-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[WEB-2543] chore: workspace inbox guest permission #5695
[WEB-2543] chore: workspace inbox guest permission #5695
Conversation
Caution Review failedThe pull request is closed. WalkthroughThe pull request introduces several modifications to user role access across different components of the application. Specifically, the Changes
Possibly related PRs
Suggested labels
Suggested reviewers
Poem
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 0
🧹 Outside diff range and nitpick comments (2)
web/core/components/issues/peek-overview/view.tsx (1)
148-153
: Approve with suggestion: Simplify the conditional rendering logic.The changes improve the readability of the code by using if-else statements instead of nested ternary operators, which is good. Prioritizing the error state check is also a good practice. However, the logic can be further simplified.
Consider simplifying the logic as follows:
- {isError ? ( + {isError && ( <div className="relative h-screen w-full overflow-hidden"> <IssuePeekOverviewError removeRoutePeekId={removeRoutePeekId} /> </div> - ) : ( - isLoading && <IssuePeekOverviewLoader removeRoutePeekId={removeRoutePeekId} /> - )} + )} + {!isError && isLoading && <IssuePeekOverviewLoader removeRoutePeekId={removeRoutePeekId} />}This change maintains the priority of error state checking while simplifying the overall structure.
apiserver/plane/app/views/notification/base.py (1)
289-289
: LGTM with a performance consideration: Guest role added to allowed roles for marking all notifications as readThis change is consistent with the previous updates and aligns with the PR objectives. It allows guest users to mark all their notifications as read, which is a useful functionality. The method maintains security by filtering notifications based on the authenticated user.
However, it's worth noting that this method performs a bulk update operation. While this is generally efficient, it could potentially impact performance if a user has a very large number of notifications. Consider implementing a limit on the number of notifications that can be marked as read in a single operation, or adding pagination to process notifications in batches for users with a high volume of notifications.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
📒 Files selected for processing (3)
- apiserver/plane/app/views/notification/base.py (5 hunks)
- web/core/components/issues/peek-overview/view.tsx (1 hunks)
- web/core/constants/dashboard.ts (1 hunks)
🔇 Additional comments not posted (6)
web/core/constants/dashboard.ts (1)
328-328
: LGTM! Verify backend permissions and update documentation.The change to include
EUserPermissions.GUEST
in the access array for the "Inbox" item is correct and aligns with the PR objectives. This will allow guest users to see and access the "Inbox" feature in the sidebar.To ensure full functionality, please verify that the backend permissions have been updated to allow guest users to access the inbox. Run the following script to check for any backend permission changes:
Consider updating any relevant documentation or user guides to reflect this new capability for guest users. This will ensure that all stakeholders are aware of the change in guest user permissions.
apiserver/plane/app/views/notification/base.py (5)
44-44
: LGTM: Guest role added to allowed roles for listing notificationsThis change aligns with the PR objective of updating workspace inbox permissions for guest users. It allows guests to list their notifications, which is appropriate for basic functionality. The security seems maintained as the method only retrieves notifications for the authenticated user.
210-210
: LGTM: Guest role added to allowed roles for marking notifications as unreadThis change is consistent with the updates to the
list
method and aligns with the PR objectives. It allows guest users to mark their notifications as unread, which is a reasonable functionality to provide. The method maintains security by checking if the notification belongs to the authenticated user.
222-222
: LGTM: Guest role added to allowed roles for archiving notificationsThis change is consistent with the previous updates and aligns with the PR objectives. It allows guest users to archive their notifications, which is a reasonable functionality to provide. The method maintains security by checking if the notification belongs to the authenticated user.
234-234
: LGTM: Guest role added to allowed roles for unarchiving notificationsThis change is consistent with the previous updates and aligns with the PR objectives. It allows guest users to unarchive their notifications, which complements the archiving functionality. The method maintains security by checking if the notification belongs to the authenticated user.
Line range hint
1-389
: Summary: Comprehensive update of guest permissions for notification handlingThis PR successfully updates the workspace inbox permissions for guest users across various notification-related operations. The changes are consistent and align well with the stated PR objectives. Here's a summary of the updates:
- Guests can now list their notifications
- Guests can mark notifications as unread
- Guests can archive and unarchive notifications
- Guests can mark all their notifications as read
Security is maintained throughout these changes as all methods appropriately filter or check notifications based on the authenticated user. This ensures that guests can only interact with their own notifications.
The only potential concern is the performance of the bulk update operation in the
MarkAllReadNotificationViewSet
, especially for users with a large number of notifications. Consider implementing a limit or pagination for this operation to ensure optimal performance for all users.Overall, these changes provide a more inclusive experience for guest users while maintaining the necessary security measures.
Changes:
This PR updates the workspace inbox permissions for guest users.
Reference:
[WEB-2543]
Summary by CodeRabbit
New Features
Improvements