[WEB-2189] fix: issue peek overview and issue detail unauthorised delete action

[anmolsinghbhatia]

Changes:

This PR resolves an issue with unauthorized delete actions in PeekOverview and Issue Details. Previously, when an unauthorized user attempted to delete an issue, sub-issue, or relation from PeekOverview or Issue detail pages, they would receive two conflicting toast alerts—one indicating success and the other an error. I have made the necessary changes to ensure the correct toast alert is displayed, accurately reflecting the outcome of the action.

Reference:

[WEB-2189]

Media:

Before	After

Summary by CodeRabbit

• New Features

  • Improved asynchronous handling for issue removal processes, enhancing reliability and control flow.
  • Introduced new user permission checks in the issue deletion modal to ensure authorized actions.
  • Added functionality to determine if the user is the creator of the issue being deleted.

• Bug Fixes

  • Adjusted event capturing mechanisms to ensure they only occur after successful issue removals, potentially enhancing error tracking.

[coderabbitai]

Walkthrough

The recent changes enhance the asynchronous handling of issue deletion across multiple components, improving control flow and user experience. By restructuring promise chains, these adjustments ensure that subsequent actions—such as event capturing and state updates—occur only after successful deletions. This approach increases code reliability, readability, and maintainability, while also implementing user permission checks to prevent unauthorized actions.

Changes

Files	Change Summary
web/core/components/issues/issue-detail-widgets/relations/helper.tsx web/core/components/issues/issue-detail-widgets/sub-issues/helper.tsx	Improved control flow in remove and deleteSubIssue operations with promise chains to ensure event capturing and state updates happen only after successful removals.
web/core/components/issues/issue-detail/issue-detail-quick-actions.tsx	Restructured handleDeleteIssue to ensure navigation and event capturing occur only after the successful removal of issues, enhancing reliability.
web/core/components/issues/peek-overview/root.tsx	Introduced removeRoutePeekId to clear state post-issue removal and adopted a promise-based approach for reliable event tracking.
web/core/components/issues/peek-overview/view.tsx	Changed onSubmit from a promise chain to an async function, omitting the call to removeRoutePeekId, which may affect the UI's response following an issue deletion.
web/core/components/issues/delete-issue-modal.tsx	Incorporated user permission checks for issue deletion, ensuring only authorized users can proceed, while providing immediate feedback through notifications.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant IssueOperations
    participant EventCapture
    participant StateManagement
    participant PermissionCheck

    User->>IssueOperations: Request to remove issue
    PermissionCheck->>User: Check permissions
    alt Authorized
        IssueOperations-->>User: Remove issue
        IssueOperations->>EventCapture: Capture removal event
        EventCapture-->>IssueOperations: Event captured
        IssueOperations->>StateManagement: Update state
        StateManagement-->>IssueOperations: State updated
    else Unauthorized
        PermissionCheck-->>User: Notify permission error
    end

Loading

Poem

🐰 In the meadow where data hops,
Changes made, no more flops!
Promises now flow like streams,
Events captured, fulfilling dreams.
State resets with a happy cheer,
A smoother journey, never fear! 🌼

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between f54e1b9 and ac02756.

Files selected for processing (5)

• web/core/components/issues/issue-detail-widgets/relations/helper.tsx (1 hunks)
• web/core/components/issues/issue-detail-widgets/sub-issues/helper.tsx (1 hunks)
• web/core/components/issues/issue-detail/issue-detail-quick-actions.tsx (1 hunks)
• web/core/components/issues/peek-overview/root.tsx (3 hunks)
• web/core/components/issues/peek-overview/view.tsx (1 hunks)

Additional context used

Biome

web/core/components/issues/peek-overview/root.tsx

[error] 50-50: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

Additional comments not posted (4)

web/core/components/issues/issue-detail-widgets/relations/helper.tsx (1)

73-78: LGTM! Verify the function usage in the codebase.

The restructuring of the remove function to use a promise chain improves the control flow and readability. Ensure that all usages of remove in the codebase are correctly handling the promise.

Verification successful

---

Promise Handling Verified for issueOperations.remove

The usages of issueOperations.remove in the codebase correctly handle the promise with await, ensuring proper asynchronous control flow.

• web/core/components/issues/peek-overview/view.tsx
• web/core/components/issues/issue-detail-widgets/relations/content.tsx

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify all function calls to `remove` match the expected usage pattern.

# Test: Search for the function usage. Expect: Proper handling of the promise chain.
rg --type javascript -A 5 $'remove($_, $_, $_)'

Length of output: 83

---

Script:

#!/bin/bash
# Description: Verify all function calls to `remove` match the expected usage pattern.

