[SILO-699] chore: add check for feature enabled for module and cycle create

[Saurabhkmr98]

Description

• add check for feature enabled for module and cycle create

Type of Change

• Bug fix (non-breaking change which fixes an issue)
• Feature (non-breaking change which adds functionality)
• Improvement (change that would cause existing functionality to not work as expected)
• Code refactoring
• Performance improvements
• Documentation update

Screenshots and Media (if applicable)

Test Scenarios

References

Summary by CodeRabbit

• Bug Fixes
  • Prevented creation of cycles when the project's cycle feature is disabled, ensuring projects without cycle support cannot accept cycle data.
  • Prevented creation of modules when the project's module feature is disabled, enforcing project-level visibility before module creation.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[makeplane]

Linked to Plane Work Item(s)

• [SILO-699] Add feature enabled checks to CE API

This comment was auto-generated by Plane

[coderabbitai]

Walkthrough

Added project feature-flag checks to two serializers: CycleCreateSerializer now validates project.cycle_view (and converts start_date with is_start_date=True), and ModuleCreateSerializer now validates project.module_view before proceeding with existing validation.

Changes

Cohort / File(s)	Change Summary
Cycle serializer updates apps/api/plane/api/serializers/cycle.py	Added Project import; compute project_id up front; fetch Project and enforce project.cycle_view (raise ValidationError if missing/disabled); moved/removed redundant project checks; updated start_date conversion to call convert_to_utc(..., is_start_date=True)
Module serializer updates apps/api/plane/api/serializers/module.py	Added Project import; retrieve project_id from context and require it; fetch Project and enforce project.module_view (raise ValidationError if missing/disabled) before existing date and member validation logic

Sequence Diagram

sequenceDiagram
    participant Client
    participant Serializer
    participant ProjectDB as Project DB

    Client->>Serializer: POST / create cycle or module
    Serializer->>Serializer: validate() begins
    Serializer->>ProjectDB: GET /Project by project_id
    ProjectDB-->>Serializer: Project (or not found)

    alt project missing
        rect rgb(255,200,200)
            Note over Serializer: raise ValidationError (missing project)
            Serializer-->>Client: 400 ValidationError
        end
    else project present
        alt feature flag enabled
            rect rgb(200,220,255)
                Note over Serializer: continue validation (dates, members, etc.)
                Serializer-->>Client: 201 Created (or validation success)
            end
        else feature flag disabled
            rect rgb(255,200,200)
                Note over Serializer: raise ValidationError (feature disabled)
                Serializer-->>Client: 400 ValidationError
            end
        end
    end

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

• Small, consistent pattern changes across two serializer files.
• Pay attention to:
  • Correct handling of missing project_id in module serializer context.
  • Exact ValidationError messages and HTTP semantics.
  • convert_to_utc(..., is_start_date=True) usage and timezone implications.

Poem

🐇 I hopped through serializers, checking each gate,
Project flags decide if cycles and modules may skate,
Dates nudged to UTC with a careful little squeeze,
If a view is closed, I stop with polite pleas,
A rabbit's small nudge keeps the API neat and safe.

Pre-merge checks and finishing touches

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.
Description check	❓ Inconclusive	The description is minimal but present; it briefly states the core change without detailed explanation or properly filled test scenarios and references.	Expand the description section with more context about why this change is needed. Add test scenarios and link the related issue (SILO-699) in the References section.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically describes the main change: adding feature enabled checks for module and cycle creation.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch chore-add_feature_enable_validation

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between df641c2 and 221199b.

📒 Files selected for processing (2)

• apps/api/plane/api/serializers/cycle.py (2 hunks)
• apps/api/plane/api/serializers/module.py (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• apps/api/plane/api/serializers/cycle.py

🧰 Additional context used

🧠 Learnings (2)

📓 Common learnings

Learnt from: NarayanBavisetti
Repo: makeplane/plane PR: 7460
File: apps/api/plane/app/serializers/draft.py:112-122
Timestamp: 2025-07-23T18:18:06.875Z
Learning: In the Plane codebase serializers, workspace_id is not consistently passed in serializer context, so parent issue validation in DraftIssueCreateSerializer only checks project_id rather than both workspace_id and project_id. The existing project member authentication system already validates that users can only access projects they belong to, providing sufficient security without risking breaking functionality by adding workspace_id validation where the context might not be available.

