[WEB-2711]fix: guest mentions and assignees

[mathalav55]

Description

Updated mentions to restrict guest users from being mentioned in issues not created by them.
Updated member drop-downs to exclude guests from being assigned to issues, modules and cycles.

Type of Change

• Bug fix (non-breaking change which fixes an issue)
• Feature (non-breaking change which adds functionality)
• Improvement (change that would cause existing functionality to not work as expected)
• Code refactoring
• Performance improvements
• Documentation update

References

WEB-2711

Summary by CodeRabbit

Release Notes

• New Features

  • Added support for issue-specific mentions and search functionality
  • Enhanced member selection and filtering with project context

• Improvements

  • Refined user mention and search logic across multiple components
  • Improved project member detail retrieval with project-specific context
  • Updated error handling in file upload and comment creation processes

• Technical Updates

  • Updated type definitions to support issue-specific search parameters
  • Improved component props and method signatures for better type safety

[coderabbitai]

Walkthrough

This pull request introduces modifications across multiple files to enhance user mention and search functionality. The changes primarily focus on improving the context-aware retrieval of user details, particularly in relation to project and issue IDs. The modifications span both backend and frontend components, introducing a more robust approach to filtering and displaying user mentions, with an emphasis on project-specific member details and search capabilities.

Changes

File	Change Summary
apiserver/plane/app/views/search/base.py	Refactored user mention filtering logic to streamline search process
packages/types/src/search.d.ts	Added optional issue_id property to TSearchEntityRequestPayload type
web/core/components/*/	Updated multiple components to support issue_id and project-specific member details
web/core/store/member/project-member.store.ts	Modified getProjectMemberDetails to accept projectId parameter

Suggested labels

🧹chore

Suggested reviewers

• SatishGandham
• sriramveeraghanta
• rahulramesha

Possibly related PRs

• [PE-93] refactor: accept generic function to search mentions #6249: Introduces a generic function to search mentions, directly related to the SearchEndpoint class changes

Poem

🐰 Mentions hopping through the code,
With project context now bestowed
Issue IDs dancing light and free
Filtering magic, can't you see?
A rabbit's search, precise and bright! 🔍

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (9)

web/core/components/project/member-select.tsx (2)

13-13: Clarify the usage of EUserPermissions.
The import for EUserPermissions is fine, but ensure that any future role checks remain consistent with all user-permission logic across the codebase.

---

32-36: Prevent role-based filtering issues.
You’re correctly excluding guests by returning early if isGuest. Confirm there’s no edge case where guest data might be needed.

web/core/components/project/member-list.tsx (1)

39-41: Refactor repeated calls
Here you create const memberDetails from the mapped searchedMembers. Consider memoizing or handling the logic once to avoid repeated calls to getProjectMemberDetails. This might improve performance for large lists.

web/core/store/member/project-member.store.ts (2)

39-39: Use descriptive JSDoc for newly added parameter

Since getProjectMemberDetails now accepts a projectId, it would be helpful to add/update JSDoc to describe how and why this parameter is used. This will improve clarity for other contributors.

---

113-116: Remove or refine console.log statement

Leaving console.log in computed functions could unnecessarily clutter the console in production. Consider removing or guarding this log statement behind an environment or debug flag.

- console.log({ projectMember });

web/core/components/issues/issue-detail/issue-activity/comments/comment-card.tsx (2)

25-25: Document newly added issueId prop usage

While the new issueId prop is self-explanatory, consider adding a short comment or JSDoc to highlight its importance for linking comments to specific issues, aiding future maintenance.

---

149-149: Properly retrieve or validate issue_id

Passing issue_id={issueId} is correct. On the receiving side, ensure it appropriately handles null or undefined scenarios in case issueId was not provided.

apiserver/plane/app/views/search/base.py (2)

281-287: Use placeholders for improved readability

The chained filters are valid. For complex queries, consider incrementally breaking them into more verbose logic or add short comments to clarify each filter's purpose.

