feat(alert): improves deployment alerts UI

[ygrishajev]

Summary by CodeRabbit

• New Features

  • Added the ability to enable or disable alerts directly from the alerts list, with a new toggle control.
  • Updated feature flags to allow separate control over alert creation and update actions.

• Improvements

  • Refined permissions for alert management, allowing more granular control over read, delete, and update (enabled field only) actions.
  • Enhanced error handling for deployment retrieval, providing clear feedback when deployments are not found.
  • Updated table columns and labels for clarity and improved usability in the alerts list.
  • Page title updated to "Configured Alerts" for better context.

• Bug Fixes

  • Corrected typo in test descriptions and improved test coverage for new alert toggle functionality.

• Refactor

  • Simplified internal state management for loading indicators in alerts.
  • Streamlined test and type definitions to align with new features and permissions.

• Chores

  • Adjusted test and repository setup to support new permission and feature flag logic.

[coderabbitai]

Walkthrough

This set of changes introduces finer-grained feature flags for alert creation and update, refines authorization logic for alert operations, and updates both backend and frontend alert handling. The frontend now supports toggling alert enabled status (with feature flag gating), removes alert deletion from the UI, and updates test and type definitions accordingly. Error handling and authorization checks are strengthened across services and repositories.

Changes

File(s) / Group	Change Summary
apps/api/src/core/services/feature-flags/feature-flags.service.spec.ts, .../feature-flags.ts, .../proxy/proxy.route.ts	Replaced combined NOTIFICATIONS_ALERT_MUTATION flag with separate NOTIFICATIONS_ALERT_CREATE and NOTIFICATIONS_ALERT_UPDATE flags; updated tests and routes to use new flags.
apps/api/src/deployment/controllers/deployment/deployment.controller.ts	Added explicit 404 error handling if deployment not found in getByOwnerAndDseq.
apps/deploy-web/src/components/alerts/AlertsListContainer/AlertsListContainer.tsx, .../AlertsListView/AlertsListView.tsx, .../AlertsListView/AlertsListView.spec.tsx, .../AlertsPage.tsx	Refactored alert list to support toggling enabled state (feature-flagged), removed alert deletion, updated types, props, and tests, and changed page title to "Configured Alerts".
apps/notifications/src/interfaces/rest/interceptors/auth/auth.interceptor.ts	Refined alert permissions: split "manage" into "read", "delete", and "update" (enabled field only); added "manage" for "DeploymentAlert".
apps/notifications/src/modules/alert/repositories/alert/alert.repository.ts	Added pre-update authorization checks for permitted fields; updated ability parameter handling for resource-specific checks.
apps/notifications/src/modules/alert/services/deployment-alert/deployment-alert.service.ts	Updated authorization checks to explicitly specify "DeploymentAlert" as resource for all ability checks.
apps/notifications/test/functional/alert-crud.spec.ts	Added conditional alert creation via repository for tests; removed deployment alert CRUD tests.
apps/notifications/src/modules/notifications/repositories/notification-channel/notification-channel.repository.ts	Localized AbilityParams type definition, removing external dependency.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant Frontend
    participant API
    participant NotificationsService

    User->>Frontend: Toggle alert enabled status
    Frontend->>API: PATCH /v1/alerts/:id (if NOTIFICATIONS_ALERT_UPDATE flag enabled)
    API->>NotificationsService: Validate user, check permissions
    NotificationsService->>NotificationsService: Check allowed fields for update
    NotificationsService-->>API: Update "enabled" field if permitted
    API-->>Frontend: Return updated alert
    Frontend-->>User: Show success or error notification

Loading

Possibly related PRs

• akash-network/console#1484: Both PRs modify getByOwnerAndDseq in DeploymentController, with this PR adding error handling and the related PR focusing on authorization changes.

Suggested reviewers

• baktun14

Poem

In the meadow of alerts, a toggle now appears,
No more bunnies hiding, deleting with their fears.
Permissions checked with careful paws,
Only "enabled" fields get the applause.
Feature flags split, controls refined—
A garden of code, robustly designed!
🐇✨

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

npm error Exit handler never called!
npm error This is an error with npm itself. Please report this error at:
npm error https://github.com/npm/cli/issues
npm error A complete log of this run can be found in: /.npm/_logs/2025-06-20T14_02_55_346Z-debug-0.log

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between aef58d9 and 244eada.