📚 Learning: 2025-07-23T18:18:06.875Z

Learnt from: NarayanBavisetti
Repo: makeplane/plane PR: 7460
File: apps/api/plane/app/serializers/draft.py:112-122
Timestamp: 2025-07-23T18:18:06.875Z
Learning: In the Plane codebase serializers, workspace_id is not consistently passed in serializer context, so parent issue validation in DraftIssueCreateSerializer only checks project_id rather than both workspace_id and project_id. The existing project member authentication system already validates that users can only access projects they belong to, providing sufficient security without risking breaking functionality by adding workspace_id validation where the context might not be available.

Applied to files:

• apps/api/plane/api/serializers/module.py

🧬 Code graph analysis (1)

apps/api/plane/api/serializers/module.py (2)

apps/api/plane/db/models/project.py (1)

• Project (65-159)

apps/api/plane/api/views/base.py (2)

• project_id (146-152)
• project_id (261-267)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: Build and lint web apps
• GitHub Check: Analyze (javascript)

Tip

📝 Customizable high-level summaries are now available in beta!

You can now customize how CodeRabbit generates the high-level summary in your pull requests — including its content, structure, tone, and formatting.

• Provide your own instructions using the high_level_summary_instructions setting.
• Format the summary however you like (bullet lists, tables, multi-section layouts, contributor stats, etc.).
• Use high_level_summary_in_walkthrough to move the summary from the description to the walkthrough section.

Example instruction:

"Divide the high-level summary into five sections:

1. 📝 Description — Summarize the main change in 50–60 words, explaining what was done.
2. 📓 References — List relevant issues, discussions, documentation, or related PRs.
3. 📦 Dependencies & Requirements — Mention any new/updated dependencies, environment variable changes, or configuration updates.
4. 📊 Contributor Summary — Include a Markdown table showing contributions:
   | Contributor | Lines Added | Lines Removed | Files Changed |
5. ✔️ Additional Notes — Add any extra reviewer context.
   Keep each section concise (under 200 words) and use bullet or numbered lists for clarity."

Note: This feature is currently in beta for Pro-tier users, and pricing will be announced later.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f3031a4 and df641c2.

📒 Files selected for processing (2)

• apps/api/plane/api/serializers/cycle.py (2 hunks)
• apps/api/plane/api/serializers/module.py (2 hunks)

🧰 Additional context used

🧠 Learnings (3)

📓 Common learnings

Learnt from: dheeru0198
Repo: makeplane/plane PR: 7625
File: apps/api/plane/bgtasks/workspace_seed_task.py:95-98
Timestamp: 2025-09-12T07:29:36.083Z
Learning: In the Plane codebase, workspace seed data should have project features (cycle_view, module_view, issue_views_view) enabled by default, even when regular project creation has these features disabled. This provides users with a complete demo experience in the seeded workspace.

Learnt from: NarayanBavisetti
Repo: makeplane/plane PR: 7460
File: apps/api/plane/app/serializers/draft.py:112-122
Timestamp: 2025-07-23T18:18:06.875Z
Learning: In the Plane codebase serializers, workspace_id is not consistently passed in serializer context, so parent issue validation in DraftIssueCreateSerializer only checks project_id rather than both workspace_id and project_id. The existing project member authentication system already validates that users can only access projects they belong to, providing sufficient security without risking breaking functionality by adding workspace_id validation where the context might not be available.

Learnt from: NarayanBavisetti
Repo: makeplane/plane PR: 7969
File: apps/api/plane/api/views/cycle.py:1218-1228
Timestamp: 2025-10-17T10:46:13.825Z
Learning: In the cycle transfer functionality in apps/api/plane/api/views/cycle.py, transfers should only be allowed from completed cycles (end_date < timezone.now()), not from active or draft cycles. The guard should block when end_date is None or end_date >= timezone.now().

