[WEB-2606] fix: project members shouldn't be able to change others roles#5780
[WEB-2606] fix: project members shouldn't be able to change others roles#5780sharma01ketan wants to merge 18 commits intopreviewfrom
Conversation
* fix: drag handle scrolling fixed * fix: closest scrollable parent found and scrolled * fix: removed overflow auto from framerenderer * fix: make dragging dynamic and smoother
* Updated layout names * Corrected character casing for titles
* fix: custom theme mutation logic * chore: update querySelector element
* fix: workspace draft issues * chore: changed the timezone key * chore: migration changes
* feat: export page as pdf and markdown * chore: add image conversion logic
* chore: cycle sidebar refactor * chore: code splitting * chore: code refactor * chore: code refactor
* fix: remove validation of roles from the live server * chore: remove the service * fix: remove all validation of authorization * fix: props updated
…5770) * move mark all as read to header and remove it from dropdown * made recommended changes
…erview and issue detail page. (#5760)
* fix: create cycle function * chore: draft and cycle version changes --------- Co-authored-by: NarayanBavisetti <narayan3119@gmail.com>
…oject member's roles
WalkthroughThe changes in this pull request focus on the Changes
Possibly related PRs
Suggested reviewers
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
There was a problem hiding this comment.
Actionable comments posted: 1
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
📒 Files selected for processing (1)
- web/core/components/project/settings/member-columns.tsx (2 hunks)
🧰 Additional context used
🔇 Additional comments (2)
web/core/components/project/settings/member-columns.tsx (2)
93-93: Addition ofgetProjectMemberDetailsis appropriateThe inclusion of
getProjectMemberDetailsfrom theuseMemberhook is necessary for fetching project member details and implementing the updated role management logic.
105-106: UpdatedisRoleNonEditablelogic correctly prevents Project Members from editing others' rolesThe inclusion of
isCurrentUserProjectMemberin theisRoleNonEditablecondition ensures that Project Members cannot edit the roles of other members, effectively addressing the bug described in the PR objectives.
| Number(getWorkspaceMemberDetails(rowData.member.id)?.role) ?? EUserPermissions.GUEST | ||
| ); | ||
| const isRoleNonEditable = isCurrentUser || (isProjectAdminOrGuest && !isWorkspaceMember); | ||
| const isCurrentUserProjectMember = getProjectMemberDetails(currentUser?.id ?? "")?.role == EUserPermissions.MEMBER; |
There was a problem hiding this comment.
Handle potential undefined currentUser when fetching member details
In the line:
const isCurrentUserProjectMember = getProjectMemberDetails(currentUser?.id ?? "")?.role == EUserPermissions.MEMBER;If currentUser is undefined, currentUser?.id will be undefined, and the nullish coalescing operator ?? will result in an empty string "". Passing an empty string to getProjectMemberDetails may not return the expected member details and could potentially cause issues. Consider adding a null check for currentUser before calling getProjectMemberDetails.
Apply this diff to add a null check:
- const isCurrentUserProjectMember = getProjectMemberDetails(currentUser?.id ?? "")?.role == EUserPermissions.MEMBER;
+ const isCurrentUserProjectMember = currentUser && getProjectMemberDetails(currentUser.id)?.role === EUserPermissions.MEMBER;45880b3 to
d97ca68
Compare
[WEB-2606]
This PR aims to fix the bug where a Project Member is able to edit the details in the frontend of other Project Members in the Project Settings
Previous State:
Screen.Recording.2024-10-09.at.4.18.21.PM.mov
Current State:
No Dropdown appears on other Project Members name.
Summary by CodeRabbit
New Features
Bug Fixes