[WEB-3600] fix: private project join issue

[gakshita]

Description

This Pr fixes private Project joining permissions.

References

[WEB-3600]

Summary by CodeRabbit

• New Features

  • Expanded project data to include a network attribute for enhanced categorization.
  • Introduced project network types to distinguish between public and private projects.
  • Improved permission logic in the project interface, enabling workspace administrators to see enhanced join options and refined status displays.
  • Added a new permission check for project invitations based on network type.

• Bug Fixes

  • Simplified conditions for rendering components based on user roles and project status.

[coderabbitai]

Walkthrough

The changes add a new "network" field to the list method of ProjectViewSet, introduce a new EProjectNetwork enum for categorizing project networks, and adjust frontend permission logic in the project wrapper. These modifications expand the data returned from the backend and update component rendering based on user permissions and project network status.

Changes

File Path	Change Summary
.../apiserver/plane/app/views/project/base.py	Added "network" to the values() of the list method in ProjectViewSet to include project network details.
.../packages/types/src/enums.ts	Added new enum EProjectNetwork with members PRIVATE = 0 and PUBLIC = 2.
.../packages/types/src/project/projects.d.ts	Added network property to IPartialProject; removed network property from IProject.
.../web/core/layouts/auth-layout/project-wrapper.tsx	Introduced const isWorkspaceAdmin using permission checks; modified rendering conditions for JoinProject and DetailedEmptyState components based on admin status and project network.
.../apiserver/plane/app/views/project/invite.py	Updated create method in UserProjectInvitationsViewset to check permissions based on project network type instead of a single role check.
.../apiserver/plane/db/models/project.py	Added ProjectNetwork enum and properties is_secret, is_public, and network_type to the Project class for better handling of project network types.

Possibly related PRs

• [WEB-3251] fix: add to projects list API #6550: The changes in the main PR, which add a "network" field to the list method in the ProjectViewSet class, are related to the modifications in the retrieved PR that involve the removal of the is_member field and the introduction of member_role, as both PRs affect the data structure returned by the list method in the same class.
• [WEB-3597] fix: guest work item view access when hyper mode is enabled  #6785: The changes in the main PR, which add a "network" field to the list method in the ProjectViewSet class, are related to the retrieved PR that also modifies the list method in the same class by adding a "guest_view_all_features" field, indicating both PRs are enhancing the output of the same method.
• [WEB-2778] chore: private project join restriction #6082: The changes in the main PR, which add a "network" field to the list method in the ProjectViewSet class, are related to the modifications in the retrieved PR that enhance the retrieve method of the same class by adding a filter for active project members, as both involve direct alterations to the ProjectViewSet class in apiserver/plane/app/views/project/base.py.

Suggested labels

🐛bug, ⚙️backend, permissions

Suggested reviewers

• sriramveeraghanta
• pablohashescobar
• SatishGandham

Poem

In the code garden, I hop with delight,
Adding a field to make the data light.
With enums and checks woven in the thread,
The views now dance with logic well-read.
I'm a coding rabbit, cheerful and free—
Hoppin’ to celebrate our new API spree!
🐇💻

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5f9d3ef and 832f476.

📒 Files selected for processing (1)

• apiserver/plane/app/views/project/invite.py (3 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• apiserver/plane/app/views/project/invite.py

⏰ Context from checks skipped due to timeout of 90000ms (2)

• GitHub Check: Analyze (javascript)
• GitHub Check: Analyze (python)

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai plan to trigger planning for file edits and PR creation.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[makeplane]

Pull Request Linked with Plane Work Items

• [WEB-3600] When member/guest views a private project/its link, user shouldn't be able to join that project

Comment Automatically Generated by Plane

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

packages/types/src/enums.ts (1)

9-13: Added new enum for project network categorization.

The implementation of EProjectNetwork enum looks good, allowing projects to be categorized as either PRIVATE (0) or PUBLIC (2). This supports the fix for the private project join issue.

