Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[WEB-3488] improvement: assignee validation for work item creation #6701

Merged
merged 1 commit into from
Mar 5, 2025
Merged

[WEB-3488] improvement: assignee validation for work item creation #6701

merged 1 commit into from
Mar 5, 2025

Conversation

prateekshourya29
Copy link
Member

@prateekshourya29 prateekshourya29 commented Mar 5, 2025
edited by coderabbitai bot
Loading

Description

In this PR, we are adding validation for assignees in the work item creation. This will ensure that the assignees are part of the project and has role greater than or equal to role of member.

Type of Change

  • Bug fix (non-breaking change which fixes an issue)
  • Feature (non-breaking change which adds functionality)
  • Improvement (change that would cause existing functionality to not work as expected)
  • Code refactoring
  • Performance improvements
  • Documentation update

Summary by CodeRabbit

  • New Features
    • Refined issue assignment logic to ensure only active project members with sufficient permissions can be selected as assignees during issue creation and update.
    • Updated default assignment behavior to automatically validate that the designated default assignee meets the required criteria.

@prateekshourya29 prateekshourya29 self-assigned this Mar 5, 2025
@coderabbitai coderabbitai
Copy link
Contributor

coderabbitai bot commented Mar 5, 2025
edited
Loading

Walkthrough

This pull request enhances the validation logic for assigning issue assignees. In the API serializer, it enforces a stricter role check (role ≥ 15) for both specified and default assignees. In the App serializer, a new method (get_valid_assignees) has been added to filter assignees based on active status and role, with corresponding updates to the create and update flows. These modifications ensure only qualified project members are assigned.

Changes

File(s) Change Summary
apiserver/.../api/serializers/issue.py,
apiserver/.../app/serializers/issue.py		 Enforced stricter role-based validation (role ≥ 15) for issue assignees. Updated the API serializer to verify default assignee validity and added get_valid_assignees in the App serializer to filter active, qualified members during issue creation and update.

Sequence Diagram(s)

sequenceDiagram
    participant U as User
    participant ICS as IssueCreateSerializer
    participant PM as ProjectMember Model
    participant IA as IssueAssignee

    U->>ICS: Submit issue create request with assignees
    ICS->>ICS: Invoke get_valid_assignees(assignees, project_id)
    ICS->>PM: Query active members with role ≥ 15
    PM-->>ICS: Return valid assignee IDs
    ICS->>IA: Create IssueAssignee records for valid IDs
    ICS-->>U: Return issue creation response
Loading

Possibly related PRs

Suggested labels

🌟improvement

Suggested reviewers

  • sriramveeraghanta
  • rahulramesha
  • SatishGandham

Poem

I’m a little rabbit, hopping with delight,
In the realm of code, everything feels so right.
With roles checked and defaults set, bugs take flight,
Valid assignees lead our burrow through the night.
Happy hops and bytes, our code shines bright!

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 80198f5 and a116b5b.

📒 Files selected for processing (2)
  • apiserver/plane/api/serializers/issue.py (2 hunks)
  • apiserver/plane/app/serializers/issue.py (4 hunks)
⏰ Context from checks skipped due to timeout of 90000ms (2)
  • GitHub Check: Analyze (javascript)
  • GitHub Check: Analyze (python)
🔇 Additional comments (6)
apiserver/plane/api/serializers/issue.py (2)

83-83: Good enhancement of assignee validation.

Adding the role__gte=15 condition ensures that only users with appropriate permissions (role equal to or greater than 15) can be assigned to issues, which aligns with the PR objective of improving assignee validation.

162-168: Proper validation of default assignee

This is a good improvement to ensure default assignees also meet the same criteria as explicitly specified assignees. The code now confirms that a default assignee is both active and has sufficient permissions (role ≥ 15) before assigning them.

apiserver/plane/app/serializers/issue.py (4)

123-132: Good addition of reusable assignee validation method.

The new get_valid_assignees method provides a centralized place for validating assignees based on project membership, role level, and active status. This promotes code reuse and consistency across the create and update operations.

149-163: Good implementation of assignee validation in create flow.

The implementation correctly uses the new get_valid_assignees method to filter out invalid assignees. Also, the parameter name changes from assignee to assignee_id and user_id improve code clarity by clearly indicating these are IDs.

169-175: Consistent validation for default assignee.

The implementation ensures that default assignees undergo the same validation as explicitly assigned users, requiring them to be active project members with sufficient role permissions. This aligns well with the changes in the API serializer and ensures consistency.

219-234: Good implementation of assignee validation in update flow.

The update method properly leverages the new get_valid_assignees method, ensuring the same validation logic is applied consistently across both creation and updates of issues.

