[WEB-2467] fix: platform bug

[anmolsinghbhatia]

Changes:

This PR includes following changes:

• Updated permissions for the reaction endpoint.
• Adjusted permissions for editing project labels.
• Improved the guest role upgrade flow.
• Added validation for drag-and-drop in list layout.
• Updated toast notifications for modules and cycles.
• Fixed the redirection issue when leaving a project.

Reference:

[WEB-2467]

Summary by CodeRabbit

• New Features

  • Enhanced error messaging for permission issues in various components, providing clearer communication to users.
  • Introduced new properties (isEditable) to components, allowing for conditional rendering based on editability.

• Improvements

  • Updated logic for permission checks in the cycle deletion and project settings, improving user experience and control flow.
  • Streamlined navigation actions in project-related components for faster user feedback.

• Bug Fixes

  • Clarified role management logic to better differentiate between project and workspace permissions.

[coderabbitai]

Walkthrough

The changes in this pull request primarily focus on enhancing permission handling across various components in the application. Modifications include the standardization of the @allow_permission decorator usage, updates to error messages related to permission checks, and the introduction of new props to support editable states in components. Additionally, control flow adjustments were made to improve user experience during project-related actions, ensuring that permission validations are more intuitive and consistent.

Changes

File Path	Change Summary
apiserver/plane/app/views/issue/reaction.py	Updated @allow_permission decorator to use a list for roles in create and destroy methods.
web/core/components/cycles/delete-modal.tsx	Changed permission error message to a more generalized format.
web/core/components/issues/issue-layouts/list/list-group.tsx	Added useParams hook to access projectId for drag-and-drop permissions.
web/core/components/issues/issue-layouts/list/roots/project-root.tsx	Introduced canEditPropertiesBasedOnProject function for project-level permission checks.
web/core/components/labels/project-setting-label-group.tsx	Added optional isEditable prop to control editable state of the component.
web/core/components/labels/project-setting-label-list.tsx	Introduced isEditable prop to enhance label components' flexibility.
web/core/components/modules/delete-module-modal.tsx	Updated permission error message to a more generalized format.
web/core/components/project/leave-project-modal.tsx	Changed control flow to redirect user immediately after confirming leave action.
web/core/components/project/member-list-item.tsx	Streamlined navigation for users leaving a project by redirecting immediately upon confirmation.
web/core/components/project/settings/member-columns.tsx	Enhanced role management logic with clearer variable names and checks for workspace membership.
web/core/components/workspace/settings/member-columns.tsx	Removed unnecessary console.log statement from the onChange handler.

Possibly related PRs

• [WEB-2391] fix: join project permission mutation #5580: Modifies permission handling for the create and destroy methods in the IssueReactionViewSet, similar to changes in the IssueReaction view class.
• [WEB-2460] fix: role permission validation #5615: Implements updates to permission validation across various functionalities, aligning with the focus on enhancing permission handling in the IssueReaction view class.

🐰 "In the code where permissions play,
Changes hop in a grand ballet.
With roles now listed in a neat array,
Users can edit, or simply sway.
Errors are clear, no more dismay,
A brighter path for all today!" 🐇

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  -- I pushed a fix in commit <commit_id>, please review it.
  -- Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  -- @coderabbitai generate unit testing code for this file.
  -- @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  -- @coderabbitai generate interesting stats about this repository and render them as a table.
  -- @coderabbitai read src/utils.ts and generate unit testing code.
  -- @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  -- @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 69b4f15 and ca457d5.

Files selected for processing (11)

• apiserver/plane/app/views/issue/reaction.py (2 hunks)
• web/core/components/cycles/delete-modal.tsx (1 hunks)
• web/core/components/issues/issue-layouts/list/list-group.tsx (3 hunks)
• web/core/components/issues/issue-layouts/list/roots/project-root.tsx (1 hunks)
• web/core/components/labels/project-setting-label-group.tsx (2 hunks)
• web/core/components/labels/project-setting-label-list.tsx (2 hunks)
• web/core/components/modules/delete-module-modal.tsx (1 hunks)
• web/core/components/project/leave-project-modal.tsx (1 hunks)
• web/core/components/project/member-list-item.tsx (1 hunks)
• web/core/components/project/settings/member-columns.tsx (1 hunks)
• web/core/components/workspace/settings/member-columns.tsx (0 hunks)

Files not reviewed due to no reviewable changes (1)

• web/core/components/workspace/settings/member-columns.tsx

Files skipped from review due to trivial changes (1)

• apiserver/plane/app/views/issue/reaction.py

Additional comments not posted (15)

web/core/components/issues/issue-layouts/list/roots/project-root.tsx (3)

9-10: LGTM!

The imports are relevant and necessary for the permission-based functionality introduced in this file.

---

15-25: LGTM!

The canEditPropertiesBasedOnProject function correctly encapsulates the permission check logic based on the user's role within a specific workspace and project. This function can be reused in other parts of the component to conditionally render features based on user permissions.

---

27-32: LGTM!

