Add labs_updated event to subscription allowlist #157552
Conversation
This fixes the authorization error for non-admin users subscribing to the labs_updated event, which was causing issues with kiosk mode and dedicated dashboards in the beta version. Fixes #145771 Co-authored-by: balloob <[email protected]>
|
|
||
| from typing import Any, Final | ||
|
|
||
| from homeassistant.components.labs.const import EVENT_LABS_UPDATED |
Import EVENT_LABS_UPDATED from homeassistant.components.labs instead of homeassistant.components.labs.const per hass-component-root-import rule. Co-authored-by: balloob <[email protected]>
|
|
||
| from typing import Any, Final | ||
|
|
||
| from homeassistant.components.labs import EVENT_LABS_UPDATED |
There was a problem hiding this comment.
@copilot can you move the constant to homeassistant/const.py to avoid circular import.
There was a problem hiding this comment.
Done in 512cbd1 - moved EVENT_LABS_UPDATED to homeassistant/const.py and updated both labs/const.py (re-exports with noqa) and events.py to import from there.
Move the constant to the central const.py file to avoid circular import issues. Update labs/const.py to re-export from homeassistant.const and update events.py to import from homeassistant.const directly. Co-authored-by: balloob <[email protected]>
|
|
||
| from __future__ import annotations | ||
|
|
||
| from homeassistant.const import EVENT_LABS_UPDATED # noqa: F401 |
There was a problem hiding this comment.
@copilot don't do this. Just import it whenever the labs integration needs it from homeassistant.const. Don't have it remain defined in labs/const.py
There was a problem hiding this comment.
Done in 3bae776 - removed the re-export from labs/const.py and updated both labs/__init__.py and labs/websocket_api.py to import EVENT_LABS_UPDATED directly from homeassistant.const.
Import EVENT_LABS_UPDATED directly from homeassistant.const in labs/__init__.py and labs/websocket_api.py instead of re-exporting from labs/const.py. Co-authored-by: balloob <[email protected]>
There was a problem hiding this comment.
Pull request overview
This PR fixes an authorization issue where non-admin users cannot subscribe to the labs_updated event. The fix adds EVENT_LABS_UPDATED to the SUBSCRIBE_ALLOWLIST in the events permissions module, allowing all authenticated users to receive notifications when lab preview features are toggled.
Key changes:
- Import
EVENT_LABS_UPDATEDfrom the labs component - Add the constant to
SUBSCRIBE_ALLOWLISTto permit non-admin subscriptions
|
The wrong issue is linked in the PR description. |
| EVENT_HOMEASSISTANT_FINAL_WRITE: EventType[NoEventData] = EventType( | ||
| "homeassistant_final_write" | ||
| ) | ||
| EVENT_LABS_UPDATED: Final = "labs_updated" |
There was a problem hiding this comment.
There's a non-merged proposal to add a labs-helper #157315 where importing EVENT_LABS_UPDATED on module level does not cause circular imports, should we consider that again?
| STORAGE_KEY = "core.labs" | ||
| STORAGE_VERSION = 1 | ||
|
|
||
| EVENT_LABS_UPDATED = "labs_updated" |
There was a problem hiding this comment.
I don't think moving integration's event definitions here is a pattern we should encourage.
Why do we move this constant instead of just importing it locally in auth/permissions/events.py?
A solution could be to add a function async_create_allowlist to homeassistant/auth/permissions/events.py which is called early.
There was a problem hiding this comment.
I didn' want to do a refactor but instead follow the pattern that we've been using. Agree that it's unfortunate to move things to main const file for this reason.
|
@MartinHjelmare the linked issue was the issue that showed the permission error and made me realize what was wrong. @emontnemery I don't feel strongly either way. Just put up a solution |
|
@balloob I edited the description yesterday and changed the wrong issue to the correct one. |
Co-authored-by: copilot-swe-agent[bot] <[email protected]> Co-authored-by: balloob <[email protected]>
Breaking change
Proposed change
Non-admin users (e.g., kiosk/dashboard users) cannot subscribe to
labs_updatedevent, causing authorization errors in beta 2025.12.0b2:Add
EVENT_LABS_UPDATEDconstant tohomeassistant/const.pyand include it in theSUBSCRIBE_ALLOWLISTinhomeassistant/auth/permissions/events.py. The event only contains feature status metadata (domain, feature name, enabled state) - no sensitive data.The constant is defined in
homeassistant/const.pyto avoid circular import issues, and the labs integration imports it directly from there.Type of change
Additional information
Checklist
ruff format homeassistant tests)If user exposed functionality or configuration variables are added/changed:
If the code communicates with devices, web services, or third-party tools:
Updated and included derived files by running:
python3 -m script.hassfest.requirements_all.txt.Updated by running
python3 -m script.gen_requirements_all.To help with the load of incoming pull requests:
Original prompt
✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.