plane icon indicating copy to clipboard operation
plane copied to clipboard

Published 20 hours ago verified publisher icon makeplane

[WEB-3551] fix: role improvements

Open gakshita opened this issue 8 months ago • 2 comments

Description

This PR implements some role improvements

  1. Project Admin cannot change his own role and the role of workspace admin.
  2. Workspace Admin can change any role in the project including his own to any role.
  3. Members have read only access to project and workspace members page

References

[WEB-3551]

Summary by CodeRabbit

Summary by CodeRabbit

  • New Features

    • Expanded workspace settings access: General and membership options are now available to both administrators and members.
    • Updated sidebar links: Additional settings options are accessible to a broader range of user roles.
    • Enhanced project member actions: Users with guest permissions can now access the members settings.
    • Dynamic timezone handling for date fields in cycle management, adapting to the project's timezone.

  • Refactor

    • Streamlined permission handling: Improved role and authorization checks provide a more nuanced and consistent experience in workspace and project settings.
    • Optimized user role management for clearer control over editable settings.

gakshita avatar Mar 17 '25 12:03 gakshita

Walkthrough

The pull request updates user role permissions for workspace settings. It expands access in the WORKSPACE_SETTINGS object to include both ADMIN and MEMBER roles and introduces a new constant to map setting URLs to their access arrays. Additionally, permission checks in layout rendering and component logic (for member columns and sidebar dropdowns) are revised to use user roles instead of solely enforcing admin privileges.

Changes

File(s) Change Summary
packages/constants/src/workspace.ts Updated WORKSPACE_SETTINGS to allow both ADMIN and MEMBER roles; added WORKSPACE_SETTINGS_ACCESS constant mapping URLs to access arrays.
web/app/[workspaceSlug]/…/layout.tsx Replaced admin check with user role check using userWorkspaceRole; updated permission logic with WORKSPACE_SETTINGS_ACCESS for conditional rendering.
web/core/components/project/settings/member-columns.tsx Revised role editability logic by introducing new admin checks (isCurrentUserWorkspaceAdmin & isCurrentUserProjectAdmin); simplified role filtering in checkCurrentOptionWorkspaceRole.
web/core/components/workspace/sidebar/dropdown-item.tsx Modified conditional rendering to allow both ADMIN and MEMBER roles for settings link while keeping invitation link restricted to admins.
apiserver/plane/app/views/project/member.py Removed get_permissions method; updated partial_update to broaden access to ROLE.MEMBER and ROLE.GUEST, enhancing role validation logic.
apiserver/plane/app/views/workspace/member.py Updated partial_update logic to enforce specific rules for demoting users to guest roles, ensuring they cannot retain other roles.
web/app/[workspaceSlug]/(projects)/projects/(detail)/[projectId]/settings/(with-sidebar)/members/page.tsx Renamed variable for project member actions; introduced isWorkspaceAdmin to broaden access criteria for project member actions.
web/ce/constants/project/settings/tabs.ts Updated PROJECT_SETTINGS to include EUserPermissions.GUEST for access to members settings, expanding permissions.
web/core/store/member/project-member.store.ts Added rootStore property to ProjectMemberStore; modified updateMember method to handle current user role updates more effectively.

Sequence Diagram(s)

sequenceDiagram
    participant User as User
    participant Layout as WorkspaceSettingLayout
    participant AccessMap as WORKSPACE_SETTINGS_ACCESS

    User->>Layout: Request workspace settings page
    Layout->>Layout: Retrieve workspaceSlug & path using useParams & usePathname
    Layout->>AccessMap: Get allowed roles for current URL
    AccessMap-->>Layout: Return access array
    Layout->>Layout: Compare userWorkspaceRole with access array
    alt Authorized
        Layout->>User: Render settings content
    else Not Authorized
        Layout->>User: Render access denied
    end

sequenceDiagram
    participant Sidebar as SidebarDropdownItem
    participant Workspace as Workspace Data

    Sidebar->>Workspace: Fetch current workspace role
    alt Role is ADMIN or MEMBER
        Sidebar->>Sidebar: Render settings link
    else
        Sidebar->>Sidebar: Omit settings link
    end

Possibly related PRs

  • makeplane/plane#5612: The changes in the main PR, which expand access permissions for workspace roles, are related to the retrieved PR that modifies role assignment logic and ensures consistent role application across projects, as both involve user role management and permissions.
  • makeplane/plane#5601: The changes in the main PR, which expand access permissions in the WORKSPACE_SETTINGS object, are related to the modifications in the retrieved PR that broaden the conditions for role editability in the AccountTypeColumn component, as both involve adjustments to user roles and permissions.
  • makeplane/plane#6094: The changes in the main PR, which expand access permissions for workspace settings to include both ADMIN and MEMBER roles, are related to the retrieved PR that also modifies permissions, specifically restricting page actions to ADMIN and MEMBER roles, indicating a broader effort to refine user role management across the application.

Suggested labels

⚙️backend, permissions

Suggested reviewers

  • pablohashescobar
  • sriramveeraghanta

Poem

I'm a little rabbit, hopping with glee,
Code paths now clearer, as far as I can see.
Admin or member, all roles now count,
Permissions expanded in a bouncy amount.
With swift little hops, our code sings anew,
Happy changes in the fields, just for you!
🐇✨

[!TIP]

⚡🧪 Multi-step agentic review comment chat (experimental)
  • We're introducing multi-step agentic chat in review comments. This experimental feature enhances review discussions with the CodeRabbit agentic chat by enabling advanced interactions, including the ability to create pull requests directly from comments. - To enable this feature, set early_access to true under in the settings.
📜 Recent review details

Configuration used: CodeRabbit UI Review profile: CHILL Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7795d0d7c0a885bc0e0b377e546f30d07e521530 and 5338943143ff9582ea4fed2cf02db848ab1a2d9e.

📒 Files selected for processing (3)
  • apiserver/plane/api/serializers/cycle.py (2 hunks)
  • apiserver/plane/api/views/cycle.py (6 hunks)
  • apiserver/plane/app/views/cycle/base.py (4 hunks)
⏰ Context from checks skipped due to timeout of 90000ms (2)
  • GitHub Check: Analyze (javascript)
  • GitHub Check: Analyze (python)
🔇 Additional comments (12)
apiserver/plane/api/serializers/cycle.py (2)

2-2: Appropriate addition of pytz import

The addition of pytz import supports the timezone functionality implemented in the serializer.

22-29: Good implementation of timezone handling for date fields

The new __init__ method enhances the serializer by dynamically setting the timezone for date fields based on the project's timezone configuration. This ensures consistent date representation across the application and improves user experience by showing dates in the project's context rather than in UTC.

apiserver/plane/api/views/cycle.py (3)

140-140: Good addition of project context retrieval

Fetching the project object here is necessary to provide timezone context to the serializer.

144-146: Proper context passing to serializer

Adding the project context to the serializer enables the timezone functionality implemented in the CycleSerializer.

157-159: Consistent context passing across all serializer calls

The project context is consistently applied to all CycleSerializer calls throughout the method, ensuring uniform timezone handling for all cycle data.

Also applies to: 169-171, 181-183, 193-195, 207-209, 215-217

apiserver/plane/app/views/cycle/base.py (7)

271-272: Correct timezone source for data conversion

Changed to use project timezone instead of user timezone for date conversion, ensuring consistency with the project's settings.

321-324: Good implementation of project timezone retrieval

Properly fetches the project's timezone settings for consistent date handling in the create method.

327-328: Consistent timezone usage for data conversion

Now uses project timezone instead of user timezone, aligning with the project-centric approach to date handling.

414-417: Appropriate timezone retrieval in partial_update method

Fetches the project timezone consistently with other methods in the class.

420-421: Consistent timezone application in partial_update

Uses the project timezone for date conversion, maintaining consistency across the application.

491-493: Appropriate timezone retrieval in retrieve method

Fetches the project timezone to ensure consistent date handling in the retrieve method.

495-495: Consistent timezone application in retrieve

Uses project timezone for date conversion, completing the consistent approach across all methods.

✨ Finishing Touches
  • [ ] 📝 Generate Docstrings
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate docstrings to generate docstrings for this PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

coderabbitai[bot] avatar Mar 17 '25 12:03 coderabbitai[bot]

Pull Request Linked with Plane Work Items

References

Comment Automatically Generated by Plane

makeplane[bot] avatar Mar 18 '25 10:03 makeplane[bot]