Passing the canEditPropertiesBasedOnProject function as a prop to the BaseListRoot component is a good way to share the permission check logic with child components. This allows the child component to use this function to conditionally render features based on user permissions without duplicating the code.

web/core/components/modules/delete-module-modal.tsx (1)

59-59: LGTM!

The updated error message for permission-related issues provides a more generalized and user-friendly message. The logic for identifying permission errors and selecting the appropriate error message remains correct.

web/core/components/cycles/delete-modal.tsx (1)

57-57: LGTM! The updated error message improves user communication.

The change from a specific error message mentioning "admin or owner" to a more generic "You don't have the required permissions" aligns well with the PR objective of enhancing user experience.

While the new message may not provide the same level of detail about the roles required, it still effectively communicates the lack of necessary permissions to the user. This can lead to a clearer understanding of the error context.

web/core/components/project/member-list-item.tsx (1)

41-41: Improved user experience with immediate navigation.

The addition of the immediate navigation action using router.push(/${workspaceSlug}/projects) before calling the leaveProject function enhances the user experience by providing instant feedback and navigation when the user initiates the leave action.

This change ensures that the user is redirected to the project list page as soon as they click the leave button, rather than waiting for the asynchronous leaveProject operation to complete. It streamlines the flow and eliminates potential delays in navigation.

The removal of the subsequent navigation call within the .then() block further optimizes the code by avoiding redundant navigation actions.

web/core/components/labels/project-setting-label-list.tsx (2)

114-114: LGTM!

The addition of the isEditable prop to the ProjectSettingLabelGroup component enhances the flexibility of the label components by enabling conditional rendering or behavior based on the editability state. This change aligns with the PR objective of adjusting permissions for project labels to ensure appropriate access control.

---

127-127: LGTM!

The addition of the isEditable prop to the ProjectSettingLabelItem component enhances the flexibility of the label components by enabling conditional rendering or behavior based on the editability state. This change aligns with the PR objective of adjusting permissions for project labels to ensure appropriate access control.

web/core/components/labels/project-setting-label-group.tsx (2)

28-28: LGTM!

The new optional isEditable property is correctly defined in the Props type. This will allow the component to determine if it should render in an editable state.

---

32-41: Verify the handling of isEditable prop in the child component.

The isEditable property is correctly destructured from props and passed down to the ProjectSettingLabelItem child component. This allows the child component to adjust its behavior based on the editability of the label group.

However, please ensure that the ProjectSettingLabelItem component handles the isEditable prop correctly to avoid any unexpected behavior.

Run the following script to verify the prop usage in ProjectSettingLabelItem:

Also applies to: 136-136

web/core/components/project/settings/member-columns.tsx (2)

100-103: LGTM! The changes enhance role management granularity.

The introduction of isProjectAdminOrGuest and isWorkspaceMember variables allows for distinguishing between project-level and workspace-level roles. This granularity potentially improves access control and permission handling in the application.

The isProjectAdminOrGuest variable retains the original check for admin or guest role in the project, while the isWorkspaceMember variable introduces a new check for the member role in the workspace. Retrieving the workspace member role using getWorkspaceMemberDetails and defaulting to guest if not found ensures a fail-safe behavior.

Overall, these changes contribute to more fine-grained role management in the application.

---

104-104: Looks good! The change aligns with the enhanced role management granularity.

The update to the isRoleNonEditable condition incorporates the new isWorkspaceMember check, ensuring that users who are project admins or guests but not workspace members cannot edit their roles. This change aligns with the enhanced role management granularity introduced in the previous code segment.

The previous condition only checked if the user was the current user, but the updated condition adds a new check: if the user is a project admin or guest and not a workspace member, their role is also non-editable.

This change contributes to a more consistent and secure handling of user roles in the application.

web/core/components/issues/issue-layouts/list/list-group.tsx (3)

7-7: LGTM!

The import statement for the useParams hook from next/navigation is valid and correctly added.

---

94-94: LGTM!

The useParams hook is correctly used to extract the projectId from the route parameters. This allows the component to access project-specific data based on the current route.

---

221-222: Excellent work on enhancing the drag-and-drop permissions!

The changes made to the isDragAllowed variable ensure that the drag-and-drop functionality within the list group is properly controlled based on the user's permission to edit properties for the specific project.

By linking the drag-and-drop behavior to the canEditProperties function and the projectId, you have effectively enhanced the access control and security of this feature. Only users with the appropriate permissions will be able to perform drag operations within the list group.

This is a great improvement in terms of granular permission management and preventing unauthorized modifications to the list group.

[coderabbitai]

Improved user experience, but handle failure scenario gracefully.

The change enhances the user experience by providing immediate feedback through navigation to the projects page, indicating that the leave action is being processed.

However, there is a potential risk of inconsistency if the leaveProject function fails after the user is redirected. The user might be on the projects page while still being a member of the project they intended to leave.

Consider handling the failure scenario gracefully:

• Display an error message on the projects page if the leaveProject function fails.
• Provide an option to retry leaving the project.
• Ensure that the user's membership status is accurately reflected on the projects page.

[SatishGandham]

Shouldn't he be taken to the previous page in case of error?