✨ Finishing Touches
  • 📝 Generate Docstrings

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate docstrings to generate docstrings for this PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

@dheeru0198
Copy link
Collaborator

Looks like we're following different strategies in api serializer and app serializer to do the same thing. Please follow the same structure for both the serializers to main consistency.

@sriramveeraghanta sriramveeraghanta merged commit 28312e8 into preview Mar 5, 2025
5 of 6 checks passed
sriramveeraghanta pushed a commit that referenced this pull request Mar 5, 2025
@prateekshourya29 @sriramveeraghanta
[WEB-3488] improvement: assignee validation for work item creation (#…
ac6fef3 
…6701)
@coderabbitai coderabbitai bot mentioned this pull request Mar 5, 2025
Merged
6 tasks
sriramveeraghanta added a commit that referenced this pull request Mar 5, 2025
@sriramveeraghanta @pablohashescobar
@anmolsinghbhatia @mguptahub @ch4og @gakshita @aaryan610 @akshat5302 @1akhanBaheti @nicobts @prateekshourya29
release: v0.25.1
e61ff87 
* fix: issue activity for project id validation (#6668)

* fix: work item attachment count mutation (#6670)

* updated the action to modify the release build assets (#6669)

* feat: russian translation (#6666)

* chore: ru translation updated (#6672)

* fix: state drop down refactor

* fix: intake work item creation refactor

* fix: cleanup for deprecated functions

* fix: date range picker on cycles and modules list (#6676)

* fix: Handled workspace switcher closing on click

* fix: replaced date range picker with date picker at some places

* chore: add common translation keys (#6688)

* chore: add missing translation keys

* chore: add russian translation keys

* fix: issue activity task (#6689)

* changed github workflow action ubuntu version to `ubuntu-22.04` (#6683)

* chore: update russian translation (#6682)

* chore: update russian translation

* chore: rename issues to work items in russian translation

* [PE-275] chore: editor line spacing variables (#6678)

* chore: variable editor line spacing

* chore: variable list spacing

---------

Co-authored-by: Aaryan Khandelwal <aaryankhandu123@gmail.com>

* [WEB-3475] fix: cycle dates dropdown (#6690)

* fix: Handled workspace switcher closing on click

* fix: Cycle date picker

* fix: Made onSelect optional in range range component

* fix: module date picker (#6691)

* fix: Handled workspace switcher closing on click

* fix: reverted module date picker changes

* chore: extended sidebar improvement (#6693)

* feat: italian translations (#6692)

* Create translations.json - ITALIAN translation (#6667)

* chore: italian translation updated

* feat: italian translation added

* fix: module end date translation

---------

Co-authored-by: Nicolas Bossi <nicolasbossi@gmail.com>
Co-authored-by: gakshita <akshitagoyal1516@gmail.com>

* fix: attachment item created by (#6695)

* fix: module flicker issue on property updation (#6699)

* [WEB-3477] fix: mutation issue on moving work items for a manually ended cycle (#6696)

* fix: package version update

* fix: esbuild version fix

* fix: package license repliation

* [WEB-3488] improvement: assignee validation for work item creation (#6701)

* fix: work item assignee update validation (#6704)

---------

Co-authored-by: Nikhil <118773738+pablohashescobar@users.noreply.github.com>
Co-authored-by: Anmol Singh Bhatia <121005188+anmolsinghbhatia@users.noreply.github.com>
Co-authored-by: Manish Gupta <59428681+mguptahub@users.noreply.github.com>
Co-authored-by: Nikita Mitasov <32384814+ch4og@users.noreply.github.com>
Co-authored-by: Akshita Goyal <36129505+gakshita@users.noreply.github.com>
Co-authored-by: Aaryan Khandelwal <65252264+aaryan610@users.noreply.github.com>
Co-authored-by: Akshat Jain <akshatjain9782@gmail.com>
Co-authored-by: Lakhan Baheti <94619783+1akhanBaheti@users.noreply.github.com>
Co-authored-by: Aaryan Khandelwal <aaryankhandu123@gmail.com>
Co-authored-by: Nicolas Bossi <nicolasbossi@gmail.com>
Co-authored-by: gakshita <akshitagoyal1516@gmail.com>
Co-authored-by: Prateek Shourya <prateekshourya29@gmail.com>
@coderabbitai coderabbitai bot mentioned this pull request Mar 7, 2025
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dheeru0198 dheeru0198 dheeru0198 approved these changes

@NarayanBavisetti NarayanBavisetti Awaiting requested review from NarayanBavisetti

@pablohashescobar pablohashescobar Awaiting requested review from pablohashescobar

Assignees

@prateekshourya29 prateekshourya29

Labels
⚙️backend
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@prateekshourya29 @dheeru0198 @sriramveeraghanta