthManager
+import org.robojackets.apiary.auth.ui.AuthenticationScreen
 import org.robojackets.apiary.base.GlobalSettings
 import org.robojackets.apiary.base.model.AttendableType
 import org.robojackets.apiary.base.ui.nfc.NfcRequired

app/src/main/java/org/robojackets/apiary/di/MainActivityModule.kt

@@ -3,6 +3,8 @@ package org.robojackets.apiary.di
 import android.content.Context
 import com.nxp.nfclib.NxpNfcLib
 import com.skydoves.sandwich.coroutines.CoroutinesResponseCallAdapterFactory
+import com.squareup.moshi.Moshi
+import com.squareup.moshi.Types
 import dagger.Module
 import dagger.Provides
 import dagger.hilt.InstallIn
@@ -13,10 +15,12 @@ import okhttp3.OkHttpClient
 import okhttp3.logging.HttpLoggingInterceptor
 import org.robojackets.apiary.BuildConfig
 import org.robojackets.apiary.auth.AuthStateManager
+import org.robojackets.apiary.auth.model.Permission
 import org.robojackets.apiary.auth.network.AuthHeaderInterceptor
 import org.robojackets.apiary.auth.network.UserApiService
 import org.robojackets.apiary.auth.oauth2.AuthManager
 import org.robojackets.apiary.base.GlobalSettings
+import org.robojackets.apiary.base.adapter.SkipNotFoundEnumInEnumListAdapter
 import org.robojackets.apiary.base.service.ServerInfoApiService
 import org.robojackets.apiary.network.UserAgentInterceptor
 import retrofit2.Retrofit
@@ -30,7 +34,7 @@ object MainActivityModule {
 
     @Provides
     fun providesAuthService(
-        @ApplicationContext context: Context
+        @ApplicationContext context: Context,
     ) = AuthorizationService(context)
 
     @Provides
@@ -40,8 +44,10 @@ object MainActivityModule {
         authManager: AuthManager,
     ): OkHttpClient {
         val loggingInterceptor = HttpLoggingInterceptor()
-        loggingInterceptor.setLevel(if (BuildConfig.DEBUG) HttpLoggingInterceptor.Level.BODY
-            else HttpLoggingInterceptor.Level.BASIC) // Only log detailed
+        loggingInterceptor.setLevel(
+            if (BuildConfig.DEBUG) HttpLoggingInterceptor.Level.BODY
+            else HttpLoggingInterceptor.Level.BASIC
+        ) // Only log detailed
         // network requests in debug builds
         loggingInterceptor.redactHeader("Authorization") // Redact access tokens in headers
 
@@ -52,24 +58,35 @@ object MainActivityModule {
             .build()
     }
 
+    @Provides
+    fun providesMoshi(): Moshi {
+        return Moshi.Builder()
+            .add(
+                Types.newParameterizedType(List::class.java, Permission::class.java),
+                SkipNotFoundEnumInEnumListAdapter(Permission::class.java)
+            )
+            .build()
+    }
+
     @Provides
     fun providesRetrofit(
         globalSettings: GlobalSettings,
-        okHttpClient: OkHttpClient
+        moshi: Moshi,
+        okHttpClient: OkHttpClient,
     ): Retrofit = Retrofit.Builder()
         .client(okHttpClient)
         .baseUrl(globalSettings.appEnv.apiBaseUrl.toString())
         .addCallAdapterFactory(CoroutinesResponseCallAdapterFactory.create())
-        .addConverterFactory(MoshiConverterFactory.create())
+        .addConverterFactory(MoshiConverterFactory.create(moshi))
         .build()
 
     @Provides
     fun providesServerInfoApiService(
-        retrofit: Retrofit
+        retrofit: Retrofit,
     ) = retrofit.create(ServerInfoApiService::class.java)
 
     @Provides
     fun providesUserApiService(
-        retrofit: Retrofit
+        retrofit: Retrofit,
     ) = retrofit.create(UserApiService::class.java)
 }

app/src/main/java/org/robojackets/apiary/ui/settings/Settings.kt

@@ -32,14 +32,15 @@ import org.robojackets.apiary.base.ui.util.ContentPadding
 import org.robojackets.apiary.base.ui.util.MadeWithLove
 import org.robojackets.apiary.ui.update.UpdateStatus
 
-@Suppress("LongMethod")
+@Suppress("LongMethod", "LongParameterList")
 @Composable
  private fun Settings(
      appEnv: AppEnvironment,
      user: UserInfo?,
      onLogout: () -> Unit,
      onOpenPrivacyPolicy: () -> Unit,
      onOpenMakeAWish: () -> Unit,
+     onRefreshUser: () -> Unit,
  ) {
     val context = LocalContext.current
 