📚 Learning: 2025-10-17T10:46:13.825Z

Learnt from: NarayanBavisetti
Repo: makeplane/plane PR: 7969
File: apps/api/plane/api/views/cycle.py:1218-1228
Timestamp: 2025-10-17T10:46:13.825Z
Learning: In the cycle transfer functionality in apps/api/plane/api/views/cycle.py, transfers should only be allowed from completed cycles (end_date < timezone.now()), not from active or draft cycles. The guard should block when end_date is None or end_date >= timezone.now().

Applied to files:

• apps/api/plane/api/serializers/cycle.py

📚 Learning: 2025-07-23T18:18:06.875Z

Learnt from: NarayanBavisetti
Repo: makeplane/plane PR: 7460
File: apps/api/plane/app/serializers/draft.py:112-122
Timestamp: 2025-07-23T18:18:06.875Z
Learning: In the Plane codebase serializers, workspace_id is not consistently passed in serializer context, so parent issue validation in DraftIssueCreateSerializer only checks project_id rather than both workspace_id and project_id. The existing project member authentication system already validates that users can only access projects they belong to, providing sufficient security without risking breaking functionality by adding workspace_id validation where the context might not be available.

Applied to files:

• apps/api/plane/api/serializers/cycle.py
• apps/api/plane/api/serializers/module.py

🧬 Code graph analysis (2)

apps/api/plane/api/serializers/cycle.py (2)

apps/api/plane/db/models/project.py (1)

• Project (65-159)

apps/api/plane/tests/contract/api/test_cycles.py (1)

• project (12-26)

apps/api/plane/api/serializers/module.py (1)

apps/api/plane/db/models/project.py (1)

• Project (65-159)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Analyze (javascript)

🔇 Additional comments (1)

apps/api/plane/api/serializers/cycle.py (1)

80-80: Clarify the purpose of the is_start_date=True parameter.

This change adds an is_start_date=True parameter to the convert_to_utc call, which is not mentioned in the PR description. The PR objective states adding feature checks for module and cycle creation, not modifying timezone conversion behavior.

Please clarify:

1. Is this change intentional and related to the feature flag validation?
2. What is the purpose of the is_start_date parameter and how does it affect UTC conversion?
3. Should this be part of a separate PR focused on timezone handling?

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Handle missing project gracefully to prevent unhandled exceptions.

The code uses Project.objects.get() which will raise Project.DoesNotExist if the project is not found or if project_id is None. Additionally, if project_id is not present in the context, this will fail unexpectedly.

Apply this diff to add defensive checks:

-    def validate(self, data):
-        project = Project.objects.get(id=self.context.get("project_id"))
-        if not project.module_view:
-            raise serializers.ValidationError("Modules are not enabled for this project")
+    def validate(self, data):
+        project_id = self.context.get("project_id")
+        if not project_id:
+            raise serializers.ValidationError("Project ID is required")
+        
+        project = Project.objects.filter(id=project_id).first()
+        if not project:
+            raise serializers.ValidationError("Project not found")
+        
+        if not project.module_view:
+            raise serializers.ValidationError("Modules are not enabled for this project")

🤖 Prompt for AI Agents

In apps/api/plane/api/serializers/module.py around lines 57 to 59, the code
calls Project.objects.get(id=self.context.get("project_id")) which will raise an
unhandled Project.DoesNotExist (or fail when project_id is None); update it to
first validate that project_id exists in self.context and then retrieve the
project safely (either use Project.objects.filter(id=project_id).first() and
check for None, or wrap get() in a try/except Project.DoesNotExist), and raise
serializers.ValidationError with a clear message (e.g., "Project not found" or
"project_id missing") when the project_id is missing or the project cannot be
found, instead of letting an exception bubble up.

[dheeru0198]

@Saurabhkmr98 The coderabbit reviews are valid. Please fix those.