fix: base permission

[zhengquanbin]

Changes

• Base Permission Fix : when change role permission to edit, the role will has record-delete-perm by default

Summary by CodeRabbit

• Documentation
  • Revised default permission guidance: when a table is set to edit, views default to editable; non-editable views must be explicitly restricted.
  • Updated record-operation defaults: delete now defaults to being included with add for tables with edit permission unless explicitly excluded.
  • Adjusted example templates to reflect the new defaulting behavior.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[coderabbitai]

📝 Walkthrough

Walkthrough

Updated role-config documentation: ViewRule.allow_edit now defaults to true when a table's perm = edit (false for read_only or explicit restriction). record_operations now includes delete by default for tables with perm = edit unless explicitly excluded. Examples adjusted accordingly.

Changes

Cohort / File(s)	Summary
Role Configuration Documentation skills/lark-base/references/role-config.md	Revised guidance: ViewRule.allow_edit defaults to true when table perm = edit (otherwise false for read_only or explicit restriction). record_operations default strategy changed to include delete when perm = edit, with exclusion only when explicitly restricted. Updated Situation A/B/C JSON examples to reflect new defaults.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested reviewers

• kongenpei
• zhouyue-bytedance

Poem

🐰 I nibble docs by lantern light,
I tweak the rules to make them right.
Edit flips on where edits belong,
Delete tags along when perms are strong.
Hop—defaults tidy, quick, and bright. 🥕✨

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description is incomplete and missing several required sections from the template: Summary, Test Plan details, and Related Issues information.	Complete the description by adding the Summary section, detailed Test Plan with specific verification steps, and clarify Related Issues section.
Title check	❓ Inconclusive	The title 'fix: base permission' is vague and generic, lacking specificity about what permission issue was fixed or in which context.	Clarify the title to be more specific, e.g., 'fix: enable record-delete permission by default for edit role' or similar.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix-base-perm-view

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@skills/lark-base/references/role-config.md`:
- Line 478: The docs contradict on the default for the allow_edit field; update
the fields table entry for allow_edit to be conditional to match the
permission-check text: state that when perm == "edit" allow_edit defaults to
true (but still requires the visibility field when true), otherwise allow_edit
defaults to false unless explicitly set; ensure the wording references the same
terms used elsewhere ("allow_edit", "perm", "visibility") so implementers
construct JSON consistently with the permission flow described.
- Line 418: The table row claiming `record_operations` 中的 `delete` is "包含（perm =
edit 时）" is misplaced under the "默认关闭项" subsection; either move that row to the
"记录操作默认策略" subsection (or an appropriate "默认开启项" area) or rename the subsection
from "默认关闭项" to reflect that it includes default-enabled operations; update the
table placement or subsection title so `record_operations`, `delete` (`perm =
edit`) appears under a section that accurately indicates it is a
default-included operation.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 5caf6731-bdd1-41ba-8c4e-67232f70aa16

📥 Commits

Reviewing files that changed from the base of the PR and between 663c24a and adfd101.

📒 Files selected for processing (1)

• skills/lark-base/references/role-config.md

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 60.19%. Comparing base (9acd121) to head (dc45628).
⚠️ Report is 3 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #530   +/-   ##
=======================================
  Coverage   60.19%   60.19%           
=======================================
  Files         390      390           
  Lines       33433    33433           
=======================================
  Hits        20125    20125           
  Misses      11426    11426           
  Partials     1882     1882           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

🚀 PR Preview Install Guide

🧰 CLI update

npm i -g https://pkg.pr.new/larksuite/cli/@larksuite/cli@dc45628b244a99532ae6f2a8ca4e890a750a9f08

🧩 Skill update

npx skills add larksuite/cli#fix-base-perm-view -y -g

[coderabbitai]

♻️ Duplicate comments (1)

skills/lark-base/references/role-config.md (1)

486-486: ⚠️ Potential issue | 🟡 Minor

Line 486 建议显式写出 perm = read_only 时 allow_edit = false，避免跨段阅读歧义。

虽然前文已说明，但此处“仅用户明确限制才设为 false”容易被单段读取为唯一条件，建议与 Line 196/Line 216 对齐写全。

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@skills/lark-base/references/role-config.md` at line 486, Clarify the rule for
allow_edit by explicitly stating that when perm = read_only, allow_edit must be
set to false; update the sentence around `allow_edit` (and the example
referencing "视图权限 情况 A") to mirror the explicit wording used at Line 196/216 so
readers see both the default-for-edit case and the explicit read_only case, and
note that when allow_edit is true the `visibility` field is still required.