However, there's a gap in the enum values (0 and 2 with no 1). Is this intentional to align with existing database values? If there's no specific reason, consider using sequential values for better maintainability.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between dbdf2f0 and bdca9f6.

📒 Files selected for processing (3)

• apiserver/plane/app/views/project/base.py (1 hunks)
• packages/types/src/enums.ts (1 hunks)
• web/core/layouts/auth-layout/project-wrapper.tsx (3 hunks)

🧰 Additional context used

🧬 Code Definitions (1)

web/core/layouts/auth-layout/project-wrapper.tsx (1)

web/core/components/auth-screens/project/join-project.tsx (1)

• JoinProject (14-57)

🔇 Additional comments (5)

apiserver/plane/app/views/project/base.py (1)

182-182: Added "network" field to project list response.

This addition exposes the project's network status to the frontend, which is necessary for implementing the permission logic for joining projects. The field was already being used in queries (lines 122, 205) but wasn't included in the response.

web/core/layouts/auth-layout/project-wrapper.tsx (4)

10-10: Added import for the EProjectNetwork enum.

Proper import of the new enum to support the permission checks in this component.

---

74-78: Added workspace admin permission check.

Good addition to determine if the current user has admin permissions at the workspace level, which will be used to allow workspace admins to join private projects.

---

177-182: Updated project join permission logic.

The new logic properly implements the requirement to allow users to join projects that are either:

1. Not private (network !== EProjectNetwork.PRIVATE), OR
2. Any project if the user is a workspace admin

This fixes the issue where users couldn't join private projects when they should have access.

---

185-185: Simplified the empty state rendering condition.

The condition for rendering the DetailedEmptyState has been simplified while maintaining the correct behavior. This ensures users see the appropriate UI when they don't have permission to access a project.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

apiserver/plane/app/views/project/invite.py (1)

140-155: Good implementation of permission check for secret projects

The added code correctly implements a permission check that prevents non-admin workspace members from joining projects with a SECRET network type, which directly addresses the issue described in the PR objectives.

Two minor points worth noting:

1. The error message uses "private project" while the enum uses "SECRET" - consider standardizing terminology.
2. If multiple projects are provided with mixed visibility, the request will fail entirely if any single project is SECRET.

apiserver/plane/db/models/project.py (1)

21-27: Well-structured enum implementation

The ProjectNetwork enum provides a clean, type-safe way to represent and reference network types rather than using magic numbers directly in the code.

Note that the enum values (0 and 2) are non-sequential. While this matches the existing NETWORK_CHOICES, it might be worth documenting why value 1 is skipped.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2607ce5 and db792f7.

📒 Files selected for processing (2)

• apiserver/plane/app/views/project/invite.py (3 hunks)
• apiserver/plane/db/models/project.py (3 hunks)

🧰 Additional context used

🧬 Code Definitions (1)

apiserver/plane/app/views/project/invite.py (1)

apiserver/plane/db/models/project.py (2)

• Project (59-178)
• ProjectNetwork (21-27)

⏰ Context from checks skipped due to timeout of 90000ms (2)

• GitHub Check: Analyze (javascript)
• GitHub Check: Analyze (python)

🔇 Additional comments (4)

apiserver/plane/app/views/project/invite.py (2)

26-29: Import additions are appropriate

The additional imports of Project and ProjectNetwork are necessary for the new permission checks implemented in the create method.

---

131-131: LGTM: Permission decorator expanded appropriately

Expanding the permission decorator to allow both admin and member roles at the workspace level aligns with the purpose of fixing the project join issue.

apiserver/plane/db/models/project.py (2)

4-4: LGTM: Added appropriate import

The addition of the Enum import is necessary for the new ProjectNetwork enum class.

---

126-137: Good addition of helper properties

These properties provide a clean interface for checking project network types and accessing the enum value. The type annotations are a nice touch for better IDE support and code clarity.

The implementation correctly compares against the enum values rather than magic numbers, which improves code readability and maintainability.