[WEB-2449] fix: admin is not able to edit issues in notifications peek overview

[sharma01ketan]

[WEB-2449]

Previously: Admin is not able to edit issues in inbox peek overview

Screen.Recording.2024-10-21.at.3.40.07.PM.mov

Now: Admin is allowed to edit

Screen.Recording.2024-10-21.at.3.30.41.PM.mov

Summary by CodeRabbit

• New Features

  • Enhanced permission-checking mechanism for editing capabilities, now considering workspace and project context.

• Bug Fixes

  • Improved logic for determining user edit permissions to ensure accurate access control.

[coderabbitai]

Walkthrough

The pull request modifies the InboxContentRoot component in web/core/components/inbox/content/root.tsx by updating the allowPermissions function call. The function now accepts additional parameters: workspaceSlug and projectId, which enhances the logic for determining user editability based on workspace and project context. The changes focus solely on the permission-checking mechanism, with no other significant alterations to the component's structure, rendering logic, or public API.

Changes

File Path	Change Summary
web/core/components/inbox/content/root.tsx	Updated allowPermissions function call to include workspaceSlug and projectId for user editability checks.

Possibly related PRs

• [WEB-2443] fix: project intake edit permission #5588: Modifies the InboxContentRoot component to enhance user permissions logic for editing inbox issues.
• [WEB-2589] Chore: inbox issue permissions #5763: Updates the InboxIssueViewSet class to tighten permission logic for editing inbox issues.
• [WEB-2622] fix: intake exception error #5810: Improves the robustness of the isEditable variable in the InboxContentRoot component, related to permission checks.

Suggested reviewers

• sriramveeraghanta
• SatishGandham
• rahulramesha

Poem

🐇 In the inbox where permissions play,
A rabbit hops and clears the way.
With workspace and project in sight,
Editable paths shine ever so bright!
Hooray for changes, let’s celebrate,
For user access, we elevate! 🎉

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between b833e3b and 423b8b1.

📒 Files selected for processing (1)

• web/core/components/inbox/content/root.tsx (1 hunks)

🧰 Additional context used

[coderabbitai]

💡 Codebase verification

Inconsistent Usage of allowPermissions Across Codebase

Multiple instances of allowPermissions are still using the old signature without workspaceSlug and projectId parameters. Please update these calls to ensure consistent and secure permission checks.

Examples:

• web/core/components/project-states/group-item.tsx
• web/core/components/workspace/sidebar/workspace-menu.tsx
• web/core/components/workspace/settings/workspace-details.tsx
• (and others as identified by the verification script)

Additionally, address the following TODO:

• apiserver/plane/app/permissions/workspace.py: Move the permission logic to Python.

🔗 Analysis chain

Approve: Enhanced permission check with workspace and project context

The addition of workspaceSlug and projectId parameters to the allowPermissions function call improves the granularity of the permission check. This change aligns with the PR objective of fixing admin editing capabilities in the notifications peek overview.

To ensure consistency and catch potential issues, please run the following verification script:

This script will help identify any inconsistencies in the usage of allowPermissions across the codebase and verify the necessary imports.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the usage of allowPermissions function across the codebase

# Test 1: Check for any remaining calls to allowPermissions without workspaceSlug and projectId
echo "Checking for outdated allowPermissions calls:"
rg "allowPermissions\(\[.*\],\s*EUserPermissionsLevel\.[A-Z]+\s*\)" -g '!*.test.*'

# Test 2: Verify the import of necessary constants
echo "Verifying imports:"
rg "import.*EUserPermissions.*EUserPermissionsLevel.*from.*plane-web/constants/user-permissions" -g '!*.test.*'

# Test 3: Check for any TODO or FIXME comments related to permissions
echo "Checking for TODO/FIXME comments related to permissions:"
rg "TODO|FIXME" -g '!*.test.*' | rg -i "permission"

Length of output: 23263