---

325-335: Include consistent else-block documentation

The else-block filters out any user whose role is not >10. Consider clarifying or documenting the rationale in code comments to avoid confusion about permission constraints or potential expansions in the future.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c1407da and ed8a8e7.

📒 Files selected for processing (16)

• apiserver/plane/app/views/search/base.py (2 hunks)
• packages/types/src/search.d.ts (1 hunks)
• web/core/components/command-palette/actions/issue-actions/change-assignee.tsx (2 hunks)
• web/core/components/dropdowns/member/member-options.tsx (4 hunks)
• web/core/components/editor/embeds/mentions/user.tsx (2 hunks)
• web/core/components/editor/lite-text-editor/lite-text-editor.tsx (3 hunks)
• web/core/components/issues/description-input.tsx (1 hunks)
• web/core/components/issues/issue-detail/issue-activity/activity-comment-root.tsx (1 hunks)
• web/core/components/issues/issue-detail/issue-activity/comments/comment-card.tsx (3 hunks)
• web/core/components/issues/issue-detail/issue-activity/comments/comment-create.tsx (1 hunks)
• web/core/components/issues/issue-detail/issue-activity/comments/root.tsx (1 hunks)
• web/core/components/issues/issue-modal/base.tsx (1 hunks)
• web/core/components/project/member-list.tsx (4 hunks)
• web/core/components/project/member-select.tsx (3 hunks)
• web/core/components/project/settings/member-columns.tsx (1 hunks)
• web/core/store/member/project-member.store.ts (4 hunks)

✅ Files skipped from review due to trivial changes (1)

• web/core/components/issues/issue-modal/base.tsx

🔇 Additional comments (27)

web/core/components/issues/issue-detail/issue-activity/comments/root.tsx (1)

39-39: Prop injection looks good.
Passing the issueId prop to IssueCommentCard ensures each comment can reference the correct issue context. No issues found with this addition.

packages/types/src/search.d.ts (1)

77-77: Optional property addition is consistent.
The issue_id?: string; property cleanly extends the request payload for issue-related filtering. This complements the updated components that now handle and pass issue_id.

web/core/components/project/member-select.tsx (3)

5-5: Ensure correct usage of next/navigation.
The import of useParams from next/navigation is a good approach, but verify that you only use it in Client Components. This file is marked "use client", so it’s valid.

---

23-24: Validate projectId usage.
The useParams hook retrieves strings, so confirm that projectId.toString() is safe. If projectId can ever be undefined, gracefully handle that to avoid runtime errors.

---

56-56: Check default selection logic.
Retrieving member details with getProjectMemberDetails(value, projectId.toString()) might fail if value is absent. Consider a fallback or conditional check to handle empty selection gracefully.

web/core/components/command-palette/actions/issue-actions/change-assignee.tsx (2)

36-63: Robust handling for missing projectId.
In lines 38–39, you gracefully skip if projectId is undefined, which prevents lookups from crashing. This is a good defensive approach.

---

86-97: Prevent rendering undefined options.
The filter check option && <Command.Item ...> is good practice to avoid runtime errors. The overall item rendering logic looks clean.

web/core/components/issues/issue-detail/issue-activity/activity-comment-root.tsx (1)

47-47: Pass issueId parameter effectively
The addition of issueId prop to IssueCommentCard aligns with the PR objective to identify comments by their specific issue context. This implementation looks correct, given the usage in IssueCommentCard.

web/core/components/editor/embeds/mentions/user.tsx (2)

22-23: Check fallback for missing projectId
When projectId is absent in the route, the code gracefully defaults to null; however, ensure there's no scenario that expects a valid projectId and fails silently. Consider documenting or logging a warning if it’s expected to always have some project context.

