[LFXV2-920] Committee member visibility - Conditional Relation

charts/lfx-v2-committee-service/Chart.yaml

@@ -5,5 +5,5 @@ apiVersion: v2
 name: lfx-v2-committee-service
 description: LFX Platform V2 Committee Service chart
 type: application
-version: 0.2.19
+version: 0.2.20
 appVersion: "latest"

charts/lfx-v2-committee-service/templates/ruleset.yaml

@@ -245,7 +245,7 @@ spec:
         - authorizer: openfga_check
           config:
             values:
-              relation: viewer
+              relation: basic_profile_viewer
               object: "committee:{{ "{{- .Request.URL.Captures.uid -}}" }}"
         {{- else }}
         - authorizer: allow_all

internal/domain/model/committee_base.go

@@ -18,6 +18,8 @@ import (
 
 const (
 	categoryGovernmentAdvisoryCouncil = "Government Advisory Council"
+
+	memberVisibilityBasicProfileSetting = "basic_profile"
 )
 
 // Committee represents the core committee business entity
@@ -155,3 +157,12 @@ func (c *Committee) Tags() []string {
 func (c *Committee) IsGovernmentAdvisoryCouncil() bool {
 	return c.Category == categoryGovernmentAdvisoryCouncil
 }
+
+// IsMemberVisibilityBasicProfile returns true if the committee's member visibility setting is "basic_profile"
+func (c *Committee) IsMemberVisibilityBasicProfile() bool {
+	if c.CommitteeSettings == nil {
+		return false
+	}
+
+	return c.MemberVisibility == memberVisibilityBasicProfileSetting
+}

internal/domain/model/committee_message.go

@@ -109,6 +109,8 @@ type CommitteeAccessMessage struct {
 	// e.g. "project" and it's value is the project UID.
 	// e.g. "parent" and it's value is the parent UID.
 	References map[string]string `json:"references"`
+	// self is used to store the self relation of the object, e.g. for committee members to access their own basic profile info.
+	Self []string `json:"self"`
 }
 
 // CommitteeMemberUpdateEventData represents the data structure for committee member update events

internal/service/committee_writer.go

@@ -238,6 +238,10 @@ func (uc *committeeWriterOrchestrator) buildAccessControlMessage(ctx context.Con
 		message.Relations[constants.RelationAuditor] = committee.Auditors
 	}
 
+	if committee.CommitteeSettings != nil && committee.IsMemberVisibilityBasicProfile() {
+		message.Self = append(message.Self, constants.RelationSelfForMemberBasicProfileAccess)
+	}
+
 	slog.DebugContext(ctx, "building access control message",
 		"message", message,
 	)

pkg/constants/access_control.go

@@ -12,4 +12,6 @@ const (
 	RelationWriter = "writer"
 	// RelationAuditor is the relation name for the auditor of an object.
 	RelationAuditor = "auditor"
+	// RelationSelfForMemberBasicProfileAccess is the relation name for committee members to access basic profile info.
+	RelationSelfForMemberBasicProfileAccess = "self_for_member_basic_profile_access"
 )