🧹 Nitpick comments (1)

skills/lark-base/references/role-config.md (1)

447-447: Line 447 的“仅适用于”表述过于绝对，建议补齐 read_only/no_perm 例外。

当前句子与 Line 452 的约束组合后存在语义冲突：perm = read_only（以及 no_perm）时 delete 也不会包含，不是仅“用户明确限制”这一种情况。

✏️ 建议文案

-- 用户未提及时，表权限为 `edit` 时默认同时包含 `add` 和 `delete`，默认不包含 `delete` 的情况仅适用于用户明确限制操作的场景
+- 用户未提及时，表权限为 `edit` 时默认同时包含 `add` 和 `delete`；当用户明确限制操作，或表权限非 `edit`（如 `read_only` / `no_perm`）时，不包含 `delete`

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@skills/lark-base/references/role-config.md` at line 447, Update the sentence
"用户未提及时，表权限为 `edit` 时默认同时包含 `add` 和 `delete`，默认不包含 `delete` 的情况仅适用于用户明确限制操作的场景"
to clarify exceptions for `read_only` and `no_perm` so it doesn't conflict with
the constraint described later (the rule at Line 452); explicitly state that
when perm is `read_only` or `no_perm` `delete` is not included regardless of
user omission, and keep the `edit` default behavior for cases that are not those
exceptions.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@skills/lark-base/references/role-config.md`:
- Line 486: Clarify the rule for allow_edit by explicitly stating that when perm
= read_only, allow_edit must be set to false; update the sentence around
`allow_edit` (and the example referencing "视图权限 情况 A") to mirror the explicit
wording used at Line 196/216 so readers see both the default-for-edit case and
the explicit read_only case, and note that when allow_edit is true the
`visibility` field is still required.

---

Nitpick comments:
In `@skills/lark-base/references/role-config.md`:
- Line 447: Update the sentence "用户未提及时，表权限为 `edit` 时默认同时包含 `add` 和
`delete`，默认不包含 `delete` 的情况仅适用于用户明确限制操作的场景" to clarify exceptions for
`read_only` and `no_perm` so it doesn't conflict with the constraint described
later (the rule at Line 452); explicitly state that when perm is `read_only` or
`no_perm` `delete` is not included regardless of user omission, and keep the
`edit` default behavior for cases that are not those exceptions.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: ca3068b8-a99a-4103-81b3-a5d167f50e21

📥 Commits

Reviewing files that changed from the base of the PR and between adfd101 and f96bbea.

📒 Files selected for processing (1)

• skills/lark-base/references/role-config.md

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

skills/lark-base/references/role-config.md (1)

419-427: 新增章节未加入目录，文档导航会断层。

已新增“默认开启项（条件性）”，但目录区（Line 20-Line 26）没有对应条目，建议补一行目录锚点。

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@skills/lark-base/references/role-config.md` around lines 419 - 427, The new
section titled "默认开启项（条件性）" was added but not referenced in the document's table
of contents, causing a navigation gap; add a TOC entry/anchor in the existing目录区
that links to the header "默认开启项（条件性）" (matching the exact header text) so
readers can navigate to this section, ensuring the anchor format matches the
rest of the TOC entries.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@skills/lark-base/references/role-config.md`:
- Line 486: Add an explicit rule that when perm == read_only the allow_edit
field must be false: update the logic/validation around allow_edit (used when
perm == edit vs perm == read_only) so that for perm = edit allow_edit defaults
to true and still requires visibility, and for perm = read_only ensure
allow_edit is explicitly set/validated to false (reference the allow_edit, perm,
read_only, edit and visibility fields/conditions and the "视图权限 情况 A" semantics
when making the change).
- Around line 226-230: The example in the view_rule block incorrectly hardcodes
"allow_edit": true which conflicts with the documented A/B decision rule; update
the example/template so that view_rule.allow_edit is determined by the A/B rule
(e.g., show two variants or a placeholder) rather than a fixed true value, and
clarify in the surrounding text that allow_edit follows the A/B logic
(respecting perm = read_only and user-imposed restrictions); reference the
view_rule, allow_edit and visibility keys when making this change so the example
matches the described behavior.

---

Nitpick comments:
In `@skills/lark-base/references/role-config.md`:
- Around line 419-427: The new section titled "默认开启项（条件性）" was added but not
referenced in the document's table of contents, causing a navigation gap; add a
TOC entry/anchor in the existing目录区 that links to the header "默认开启项（条件性）"
(matching the exact header text) so readers can navigate to this section,
ensuring the anchor format matches the rest of the TOC entries.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 46e63820-5574-42d2-8600-974531b6d6f4

📥 Commits

Reviewing files that changed from the base of the PR and between f96bbea and dc45628.

📒 Files selected for processing (1)

• skills/lark-base/references/role-config.md