# Test: Search for the function usage in the codebase. Expect: Proper handling of the promise chain.
rg -A 5 'remove('

Length of output: 84

---

Script:

#!/bin/bash
# Description: Verify all function calls to `remove` match the expected usage pattern.

# Test: Search for the function usage in the codebase. Expect: Proper handling of the promise chain.
rg -A 5 'remove\('

Length of output: 15848

---

Script:

#!/bin/bash
# Description: Verify specific usage of `issueOperations.remove` for proper promise handling.

# Test: Search for the specific usage of `issueOperations.remove` in the codebase.
rg -A 5 'issueOperations\.remove\('

Length of output: 1122

web/core/components/issues/issue-detail-widgets/sub-issues/helper.tsx (1)

153-159: LGTM! Verify the function usage in the codebase.

The restructuring of the deleteSubIssue function to use a promise chain enhances the control flow and readability. Ensure that all usages of deleteSubIssue in the codebase are correctly handling the promise.

web/core/components/issues/issue-detail/issue-detail-quick-actions.tsx (1)

81-92: LGTM! Verify the function usage in the codebase.

The restructuring of the handleDeleteIssue function to use a promise chain improves the control flow and reliability. Ensure that all usages of handleDeleteIssue in the codebase are correctly handling the promise.

Verification successful

---

Function Usage Verified

The handleDeleteIssue function is used correctly across the codebase, with proper handling of promises in contexts where it is invoked.

• web/core/components/issues/issue-layouts/kanban/base-kanban-root.tsx
• web/core/components/issues/relations/issue-list-item.tsx
• web/core/components/issues/issue-detail/issue-detail-quick-actions.tsx

Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify all function calls to `handleDeleteIssue` match the expected usage pattern.

# Test: Search for the function usage. Expect: Proper handling of the promise chain.
rg --type javascript -A 5 $'handleDeleteIssue($_)'

Length of output: 86

---

Script:

#!/bin/bash
# Corrected script to search for the function usage of `handleDeleteIssue`.

# Search for all occurrences of `handleDeleteIssue` in the codebase.
rg 'handleDeleteIssue' -A 5

Length of output: 3878

web/core/components/issues/peek-overview/view.tsx (1)

134-134: Verify UI behavior after issue removal.

The onSubmit handler for the DeleteIssueModal has been changed to an async function, but it no longer calls removeRoutePeekId() after the issue is removed. Verify that the UI updates correctly after an issue is deleted.

[coderabbitai]

Use optional chaining for safer code.

The line can be simplified using optional chaining to prevent potential runtime errors.

-    if (embedIssue) embedRemoveCurrentNotification && embedRemoveCurrentNotification();
+    if (embedIssue) embedRemoveCurrentNotification?.();

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	if (embedIssue) embedRemoveCurrentNotification && embedRemoveCurrentNotification();
	if (embedIssue) embedRemoveCurrentNotification?.();

Tools

Biome

[error] 50-50: Change to an optional chain.

Unsafe fix: Change to an optional chain.

(lint/complexity/useOptionalChain)

[coderabbitai]

Actionable comments posted: 0

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between ac02756 and 5e0f026.

Files selected for processing (1)

• web/core/components/issues/delete-issue-modal.tsx (4 hunks)

Additional comments not posted (4)

web/core/components/issues/delete-issue-modal.tsx (4)

11-11: Import changes look good.

The addition of useUser enhances the functionality by incorporating user-specific permissions.

---

29-29: State and store hook changes look good.

The use of useUser to retrieve currentUser and canPerformProjectAdminActions is appropriate for managing user permissions.

---

40-41: Authorization logic looks good.

The derived values isIssueCreator and authorized effectively determine user permissions for deleting issues.

---

51-58: Permission check and toast notifications are well-implemented.

The handleIssueDelete function now correctly checks for user authorization and provides appropriate feedback through toast notifications.

[coderabbitai]

Actionable comments posted: 0

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 5e0f026 and 5e992c8.

Files selected for processing (1)

• web/core/components/issues/delete-issue-modal.tsx (4 hunks)

Additional comments not posted (5)

web/core/components/issues/delete-issue-modal.tsx (5)

11-11: Import of useUser hook is appropriate.

The addition of the useUser hook is necessary for implementing user-specific permission checks.

---

29-29: Usage of useUser hook is correct.

The currentUser and canPerformProjectAdminActions properties are correctly used for permission checks.

---

40-41: Derived values for authorization are well-implemented.

The isIssueCreator and authorized variables are correctly calculated to determine user permissions.

---

50-59: Permission check in handleIssueDelete is correctly implemented.

The function correctly checks for user authorization before proceeding with the delete action, displaying an error toast if unauthorized.

---

Line range hint 59-79:
Toast notifications and error handling are well-implemented.

The function provides clear feedback through toast notifications for both success and error scenarios, enhancing user experience.