Fix org security avatars and member links

[riderx]

Summary (AI generated)

• Resolve org security member avatars via signed image URLs.
• Add View Members buttons for member lists and warning dialogs on the security page.

Test plan (AI generated)

• Not run (not requested).

Screenshots (AI generated)

• Not applicable.

Checklist (AI generated)

• My code follows the code style of this project and passes
  .
• My change requires a change to the documentation.
• I have updated the documentation
  accordingly.
• My change has adequate E2E test coverage.
• I have tested my code manually, and I have provided steps how to reproduce
  my tests

Generated with AI

Summary by CodeRabbit

• New Features

  • Added "View Members" navigation buttons to organization security dialogs for quick access to members management.

• UI Changes

  • Reorganized action buttons in security configuration dialogs to display view and copy functionality side-by-side.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Warning

Rate limit exceeded

@riderx has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 1 minutes and 18 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📝 Walkthrough

Walkthrough

The PR enhances Security.vue by introducing router-based navigation to the members page and integrating signed image URLs for member avatars across MFA and password policy sections. Copy-email actions are replaced with combined view-members and copy-email button pairs.

Changes

Cohort / File(s)	Summary
Router Navigation Enhancement src/pages/settings/organization/Security.vue	Adds useRouter() integration and introduces goToMembersPage() helper function to navigate to /settings/organization/members with optional dialog closure.
Member Image URL Signing src/pages/settings/organization/Security.vue	Integrates createSignedImageUrl for member avatars in MFA status and password policy status member lists, converting image URLs to signed equivalents during data load.
UI Action Updates src/pages/settings/organization/Security.vue	Replaces standalone copy-email-list buttons with paired view-members and copy-email button groups across 2FA, MFA warning, and password policy sections.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related PRs

• Fix org images and logo uploads #1531: Implements identical member avatar image signing using createSignedImageUrl for RBAC member images in a related organizational context.

Poem

🐰 A rabbit hops through security halls,
Signing images, answering members' calls,
Buttons grouped in pairs so neat,
Navigation swift—the flow's complete! ✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description is incomplete and contains AI-generated placeholders. Key issues: Test plan says 'Not run (not requested)' lacking actual testing details, Screenshots marked 'Not applicable' without justification, and Checklist items are unchecked with incomplete sections. Critical testing information is missing.	Provide actual test steps demonstrating avatar resolution and member navigation flows, include UI screenshots showing the changes, and complete the checklist with proper testing evidence.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Fix org security avatars and member links' accurately captures the two main changes: fixing avatar display via signed URLs and adding member navigation links.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch riderx/fix-org-sec-avatars

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

This pull request fixes avatar display for organization members on the security page by implementing signed image URLs, and adds navigation buttons to view the members page from security-related warnings and member lists.

Changes:

• Implements signed image URL generation for member avatars using createSignedImageUrl from the storage service
• Adds a goToMembersPage function for navigation to the members page with optional dialog dismissal
• Adds "View Members" buttons to four locations: 2FA warning section, password policy warning section, 2FA enforcement dialog, and password policy enforcement dialog

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@src/pages/settings/organization/Security.vue`:
- Line 45: The file references useRouter via the const router = useRouter() call
but lacks an explicit import; add an explicit import statement "import {
useRouter } from 'vue-router'" at the top of Security.vue (matching the
project's convention used elsewhere) so useRouter is explicitly imported before
it's used.

🧹 Nitpick comments (3)

src/pages/settings/organization/Security.vue (3)

253-263: Consider error resilience for individual image signing failures.

If createSignedImageUrl throws for any member, the entire Promise.all rejects and no members will be displayed. Consider handling failures per-member to ensure partial success.

♻️ Proposed defensive approach

     membersWithMfaStatus.value = await Promise.all((members || []).map(async (member) => {
-      const signedImage = member.image_url ? await createSignedImageUrl(member.image_url) : ''
+      let signedImage = ''
+      if (member.image_url) {
+        try {
+          signedImage = await createSignedImageUrl(member.image_url) || ''
+        }
+        catch {
+          // Fall back to no image if signing fails
+        }
+      }
       return {
         uid: member.uid,
         email: member.email,
         image_url: signedImage || '',

---

318-331: Same error resilience concern as MFA loading; consider extracting shared logic.

This follows the same pattern as loadMembersWithMfaStatus. Both could benefit from a shared helper that safely signs image URLs with per-item error handling.

---

966-981: Consider using DaisyUI button components for consistency.

Per coding guidelines, interactive elements should use DaisyUI components (e.g., d-btn). However, this matches the existing button styling pattern used throughout the file, so this is a low-priority optional refactor.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud