Document v11.8.0 membership policies, recommended channels, leave confirmation, and policy simulation#9036
Document v11.8.0 membership policies, recommended channels, leave confirmation, and policy simulation#9036Combs7th wants to merge 9 commits into
Conversation
…firmation, and policy simulation - Add public vs. private channel membership policy behavior, channel-level permission policies, and Simulate access to channel access rules docs - Add Simulate access steps to system-wide policies docs - Note membership policies, permission policies, and policy simulation in the ABAC configure-policies overview - Add Recommended Browse Channels filter note for end users - Distinguish public vs. private add-members behavior - Document the leave-confirmation modal (Leave channel / Mute instead) Resolves #9032 Co-authored-by: Combs7th <Combs7th@users.noreply.github.com>
|
Newest code from mattermost has been published to preview environment for Git SHA d6d3dd0 |
Combs7th
added
1: Dev Review
|
Heya @isacikgoz - I have a draft ready for us covering the membership policy/public channel advisory behavior, recommended channel surfaces, leave confirmation modal, channel-level file upload/download permission policies, and Simulate access updates. I tried to keep this minimal and focused on user/admin-visible behavior only. A few areas I’d especially appreciate review on:
If all is good, we'll get these merged in. Thanks! |
|
Newest code from mattermost has been published to preview environment for Git SHA 620c38c |
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (2)
✅ Files skipped from review due to trivial changes (1)
🚧 Files skipped from review as they are similar to previous changes (1)
📝 WalkthroughWalkthroughDocumentation updates for Mattermost v11.8.0 across six files. Admin docs clarify that self-service access rules apply only to private channels, add a new "Public and private channel behavior" section, expand "Simulate access" with step-by-step instructions and draft-rule evaluation, and introduce channel-level permission policies for file upload/download. End-user docs add the Recommended channel filter, member-addition behaviour distinctions, and the leave-confirmation flow for policy-added public channels. ChangesMembership Policies and Channel Access Control Documentation
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Possibly related issues
Possibly related PRs
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@source/administration-guide/manage/admin/abac-system-wide-policies.rst`:
- Around line 65-78: The lead-in still describes testing a rule against the
whole user base and counting granted users; update that opening paragraph (the
line that starts "Select **Test access rule** to test the rule against your user
base to return how many users would be granted access...") to instead describe
the "Simulate access" feature as a per-user, pre-save simulation that previews
allowed and denied outcomes for selected users in the policy editor of the
System Console; keep references to "Select Test access rule" and "Simulate
access" and briefly note it previews per-user allow/deny outcomes before saving
rather than returning a user count.
In `@source/end-user-guide/collaborate/join-leave-channels.rst`:
- Around line 112-120: Update the "Leave a public channel added by a membership
policy" paragraph: after the sentences that explain the difference between the
"Leave channel" and "Mute instead" choices, add a concise sentence stating that
choosing "Leave channel" may also remove the channel from Recommended while
choosing "Mute instead" keeps you in the channel (and preserves its Recommended
status); reference the existing phrases "Leave channel" and "Mute instead" so
the new sentence is placed with those explanations.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 47564942-0780-4d86-ac74-46b6e5a0a0fd
📒 Files selected for processing (6)
source/administration-guide/manage/admin/abac-channel-access-rules.rstsource/administration-guide/manage/admin/abac-system-wide-policies.rstsource/administration-guide/manage/admin/attribute-based-access-control.rstsource/end-user-guide/collaborate/browse-channels.rstsource/end-user-guide/collaborate/join-leave-channels.rstsource/end-user-guide/collaborate/manage-channel-members.rst
|
@wiersgallak - This one will need editor review as well after dev review is complete. |
Co-authored-by: Combs7th <Combs7th@users.noreply.github.com>
|
Newest code from mattermost has been published to preview environment for Git SHA 56a7ce9 |
|
Newest code from mattermost has been published to preview environment for Git SHA dfb361e |
|
Newest code from mattermost has been published to preview environment for Git SHA 0e58f35 |
|
@isacikgoz Can you help give this a review for today's v11.8 release day? |
isacikgoz
left a comment
isacikgoz
left a comment
There was a problem hiding this comment.
Looks good with some minimal adjustments.
|
|
||
| Test rules | ||
| ~~~~~~~~~~ | ||
| Simulate access |
There was a problem hiding this comment.
Should we explain these require enabling feature flags?
There was a problem hiding this comment.
@claude - Please update to explain these require enabling feature flags as requested by Ibrahim's feedback above.
There was a problem hiding this comment.
Claude finished @Combs7th's task in 1m 49s —— View job
Task: Document feature flag requirement for v11.8.0 ABAC features
- Read the relevant files for context
- Determine which feature flags are required (and the accurate wording)
- Update
abac-system-wide-policies.rst(Simulate access / line 65) - Check whether sibling v11.8.0 sections need the same note
- Commit and push (
ebe8199)
What I found
The v11.8.0 changelog entry confirms the gating Ibrahim was asking about:
Added support for permission-action rules (file upload, file download) on channel-scope access control policies, with a new "Simulate access" modal in System Console and Channel Settings… Gated by the existing
PermissionPoliciesfeature flag and the Enterprise Advanced license.
So Simulate access and the channel-level file upload/download permission policies are both gated by the PermissionPolicies feature flag (MM_FEATUREFLAGS_PERMISSIONPOLICIES), in addition to the Enterprise Advanced license. (The public-channel advisory/Recommended behavior itself only requires the license — no flag — so I scoped the note to the flag-gated features.)
What I added
A .. note:: in two places, matching the existing feature-flag phrasing used in user-attributes.rst (flag name + env var, link to the developer docs on enabling flags, and the Cloud-customer support path):
abac-system-wide-policies.rst— end of the Simulate access section, where Ibrahim left his comment.abac-channel-access-rules.rst— end of the Simulate access section, which also covers the channel-level permission policies described just above it, so the requirement is visible in both admin docs.
Channel-level permission policies and Simulate access are gated by the
PermissionPoliciesfeature flag (MM_FEATUREFLAGS_PERMISSIONPOLICIES) and require a Mattermost Enterprise Advanced license. See the Mattermost developer documentation for details on enabling feature flags in a self-hosted deployment. Mattermost Cloud customers can request this feature flag be enabled by contacting their Mattermost Account Manager or by creating a support ticket.
@isacikgoz @Combs7th — let me know if you'd prefer this phrased as an .. important:: block instead, or if the public-channel advisory/Recommended behavior is also behind a flag I should mention.
There was a problem hiding this comment.
Does this update look okay to you, @isacikgoz?
…ules.rst Co-authored-by: Ibrahim Serdar Acikgoz <serdaracikgoz86@gmail.com>
…ules.rst Co-authored-by: Ibrahim Serdar Acikgoz <serdaracikgoz86@gmail.com>
|
Newest code from mattermost has been published to preview environment for Git SHA 0540295 |
|
Newest code from mattermost has been published to preview environment for Git SHA 355fd96 |
… features Add notes clarifying that Simulate access and channel-level file upload/download permission policies are gated by the PermissionPolicies feature flag (MM_FEATUREFLAGS_PERMISSIONPOLICIES) and require an Enterprise Advanced license, per dev review feedback. Co-authored-by: Combs7th <Combs7th@users.noreply.github.com> Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
Newest code from mattermost has been published to preview environment for Git SHA ebe8199 |
|
Newest code from mattermost has been published to preview environment for Git SHA 2ea2d32 |
4 participants
Updates the ABAC / membership policy docs for Mattermost v11.8.0:
Resolves #9032
Generated with Claude Code