@@ -56,8 +57,16 @@ import org.robojackets.apiary.ui.update.UpdateStatus
                 icon = { Icon(Icons.Outlined.Person, contentDescription = "person") },
                 title = { Text(text = user?.name ?: "Refreshing data...") },
                 subtitle = { Text(text = user?.uid ?: "") },
-                onClick = {}
+                onClick = { onRefreshUser() }
             )
+            if (BuildConfig.DEBUG) {
+                SettingsMenuLink(
+                    icon = { Icon(Icons.Outlined.VerifiedUser, contentDescription = "verified user") },
+                    title = { Text(text = "DEBUG: Recognized permissions") },
+                    subtitle = { Text(text = user?.allPermissions?.joinToString(separator = ", ") ?: "None") },
+                    onClick = { onRefreshUser() }
+                )
+            }
             SettingsMenuLink(
                 icon = { Icon(Icons.Outlined.Logout, contentDescription = "logout") },
                 title = { Text(text = "Logout") },
@@ -149,6 +158,9 @@ fun SettingsScreen(
            onOpenMakeAWish = {
                val customTabsIntent = viewModel.getCustomTabsIntent(secondaryThemeColor.toArgb())
                customTabsIntent.launchUrl(context, viewModel.makeAWishUrl)
+           },
+           onRefreshUser = {
+               viewModel.getUser(forceRefresh = true)
            }
        )
     }
@@ -163,6 +175,7 @@ private fun SettingsPreview() {
         user = null,
         onLogout = {},
         onOpenPrivacyPolicy = {},
-        onOpenMakeAWish = {}
+        onOpenMakeAWish = {},
+        onRefreshUser = {},
     )
 }

app/src/main/java/org/robojackets/apiary/ui/settings/SettingsViewModel.kt

@@ -115,9 +115,9 @@ class SettingsViewModel @Inject constructor(
     }
 
     @Suppress("TooGenericExceptionCaught",)
-    fun getUser() {
+    fun getUser(forceRefresh: Boolean = false) {
         viewModelScope.launch {
-            if (user.value == null) {
+            if (user.value == null || forceRefresh) {
                 try {
                     user.value = userRepository.getLoggedInUserInfo().getOrThrow().user
                     val sentryUser = SentryUser()

app/src/main/java/org/robojackets/apiary/ui/update/UpdateGate.kt

@@ -61,7 +61,7 @@ fun isImmediateUpdateRequired(priority: Int, staleness: Int): Boolean {
     }
 }
 
-@Suppress("ComplexMethod")
+@Suppress("ComplexMethod", "LongMethod")
 @Composable
 fun UpdateGate(
     navReady: Boolean,

attendance/build.gradle.kts

@@ -11,6 +11,7 @@ dependencies {
     // Other modules
     implementation(project(mapOf("path" to ":base")))
     implementation(project(mapOf("path" to ":navigation")))
+    implementation(project(mapOf("path" to ":auth")))
     implementation("androidx.navigation:navigation-common-ktx:2.3.5")
 
     // Dependencies

attendance/src/main/java/org/robojackets/apiary/attendance/Attendance.kt

@@ -2,7 +2,6 @@ package org.robojackets.apiary.attendance
 
 import androidx.compose.foundation.layout.*
 import androidx.compose.material.Button
-import androidx.compose.material.CircularProgressIndicator
 import androidx.compose.material.Text
 import androidx.compose.runtime.Composable
 import androidx.compose.runtime.LaunchedEffect
@@ -17,8 +16,7 @@ import androidx.compose.ui.text.font.FontWeight
 import androidx.compose.ui.text.style.TextAlign
 import androidx.compose.ui.unit.dp
 import com.nxp.nfclib.NxpNfcLib
-import org.robojackets.apiary.attendance.model.AttendanceScreenState.Loading
-import org.robojackets.apiary.attendance.model.AttendanceScreenState.ReadyForTap
+import org.robojackets.apiary.attendance.model.AttendanceScreenState.*
 import org.robojackets.apiary.attendance.model.AttendanceState
 import org.robojackets.apiary.attendance.model.AttendanceViewModel
 import org.robojackets.apiary.base.model.AttendableType
@@ -31,6 +29,7 @@ import org.robojackets.apiary.base.ui.nfc.BuzzCardPromptExternalError
 import org.robojackets.apiary.base.ui.nfc.BuzzCardTap
 import org.robojackets.apiary.base.ui.theme.danger
 import org.robojackets.apiary.base.ui.util.ContentPadding
+import org.robojackets.apiary.base.ui.util.LoadingSpinner
 
 private fun getExternalError(error: String?): BuzzCardPromptExternalError? {
     error?.let {
@@ -48,16 +47,9 @@ private fun Attendance(
     onBuzzcardTap: (buzzcardTap: BuzzCardTap) -> Unit,
     onNavigateToAttendableSelection: () -> Unit,
 ) {
-    if (viewState.selectedAttendable == null) {
-        Column(
-            verticalArrangement = Arrangement.Center,
-            horizontalAlignment = CenterHorizontally,
-            modifier = Modifier.fillMaxWidth()
-                .fillMaxHeight()
-        ) {
-            CircularProgressIndicator()
-        }
 
+    if (viewState.selectedAttendable == null) {
+        LoadingSpinner()
         return
     }