Skip to content

fix: correct Slack adapter message fields for RBAC and DM policy#467

Open
zilvinasu wants to merge 2 commits intoRightNow-AI:mainfrom
zilvinasu:fix/slack-platform-id
Open

fix: correct Slack adapter message fields for RBAC and DM policy#467
zilvinasu wants to merge 2 commits intoRightNow-AI:mainfrom
zilvinasu:fix/slack-platform-id

Conversation

@zilvinasu
Copy link

@zilvinasu zilvinasu commented Mar 9, 2026
edited
Loading

Summary

The Slack adapter has four related issues that break RBAC user matching, DM policy enforcement, and DM delivery:

  1. platform_id set to wrong value for RBAC - platform_id is used by the send path (chat.postMessage needs a channel ID), and all other adapters set it to channel/chat ID. But RBAC's identify() matches channel_bindings against platform_id, expecting a user ID. Fix: store the Slack user ID in metadata["sender_user_id"] and add a sender_user_id() helper in bridge.rs that reads it for RBAC and rate limiting.

  2. is_group hardcoded to true - DMs (channels starting with D) were classified as group messages, so dm_policy (ignore/allowed_only/respond) was never enforced. Fix: is_group = !channel.starts_with('D').

  3. Bridge RBAC reads platform_id instead of user identity - authorize_channel_user() and rate_limiter.check() used message.sender.platform_id, which is the channel ID. Fix: use sender_user_id() helper that checks metadata first, falling back to platform_id for adapters that don't set sender_user_id.

  4. allowed_channels filter blocks DMs - The allowed_channels whitelist applies to all messages including DMs. Since DM channel IDs (D-prefixed) are never in the allowed list, all DMs are silently dropped before dm_policy can evaluate them. Fix: exempt D-prefixed channels from the allowed_channels filter — DM access control is handled by dm_policy.

Changes

  • `crates/openfang-channels/src/slack.rs` - store user ID in metadata, revert platform_id to channel, detect DMs via channel prefix, exempt DMs from allowed_channels filter
  • `crates/openfang-channels/src/bridge.rs` - add `sender_user_id()` helper, use it for RBAC and rate limiting

Backward compatibility

  • The `sender_user_id()` helper falls back to `platform_id` when metadata key is absent, so all other adapters continue working unchanged
  • `platform_id` stays as channel ID (matching every other adapter), so the send path is unaffected
  • DMs were previously always blocked by `allowed_channels`, so exempting them is strictly additive

Checklist

  • `cargo fmt` - our files are clean (workspace has pre-existing `ar_archive_writer` build issue on stable)
  • Tests updated: existing assertions corrected, new test for DM detection added
  • No new `unsafe` code
  • No secrets or API keys in diff

@zilvinasu zilvinasu marked this pull request as draft March 9, 2026 04:26
@zilvinasu zilvinasu force-pushed the fix/slack-platform-id branch from a6bd0a6 to ecaadb7 Compare March 9, 2026 04:42
@zilvinasu zilvinasu changed the title fix: use user_id for platform_id in Slack adapter fix: correct Slack adapter message fields for RBAC and DM policy Mar 9, 2026
@zilvinasu zilvinasu force-pushed the fix/slack-platform-id branch from ecaadb7 to f870b5e Compare March 9, 2026 05:05
@zilvinasu @claude
fix: correct Slack adapter message fields for RBAC and DM policy
e1753d7 
Three issues in the Slack adapter prevented RBAC user matching and
DM policy enforcement:

1. platform_id was set to user_id instead of channel — breaks the send
   path (chat.postMessage needs channel ID). All other adapters use
   channel/chat ID for platform_id. Store user ID in metadata as
   "sender_user_id" instead.

2. is_group was hardcoded to true — DMs (channel starting with "D")
   were classified as group messages, so dm_policy was never enforced.

3. Bridge RBAC and rate limiter read platform_id for user identity,
   but platform_id is the channel. Add sender_user_id() helper that
   reads from metadata first, falling back to platform_id for adapters
   that don't set it.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@zilvinasu zilvinasu force-pushed the fix/slack-platform-id branch from f870b5e to e1753d7 Compare March 9, 2026 05:14
@zilvinasu zilvinasu marked this pull request as ready for review March 9, 2026 05:20
@zilvinasu
Copy link
Author

zilvinasu commented Mar 9, 2026

@jaberjaber23 would appreciate a review when you get a chance. This fixes three related issues in the Slack adapter that break RBAC user matching and DM policy enforcement.

@zilvinasu @claude
fix(slack): exempt DMs from allowed_channels filter
5965916 
The allowed_channels filter was blocking DMs because DM channel IDs
(D-prefixed) are never in the allowed list. DM access control should
be handled by dm_policy, not the channel whitelist.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@zilvinasu
Copy link
Author

zilvinasu commented Mar 9, 2026
edited
Loading

btw, tested on the deployed openfang, found another bug for allowed_channels check, as it blocks DMs by default as well, will probably fix it as part of this

@zilvinasu
Copy link
Author

zilvinasu commented Mar 9, 2026

fixed now, DM RBAC works fine, manual testing done as well, let me know if anything missing @jaberjaber23

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@zilvinasu