📒 Files selected for processing (13)

• apps/api/src/core/services/feature-flags/feature-flags.service.spec.ts (5 hunks)
• apps/api/src/core/services/feature-flags/feature-flags.ts (1 hunks)
• apps/api/src/deployment/controllers/deployment/deployment.controller.ts (1 hunks)
• apps/api/src/notifications/routes/proxy/proxy.route.ts (1 hunks)
• apps/deploy-web/src/components/alerts/AlertsListContainer/AlertsListContainer.tsx (4 hunks)
• apps/deploy-web/src/components/alerts/AlertsListView/AlertsListView.spec.tsx (5 hunks)
• apps/deploy-web/src/components/alerts/AlertsListView/AlertsListView.tsx (4 hunks)
• apps/deploy-web/src/components/alerts/AlertsPage.tsx (1 hunks)
• apps/notifications/src/interfaces/rest/interceptors/auth/auth.interceptor.ts (1 hunks)
• apps/notifications/src/modules/alert/repositories/alert/alert.repository.ts (4 hunks)
• apps/notifications/src/modules/alert/services/deployment-alert/deployment-alert.service.ts (4 hunks)
• apps/notifications/src/modules/notifications/repositories/notification-channel/notification-channel.repository.ts (1 hunks)
• apps/notifications/test/functional/alert-crud.spec.ts (2 hunks)

✅ Files skipped from review due to trivial changes (1)

• apps/notifications/src/modules/alert/services/deployment-alert/deployment-alert.service.ts

🚧 Files skipped from review as they are similar to previous changes (11)

• apps/deploy-web/src/components/alerts/AlertsPage.tsx
• apps/notifications/src/interfaces/rest/interceptors/auth/auth.interceptor.ts
• apps/api/src/deployment/controllers/deployment/deployment.controller.ts
• apps/api/src/core/services/feature-flags/feature-flags.service.spec.ts
• apps/api/src/notifications/routes/proxy/proxy.route.ts
• apps/notifications/test/functional/alert-crud.spec.ts
• apps/api/src/core/services/feature-flags/feature-flags.ts
• apps/deploy-web/src/components/alerts/AlertsListContainer/AlertsListContainer.tsx
• apps/deploy-web/src/components/alerts/AlertsListView/AlertsListView.spec.tsx
• apps/notifications/src/modules/alert/repositories/alert/alert.repository.ts
• apps/deploy-web/src/components/alerts/AlertsListView/AlertsListView.tsx

⏰ Context from checks skipped due to timeout of 90000ms (5)

• GitHub Check: test-api-build
• GitHub Check: validate-api
• GitHub Check: validate-notifications
• GitHub Check: test-deploy-web-build
• GitHub Check: validate-deploy-web

🔇 Additional comments (1)

apps/notifications/src/modules/notifications/repositories/notification-channel/notification-channel.repository.ts (1)

14-14: LGTM! Good refactoring for improved modularity.

Localizing the AbilityParams type definition removes the external dependency on the alert repository and makes this module more self-contained. The type definition is correct and maintains the same functionality while improving code organization.

✨ Finishing Touches

• 📝 Generate Docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[codecov]

Codecov Report

Attention: Patch coverage is 81.69014% with 13 lines in your changes missing coverage. Please review.

Project coverage is 40.43%. Comparing base (04a55a9) to head (244eada).
Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
...alerts/AlertsListContainer/AlertsListContainer.tsx	55.55%	8 Missing ⚠️
...omponents/alerts/AlertsListView/AlertsListView.tsx	84.00%	4 Missing ⚠️
...dules/alert/repositories/alert/alert.repository.ts	93.33%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1519      +/-   ##
==========================================
- Coverage   40.48%   40.43%   -0.06%     
==========================================
  Files         871      871              
  Lines       21115    21149      +34     
  Branches     3841     3854      +13     
==========================================
+ Hits         8548     8551       +3     
+ Misses      12386    12288      -98     
- Partials      181      310     +129     

Flag	Coverage Δ		*Carryforward flag
api	71.32% <100.00%> (+0.02%)	⬆️
deploy-web	18.70% <72.09%> (+0.01%)	⬆️
notifications	88.00% <95.65%> (-1.21%)	⬇️
provider-proxy	82.10% <ø> (ø)		Carriedforward from 04a55a9

*This pull request uses carry forward flags. Click here to find out more.

