[WEB-2460] fix: role permission validation

[anmolsinghbhatia]

Changes:

This PR introduces the following permission validation updates:

• Create Label
• Subscribe/Unsubscribe
• Workspace Archive
• Workspace-level Create Issue modal
• CMD+K → Project modal
• User Upgrade flow

Reference:

[WEB-2460]

Summary by CodeRabbit

• New Features

  • Enhanced role-based access control for commenting on issues, allowing guest users to comment under specific conditions.
  • Introduced flexible permission management for issue reactions, accessible by admins, members, and guests.
  • Added permission checks in the command palette, issue labels, subscriptions, and sidebar components to improve user experience and security.
  • Improved role management logic for user permissions in various components.
  • Conditional rendering of UI elements based on user permissions to enhance security and usability.

• Bug Fixes

  • Improved error handling and robustness in the ProjectAuthWrapper component to prevent potential runtime errors.

• Refactor

  • Reorganized import statements for better readability and structure.

[coderabbitai]

Walkthrough

The changes introduced in this pull request enhance role-based access control across various components of the project. Key modifications include the addition of guest role checks for commenting on issues, updates to permission handling for issue reactions, and the integration of user permissions in UI components. These adjustments improve the granularity of access control, ensuring that user interactions are appropriately gated based on defined roles.

Changes

Files	Change Summary
apiserver/plane/app/views/issue/comment.py	Introduced role-based access control for commenting, allowing ROLE.GUEST under specific conditions. Updated create and destroy methods to include guest roles.
apiserver/plane/app/views/issue/reaction.py	Removed ProjectLitePermission and added @allow_permission decorator for create and destroy methods, allowing access for ROLE.ADMIN, ROLE.MEMBER, and ROLE.GUEST.
web/app/[workspaceSlug]/(projects)/settings/layout.tsx	Reorganized import statements for improved readability.
web/core/components/command-palette/command-modal.tsx	Introduced useUserPermissions hook to manage workspace action permissions, affecting command visibility based on user roles.
web/core/components/issues/issue-detail/label/root.tsx	Added user permission checks to conditionally render label creation based on EUserPermissions.ADMIN.
web/core/components/issues/issue-detail/subscription.tsx	Integrated permission checks for managing issue subscriptions, disabling actions for unauthorized users.
web/core/components/project/settings/member-columns.tsx	Updated logic for editable roles, refining conditions under which roles can be modified.
web/core/components/workspace/sidebar/quick-actions.tsx	Added permission checks for creating issues, modifying the disabled state based on user permissions.
web/core/components/workspace/sidebar/workspace-menu.tsx	Introduced permission checks for rendering the CustomMenu based on user roles.
web/core/layouts/auth-layout/project-wrapper.tsx	Enhanced robustness by implementing optional chaining for accessing workspaceSlug and projectId.

Possibly related PRs

• [WEB-2391] fix: join project permission mutation #5580: Enhances management of user project roles, relevant to adjustments in guest access.
• [WEB-2443] fix: project favorite permission validation #5587: Introduces permission checks for the favorite star feature, ensuring guest users cannot access it.
• [WEB-2443] fix: project intake edit permission #5588: Enhances permission handling for project intake, allowing guest users to edit their own issues.
• [WEB-2443] fix: project member validation #5601: Modifies role validation for project members, relevant to role-based access control.
• [WEB-2443] fix: workspace settings access validation updated #5606: Updates access validation for workspace settings, ensuring only authorized users can access certain settings.

Suggested labels

⚙️backend

Poem

🐇 In the meadow of code, changes bloom bright,
With roles for the guests, access feels right.
Permissions now dance, in a structured ballet,
Gating actions with care, keeping chaos at bay.
Hops of joy echo, as features align,
A secure, friendly space, where all can shine! 🌼

---

Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 8adaa71 and a857c9f.

Files selected for processing (1)

• web/core/components/command-palette/command-modal.tsx (6 hunks)

Files skipped from review as they are similar to previous changes (1)

• web/core/components/command-palette/command-modal.tsx

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  -- I pushed a fix in commit <commit_id>, please review it.
  -- Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  -- @coderabbitai generate unit testing code for this file.
  -- @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  -- @coderabbitai generate interesting stats about this repository and render them as a table.
  -- @coderabbitai read src/utils.ts and generate unit testing code.
  -- @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  -- @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.