Duo Chat in UI: Unable to Summarize Public Issues in Public Projects Unless User is a Project Member
Summary
Environment: GDK (self-managed)
GitLab Version: GitLab Enterprise Edition 16.8.0-pre 6d421113
If a user prompts Duo Chat to return a summary of a referenced public issue within a public project, Duo Chat will respond with I am sorry, I am unable to find what you are looking for.
Once the user is added as a project member, they will then receive the summary as expected.
Steps to reproduce
- Log into GDK as User A
- Create a new public group and project as User A (ex:
duo-chat-group/duo-chat-project
) - In the project, create a new issue with a description. Copy the URL for the issue.
- Log out and log in as a new user, User B
- Open up Duo Chat from the Help menu in the left sidebar as User B
- Type the prompt
Summarize the issue <URL HERE>
and submit - Duo Chat will respond with
I am sorry, I am unable to find what you are looking for.
- Log out as User B, and log in as User A again
- Go to the project members page and invite User A to the project as a Guest
- Log out and log back in as User A again
- Go back to Duo Chat, and submit the same prompt. This time, Duo Chat will be able to summarize the issue.
What is the current bug behavior?
Duo Chat is unable to summarize a referenced public issue in a public project unless the user is a project member
What is the expected correct behavior?
Duo Chat should be able to summarize referenced public issues that are in public projects
Technical details
- When an issue is referenced, the
IssueReader
tool, which inherits from theIdentifier
tool, is used. - When the
url
is used to identify an issue,IssueReader
callsextract_resource
- The
extract_resource
definition inIssueReader
callsextract_project
-
extract_project
is defined inIdentifier
and callsuser.authorized_projects
and uses that to find the issue's project. Any projects that the user is a member of would be included inauthorized_projects
but not public / open source projects. Still, the user should be able to summarize issues in public projects.
As a solution, I would suggest that instead of looking at authorized_projects
, we do a search on all projects and return a 404
if the user cannot access_duo_chat
on the project. Invoking the ChatAuthorizer
class could be one way to do this.
This solution seems pretty straightforward but may present a performance challenges so I would definitely recommend a database review for the change.