Files with missing lines	Coverage Δ
...i/src/core/services/feature-flags/feature-flags.ts	100.00% <ø> (ø)
...nt/controllers/deployment/deployment.controller.ts	100.00% <100.00%> (ø)
.../api/src/notifications/routes/proxy/proxy.route.ts	95.55% <100.00%> (ø)
...ps/deploy-web/src/components/alerts/AlertsPage.tsx	0.00% <ø> (ø)
...erfaces/rest/interceptors/auth/auth.interceptor.ts	90.47% <100.00%> (+1.00%)	⬆️
...vices/deployment-alert/deployment-alert.service.ts	100.00% <100.00%> (ø)
...ication-channel/notification-channel.repository.ts	98.03% <ø> (ø)
...dules/alert/repositories/alert/alert.repository.ts	80.43% <93.33%> (-17.16%)	⬇️
...omponents/alerts/AlertsListView/AlertsListView.tsx	84.78% <84.00%> (-4.70%)	⬇️
...alerts/AlertsListContainer/AlertsListContainer.tsx	76.00% <55.55%> (-21.30%)	⬇️

... and 49 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

apps/deploy-web/src/components/alerts/AlertsListContainer/AlertsListContainer.tsx (1)

81-106: Well-implemented toggle functionality!

The toggle function properly manages loading state, provides user feedback, and handles errors. Good consistency with the remove function's pattern.

Consider adding data test IDs to the success and error notifications for better testability:

-        notificator.success(`Alert ${enabled ? "enabled" : "disabled"}`);
+        notificator.success(`Alert ${enabled ? "enabled" : "disabled"}`, {
+          dataTestId: `alert-toggle-success-notification`
+        });

-        notificator.error("Failed to update alert");
+        notificator.error("Failed to update alert", {
+          dataTestId: "alert-toggle-error-notification"
+        });

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 04a55a9 and a43ca67.

📒 Files selected for processing (10)

• apps/api/src/core/services/feature-flags/feature-flags.service.spec.ts (5 hunks)
• apps/api/src/core/services/feature-flags/feature-flags.ts (1 hunks)
• apps/api/src/deployment/controllers/deployment/deployment.controller.ts (1 hunks)
• apps/api/src/notifications/routes/proxy/proxy.route.ts (1 hunks)
• apps/deploy-web/src/components/alerts/AlertsListContainer/AlertsListContainer.tsx (4 hunks)
• apps/deploy-web/src/components/alerts/AlertsListView/AlertsListView.spec.tsx (5 hunks)
• apps/deploy-web/src/components/alerts/AlertsListView/AlertsListView.tsx (4 hunks)
• apps/deploy-web/src/components/alerts/AlertsPage.tsx (1 hunks)
• apps/notifications/src/interfaces/rest/interceptors/auth/auth.interceptor.ts (1 hunks)
• apps/notifications/src/modules/alert/repositories/alert/alert.repository.ts (4 hunks)

🧰 Additional context used

🧠 Learnings (1)

apps/api/src/deployment/controllers/deployment/deployment.controller.ts (1)

Learnt from: baktun14
PR: akash-network/console#1428
File: apps/api/src/deployment/controllers/deployment/deployment.controller.ts:0-0
Timestamp: 2025-06-03T15:06:34.211Z
Learning: The `getByOwnerAndDseq` method in `apps/api/src/deployment/controllers/deployment/deployment.controller.ts` is intentionally public without the `@Protected` decorator because it serves public blockchain data from an indexer, following the pattern of public blockchain APIs.

⏰ Context from checks skipped due to timeout of 90000ms (5)

• GitHub Check: validate-api
• GitHub Check: test-api-build
• GitHub Check: validate-notifications
• GitHub Check: validate-deploy-web
• GitHub Check: test-deploy-web-build

🔇 Additional comments (20)

apps/api/src/deployment/controllers/deployment/deployment.controller.ts (1)

128-132: LGTM - Excellent defensive programming improvement.

The explicit error handling ensures a proper 404 HTTP response when a deployment doesn't exist, preventing undefined/null returns. This follows the consistent error handling pattern used throughout the codebase with assert.

apps/deploy-web/src/components/alerts/AlertsPage.tsx (1)

12-13: LGTM - Clear UI text improvement.

The change from "Alerts" to "Configured Alerts" provides better clarity and aligns with the refined alert management capabilities introduced in this PR.

apps/notifications/src/interfaces/rest/interceptors/auth/auth.interceptor.ts (1)

27-28: LGTM - Excellent security improvement with granular permissions.

