From df641c2a58ce139d7396eafda3f1f560d0edb874 Mon Sep 17 00:00:00 2001
From: Saurabhkmr98 <saurabhkapur73@gmail.com>
Date: Thu, 20 Nov 2025 16:39:17 +0530
Subject: [PATCH 1/2] add check for feature enabled for module and cycle create

---
 apps/api/plane/api/serializers/cycle.py  | 6 +++++-
 apps/api/plane/api/serializers/module.py | 4 ++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/apps/api/plane/api/serializers/cycle.py b/apps/api/plane/api/serializers/cycle.py
index 6b7bfa442fb..43bcc9f67fb 100644
--- a/apps/api/plane/api/serializers/cycle.py
+++ b/apps/api/plane/api/serializers/cycle.py
@@ -4,7 +4,7 @@
 
 # Module imports
 from .base import BaseSerializer
-from plane.db.models import Cycle, CycleIssue, User
+from plane.db.models import Cycle, CycleIssue, User, Project
 from plane.utils.timezone_converter import convert_to_utc
 
 
@@ -70,6 +70,10 @@ def validate(self, data):
             if not project_id:
                 raise serializers.ValidationError("Project ID is required")
 
+            project = Project.objects.filter(id=project_id).first()
+            if not project.cycle_view:
+                raise serializers.ValidationError("Cycles are not enabled for this project")
+
             data["start_date"] = convert_to_utc(
                 date=str(data.get("start_date").date()),
                 project_id=project_id,
diff --git a/apps/api/plane/api/serializers/module.py b/apps/api/plane/api/serializers/module.py
index 77be453c888..a7c4249208a 100644
--- a/apps/api/plane/api/serializers/module.py
+++ b/apps/api/plane/api/serializers/module.py
@@ -10,6 +10,7 @@
     ModuleMember,
     ModuleIssue,
     ProjectMember,
+    Project,
 )
 
 
@@ -53,6 +54,9 @@ class Meta:
         ]
 
     def validate(self, data):
+        project = Project.objects.get(id=self.context.get("project_id"))
+        if not project.module_view:
+            raise serializers.ValidationError("Modules are not enabled for this project")
         if (
             data.get("start_date", None) is not None
             and data.get("target_date", None) is not None

From 221199b8c5e9f09be4f3d0f93b894bdabc5bc618 Mon Sep 17 00:00:00 2001
From: Saurabhkmr98 <saurabhkapur73@gmail.com>
Date: Thu, 27 Nov 2025 14:16:09 +0530
Subject: [PATCH 2/2] add more checks

---
 apps/api/plane/api/serializers/cycle.py  | 23 ++++++++++++-----------
 apps/api/plane/api/serializers/module.py |  7 ++++++-
 2 files changed, 18 insertions(+), 12 deletions(-)

diff --git a/apps/api/plane/api/serializers/cycle.py b/apps/api/plane/api/serializers/cycle.py
index 43bcc9f67fb..f2724231a25 100644
--- a/apps/api/plane/api/serializers/cycle.py
+++ b/apps/api/plane/api/serializers/cycle.py
@@ -55,6 +55,18 @@ class Meta:
         ]
 
     def validate(self, data):
+        project_id = self.initial_data.get("project_id") or (
+            self.instance.project_id if self.instance and hasattr(self.instance, "project_id") else None
+        )
+
+        if not project_id:
+            raise serializers.ValidationError("Project ID is required")
+
+        project = Project.objects.filter(id=project_id).first()
+        if not project:
+            raise serializers.ValidationError("Project not found")
+        if not project.cycle_view:
+            raise serializers.ValidationError("Cycles are not enabled for this project")
         if (
             data.get("start_date", None) is not None
             and data.get("end_date", None) is not None
@@ -63,17 +75,6 @@ def validate(self, data):
             raise serializers.ValidationError("Start date cannot exceed end date")
 
         if data.get("start_date", None) is not None and data.get("end_date", None) is not None:
-            project_id = self.initial_data.get("project_id") or (
-                self.instance.project_id if self.instance and hasattr(self.instance, "project_id") else None
-            )
-
-            if not project_id:
-                raise serializers.ValidationError("Project ID is required")
-
-            project = Project.objects.filter(id=project_id).first()
-            if not project.cycle_view:
-                raise serializers.ValidationError("Cycles are not enabled for this project")
-
             data["start_date"] = convert_to_utc(
                 date=str(data.get("start_date").date()),
                 project_id=project_id,
diff --git a/apps/api/plane/api/serializers/module.py b/apps/api/plane/api/serializers/module.py
index a7c4249208a..d1e3b0d81a7 100644
--- a/apps/api/plane/api/serializers/module.py
+++ b/apps/api/plane/api/serializers/module.py
@@ -54,7 +54,12 @@ class Meta:
         ]
 
     def validate(self, data):
-        project = Project.objects.get(id=self.context.get("project_id"))
+        project_id = self.context.get("project_id")
+        if not project_id:
+            raise serializers.ValidationError("Project ID is required")
+        project = Project.objects.get(id=project_id)
+        if not project:
+            raise serializers.ValidationError("Project not found")
         if not project.module_view:
             raise serializers.ValidationError("Modules are not enabled for this project")
         if (