---

49-49: Restrict guest mentions if appropriate
Integration with getProjectMemberDetails for role-based checks is consistent with the PR objective to restrict guest mentions. Verify that there's additional coverage or a higher-level check ensuring that guests are not able to mention other users if they lack permission.

web/core/components/project/member-list.tsx (3)

5-5: Import usage is correct
Importing useParams from "next/navigation" is correct under Next.js 13+ standards. Continue ensuring consistent usage across the codebase.

---

18-19: Ensure consistent naming
Extracting projectId here is straightforward. Just ensure that other references throughout the file (like the variable in lines 39-41) are consistent in naming and logic.

---

30-30: Handle null or guest user
When calling getProjectMemberDetails(userId, projectId.toString()), confirm that the function gracefully handles guests by returning a falsy member property if the user is indeed a guest. Ensure that the UI doesn't inadvertently reveal guests in lists if restricted by project policy.

web/core/components/issues/issue-detail/issue-activity/comments/comment-create.tsx (1)

98-98: Contextualizing comments by issue_id
Passing the issue_id prop to LiteTextEditor is aligned with the goal of restricting guest mentions to the relevant issue. Ensure that the editor’s mention search logic respects the user’s role and doesn’t expose the mention of other guests.

web/core/components/editor/lite-text-editor/lite-text-editor.tsx (2)

33-33: Introducing optional issue_id prop appears valid.
Allowing an optional issue_id aligns with the new requirement for context-specific mentions. Looks good.

---

42-42: Verify usage of issue_id in search.
Passing the issue_id to searchEntity ensures mentions are contextualized by the issue. Confirm that upstream or downstream calls (e.g., other references to LiteTextEditor) supply a valid string when necessary.

Also applies to: 63-63

web/core/components/issues/description-input.tsx (1)

128-128: Confirm issue_id inclusion in searchMentionCallback.
Adding issueId strengthens mention filtering. Ensure that it’s non-null in contexts where issue-based search is required.

web/core/components/dropdowns/member/member-options.tsx (5)

20-20: Imported EUserPermissions used effectively.
The import is relevant for filtering guests correctly.

---

43-43: Expanded destructuring for getProjectMemberDetails.
Retrieving project member info is consistent with the newly required filtering logic.

---

82-104: Exclude guest users from dropdown.
Filtering out guest users (isGuest) ensures correct user selection based on roles. Confirm that logic properly handles scenarios with multiple roles or no role defined.

---

107-107: filteredOptions respects empty queries before filtering.
Implementation is sound. If query is empty, no user filtering is applied. This is a sensible approach for auto-suggest.

---

138-158: Robust conditional rendering for search results.
Rendering conditions are appropriately handled to avoid null references. Good job safeguarding the UI from undefined states.

web/core/components/project/settings/member-columns.tsx (1)

115-115: Project-specific role retrieval is correct.
Using getProjectMemberDetails(currentUser.id, projectId) ensures accurate role checks within the current project context. This is a proper fix to avoid mismatches with workspace-level roles.

web/core/store/member/project-member.store.ts (2)

184-184: Ensure robust error handling or fallback

When memberDetails is null, the code properly throws an error. Ensure any upstream code calling updateMember includes try-catch or .catch logic to handle this situation gracefully in the UI or logs.

---

215-215: Double-check concurrency

The removeMemberFromProject method fetches memberDetails and then deletes it. If there's a possible concurrency scenario where another process modifies the membership map in parallel, ensure these changes are atomic or well-synchronized to avoid inconsistent states.

web/core/components/issues/issue-detail/issue-activity/comments/comment-card.tsx (1)

38-38: Verify usage alignment with other components

You're passing issueId to the comment card here. Confirm that all other references to this props match the correct type (string) and usage.

apiserver/plane/app/views/search/base.py (1)

309-324: Refine logic for user mention with issue-based filtering

By combining role__gt=10 or member_id=issue_created_by, guest users appear to be excluded except the issue creator. Confirm if other specialized roles need to be included or if there's a scenario for broader permissions.