The change from broad "manage" rights to specific "read" all fields and "update" only the "enabled" field implements the principle of least privilege. This aligns perfectly with the new toggle functionality while preventing unauthorized modifications to other alert properties.

apps/api/src/notifications/routes/proxy/proxy.route.ts (2)

69-69: LGTM - Good feature flag granularity for alert creation.

Splitting to NOTIFICATIONS_ALERT_CREATE provides more granular control and allows independent rollout of create functionality.

---

72-72: LGTM - Good feature flag granularity for alert updates.

Using NOTIFICATIONS_ALERT_UPDATE for PATCH operations complements the granular authorization changes and allows independent control of update functionality.

apps/api/src/core/services/feature-flags/feature-flags.service.spec.ts (3)

34-34: LGTM - Test updated for new feature flag structure.

Correctly updated to use NOTIFICATIONS_ALERT_CREATE instead of the deprecated combined flag.

---

61-61: LGTM - Good typo fix and test update.

Fixed the typo from "environement" to "environment" while updating the test for the new feature flag structure.

---

84-84: LGTM - Consistent test updates for new feature flag.

All test cases have been properly updated to use NOTIFICATIONS_ALERT_CREATE, maintaining test coverage for the refactored feature flag structure.

Also applies to: 86-86, 107-107, 119-119

apps/api/src/core/services/feature-flags/feature-flags.ts (1)

1-4: Good refactor for granular permission control!

Splitting the combined mutation flag into separate CREATE and UPDATE flags follows the principle of least privilege and allows for more fine-grained access control.

apps/notifications/src/modules/alert/repositories/alert/alert.repository.ts (3)

1-8: Well-structured imports for field-level authorization!

The CASL imports and lodash utility are appropriate for implementing granular permission checks on field updates.

Also applies to: 73-73

---

84-88: Good addition for preserving ability context!

Storing the ability parameters enables field-level permission checks in the update operations.

---

103-113: Robust field-level authorization implementation!

The permission check correctly validates that only permitted fields are being updated. The error message clearly indicates which fields are unauthorized.

Consider whether skipping the check when abilityParams is undefined is intentional. If this method should always require authorization, you might want to throw an error when abilityParams is not set.

apps/deploy-web/src/components/alerts/AlertsListView/AlertsListView.spec.tsx (2)

41-46: Test updates correctly reflect the new checkbox functionality!

The tests properly verify both checked and unchecked states of the alert enable/disable checkbox.

Also applies to: 64-68

---

108-122: Well-implemented mock for feature flag testing!

The mock useFlag implementation and dependency injection pattern provide good testability for feature-flag-controlled behavior.

apps/deploy-web/src/components/alerts/AlertsListContainer/AlertsListContainer.tsx (2)

22-24: Good refactor to unify loading state management!

Using a generic loadingIds state that can track multiple async operations (removal, toggling) is a cleaner abstraction than operation-specific states.

Also applies to: 35-35, 45-46

---

51-51: Also applies to: 71-76

apps/deploy-web/src/components/alerts/AlertsListView/AlertsListView.tsx (4)

16-18: Excellent dependency injection pattern for testability!

The DEPENDENCIES constant and optional prop with defaults provide a clean way to inject mocks during testing while keeping production code simple.

Also applies to: 28-28, 39-42

---

45-62: Well-implemented interactive checkbox column!

The checkbox properly handles loading states, user interactions, and visibility is correctly controlled by the feature flag.

Also applies to: 112-114

---

64-72: Good UX improvement for deployment name links!

Conditionally rendering the link only when a dseq parameter exists prevents broken links and improves user experience.

---

82-94: User-friendly alert type labels!

The specific labels ("Threshold", "Deployment Close") are much more intuitive than raw type values.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

apps/deploy-web/src/components/alerts/AlertsListView/AlertsListView.spec.tsx (1)

31-89: Consider adding checkbox interaction test

While the tests verify checkbox rendering and state, consider adding a test that simulates checkbox interaction to ensure onToggle is called with the correct parameters.

Add this test case after the existing tests:

+import { render, screen, fireEvent } from "@testing-library/react";

   it("renders pagination when total is greater than minimum page size", () => {
     // existing test...
   });
+
+  it("calls onToggle when checkbox is clicked", () => {
+    const mockAlert = buildAlert({
+      id: "test-id",
+      enabled: false
+    });
+    const props = setup({ data: [mockAlert] });
+
+    const checkbox = screen.getByRole("checkbox");
+    fireEvent.click(checkbox);
+
+    expect(props.onToggle).toHaveBeenCalledWith("test-id", true);
+  });

apps/deploy-web/src/components/alerts/AlertsListView/AlertsListView.tsx (1)

81-94: Consider safer type checking for params

While the logic is clear, the type checking could be more defensive.

Consider adding explicit type guards for better type safety:

       cell: info => {
         const type = info.getValue();
         const params = info.row.original.params;

         if (type === "DEPLOYMENT_BALANCE") {
           return "Threshold";
-        } else if (type === "CHAIN_MESSAGE" && params && "type" in params && params.type === "DEPLOYMENT_CLOSED") {
+        } else if (
+          type === "CHAIN_MESSAGE" && 
+          params && 
+          typeof params === "object" &&
+          "type" in params && 
+          params.type === "DEPLOYMENT_CLOSED"
+        ) {
           return "Deployment Close";
         }

         return startCase(type.toLowerCase());
       }

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a43ca67 and aef58d9.

📒 Files selected for processing (15)

• apps/api/src/core/services/feature-flags/feature-flags.service.spec.ts (5 hunks)
• apps/api/src/core/services/feature-flags/feature-flags.ts (1 hunks)
• apps/api/src/deployment/controllers/deployment/deployment.controller.ts (1 hunks)
• apps/api/src/notifications/routes/proxy/proxy.route.ts (1 hunks)
• apps/deploy-web/src/components/alerts/AlertsListContainer/AlertsListContainer.tsx (4 hunks)
• apps/deploy-web/src/components/alerts/AlertsListView/AlertsListView.spec.tsx (5 hunks)
• apps/deploy-web/src/components/alerts/AlertsListView/AlertsListView.tsx (4 hunks)
• apps/deploy-web/src/components/alerts/AlertsPage.tsx (1 hunks)
• apps/notifications/src/interfaces/rest/interceptors/auth/auth.interceptor.ts (1 hunks)
• apps/notifications/src/modules/alert/alert.module.ts (2 hunks)
• apps/notifications/src/modules/alert/repositories/alert/alert.repository.ts (4 hunks)
• apps/notifications/src/modules/alert/repositories/alert/deployment-alert.repository.ts (1 hunks)
• apps/notifications/src/modules/alert/services/deployment-alert/deployment-alert.service.spec.ts (2 hunks)
• apps/notifications/src/modules/alert/services/deployment-alert/deployment-alert.service.ts (2 hunks)
• apps/notifications/test/functional/alert-crud.spec.ts (2 hunks)

✅ Files skipped from review due to trivial changes (1)

• apps/notifications/src/modules/alert/alert.module.ts

🚧 Files skipped from review as they are similar to previous changes (6)

• apps/deploy-web/src/components/alerts/AlertsPage.tsx
• apps/api/src/notifications/routes/proxy/proxy.route.ts
• apps/api/src/core/services/feature-flags/feature-flags.service.spec.ts
• apps/api/src/core/services/feature-flags/feature-flags.ts
• apps/api/src/deployment/controllers/deployment/deployment.controller.ts
• apps/deploy-web/src/components/alerts/AlertsListContainer/AlertsListContainer.tsx

⏰ Context from checks skipped due to timeout of 90000ms (5)

• GitHub Check: validate-deploy-web
• GitHub Check: test-deploy-web-build
• GitHub Check: validate-notifications
• GitHub Check: validate-api
• GitHub Check: test-api-build

🔇 Additional comments (24)

apps/notifications/src/interfaces/rest/interceptors/auth/auth.interceptor.ts (1)

27-29: LGTM: Enhanced security with granular permissions.

The authorization refinement from blanket "manage" permissions to specific actions is a security improvement. The restricted "update" permission on only the "enabled" field aligns well with the UI toggle functionality mentioned in the summary.

Please ensure that all existing alert operations across the application are compatible with these refined permissions, particularly any code that previously relied on the broader "manage" permission.

#!/bin/bash
# Description: Verify that all alert operations use the correct permissions
# Expected: All alert operations should use read/delete/update permissions appropriately

# Search for alert repository usage to verify permission usage
rg -A 5 -B 5 "accessibleBy.*Alert" --type ts

apps/notifications/src/modules/alert/services/deployment-alert/deployment-alert.service.spec.ts (2)

10-10: LGTM: Consistent test updates for specialized repository.

The test file is correctly updated to use the new DeploymentAlertRepository instead of the generic AlertRepository.

---

199-201: LGTM: Test setup properly updated.

The test module configuration and setup are correctly updated to use the specialized repository, maintaining consistency with the service implementation changes.

apps/notifications/src/modules/alert/services/deployment-alert/deployment-alert.service.ts (2)

7-8: LGTM: Imports updated for specialized repository.

The import statements are correctly updated to use the specialized DeploymentAlertRepository instead of the generic AlertRepository.

---

72-72: LGTM: Constructor dependency updated.

The constructor parameter type is correctly updated to use the specialized repository, maintaining consistency with the import changes.

apps/notifications/src/modules/alert/repositories/alert/deployment-alert.repository.ts (1)

1-11: LGTM: Clean specialization of repository for deployment alerts.

The DeploymentAlertRepository correctly extends the base AlertRepository and overrides the accessibleBy method to use "DeploymentAlert" as the authorization subject. This enables separate authorization rules for deployment alerts while inheriting all the base functionality.

The implementation is appropriately simple and focused on its specific purpose.

apps/notifications/test/functional/alert-crud.spec.ts (2)

15-15: LGTM: Import added for direct repository access.

The AlertRepository import is correctly added to support the new prepareAlert function that bypasses HTTP API creation.

---

36-45: LGTM: Clean implementation of repository-based alert creation.

The prepareAlert function provides a clean workaround for creating alerts directly via repository when API creation is not permitted. The implementation correctly uses the repository to create an alert with the necessary test data.

apps/deploy-web/src/components/alerts/AlertsListView/AlertsListView.spec.tsx (5)

8-9: Import updates are correct

The type import changes properly reflect the renamed interface and the addition of useFlag type is necessary for type-safe mocking.

---

41-41: Test assertion correctly reflects UI changes

The test now properly checks for the displayed "Threshold" text instead of the raw alert type, matching the component's updated rendering logic.

---

44-46: Checkbox assertions properly test the new toggle functionality

The tests correctly validate the checkbox element and its checked state, using accessible role-based queries which is a testing best practice.

Also applies to: 64-66

---

68-68: Assertion matches the simplified DSEQ column display

The test correctly expects "N/A" for alerts without DSEQ parameters.

---

91-127: Setup function properly reflects component changes

The updated setup function correctly:

• Uses the new Props interface with onToggle and loadingIds
• Implements a comprehensive mock for the useFlag hook
• Uses dependency injection pattern for better testability

apps/deploy-web/src/components/alerts/AlertsListView/AlertsListView.tsx (6)

4-4: Well-structured dependency injection pattern

The imports and DEPENDENCIES constant properly implement dependency injection, improving testability.

Also applies to: 10-10, 16-19

---

20-29: Props interface properly updated for new functionality

The interface changes correctly support the toggle feature with appropriate typing for all new properties.

---

45-62: Checkbox column implementation is robust

The enabled column properly:

• Handles loading states to prevent race conditions
• Includes accessibility label
• Correctly converts checked value to boolean

---

64-73: Nice UX improvement for deployment links

The conditional link rendering provides better navigation when DSEQ is available.

---

112-114: Feature flag properly controls column visibility

The enabled column is correctly hidden when the update feature is disabled.

---

160-160: Table styling improvements enhance consistency

The fixed heights and padding provide a more polished table appearance.

Also applies to: 170-170

apps/notifications/src/modules/alert/repositories/alert/alert.repository.ts (5)

1-2: Imports correctly support field-level authorization

All new imports are necessary for the authorization implementation, including the corrected value import for AnyAbility.

Also applies to: 4-4, 8-8

---

19-19: Type and property additions support authorization state

The AbilityParamsWithSubject type and abilityParams property properly maintain the authorization context.

Also applies to: 74-75

---

82-82: Authorization setup properly handles subject context

The methods correctly propagate the subject through the authorization chain, enabling granular permission control.

Also applies to: 85-89

---

78-78: Protected visibility enables proper inheritance

Making db protected correctly supports repository inheritance patterns.

---

105-114: Verify the default field permission behavior

The field-level authorization check is well-implemented. However, the fallback to all Alert fields when rule.fields is undefined could be overly permissive.

#!/bin/bash
# Description: Check how field permissions are defined in the auth interceptor

# Search for Alert permission definitions to understand field specifications
rg -A 10 "subject.*Alert|can.*Alert" --type ts

# Look for ability rule definitions that might specify fields
ast-grep --pattern 'can($_, "Alert", { fields: [$$$] })'