Skip to content

fix team permissions#1016

Merged
BilalG1 merged 4 commits intodevfrom
fix/team_permission
Nov 13, 2025
Merged

fix team permissions#1016
BilalG1 merged 4 commits intodevfrom
fix/team_permission

Conversation

@BilalG1
Copy link
Copy Markdown
Collaborator

@BilalG1 BilalG1 commented Nov 13, 2025
edited by coderabbitai bot
Loading

Summary by CodeRabbit

  • Chores
    • Enhanced permission definition management system with improved handling for permission configurations, ensuring better system reliability and consistency.

@vercel
Copy link
Copy Markdown

vercel bot commented Nov 13, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
stack-backend Ready Ready Preview Comment Nov 13, 2025 8:53pm
stack-dashboard Ready Ready Preview Comment Nov 13, 2025 8:53pm
stack-demo Ready Ready Preview Comment Nov 13, 2025 8:53pm
stack-docs Ready Ready Preview Comment Nov 13, 2025 8:53pm

@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai bot commented Nov 13, 2025
edited
Loading

Walkthrough

The changes introduce a new ensurePermissionDefinition function that implements conditional creation or update logic for permission definitions, and refactor the seed file to use this function with parameter renames and simplified data payloads.

Changes

Cohort / File(s) Summary
New permission function
apps/backend/src/lib/permissions.tsx		 Added ensurePermissionDefinition function that implements upsert-like logic: conditionally delegates to updatePermissionDefinition if the permission exists in tenancy config, otherwise delegates to createPermissionDefinition. Preserves scope, tenancy, and id fields.
Seed data refactoring
apps/backend/prisma/seed.ts		 Updated import to use ensurePermissionDefinition instead of updatePermissionDefinition; replaced function calls accordingly; renamed parameter oldId to id in permission definition arguments; removed id field from data payloads for team_member and team_admin permission definitions.

Sequence Diagram

sequenceDiagram
    participant Seed
    participant ensurePermissionDefinition
    participant tenancy config
    participant updatePermissionDefinition
    participant createPermissionDefinition

    Seed->>ensurePermissionDefinition: Call with id, data, etc.
    ensurePermissionDefinition->>tenancy config: Check if permission exists
    
    alt Permission exists
        tenancy config-->>ensurePermissionDefinition: Found
        ensurePermissionDefinition->>updatePermissionDefinition: Delegate with oldId + data
        updatePermissionDefinition-->>ensurePermissionDefinition: Updated
    else Permission does not exist
        tenancy config-->>ensurePermissionDefinition: Not found
        ensurePermissionDefinition->>createPermissionDefinition: Delegate with data
        createPermissionDefinition-->>ensurePermissionDefinition: Created
    end
    
    ensurePermissionDefinition-->>Seed: Complete
Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

  • Verify the conditional logic in ensurePermissionDefinition correctly checks tenancy config existence before delegating to update vs. create
  • Confirm parameter mapping from oldId to id is consistent across both function paths
  • Validate that removing id from data payloads doesn't break downstream permission creation logic

Poem

🐰 A function that's clever, it checks with great care,
Does it exist or not? "Ensure," we declare!
Create it or update it, whatever's the case,
The seed hops along with a much cleaner base! 🌱

Pre-merge checks and finishing touches

❌ Failed checks (1 warning, 1 inconclusive)
Check name Status Explanation Resolution
Description check ⚠️ Warning The PR description contains only a template comment and lacks any substantive information about the changes, objectives, or implementation details. Add a detailed description explaining what was changed, why the changes were made, and what problem they solve. Reference the new ensurePermissionDefinition function and the migration from updatePermissionDefinition.
Title check ❓ Inconclusive The title 'fix team permissions' is vague and generic, using non-descriptive terms that don't convey meaningful information about the specific changes made. Replace with a more specific title that describes the actual change, such as 'Replace updatePermissionDefinition with ensurePermissionDefinition in seed' or 'Implement upsert logic for permission definitions'.
✅ Passed checks (1 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch fix/team_permission
📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e320385 and 3f183bf.

📒 Files selected for processing (2)
  • apps/backend/prisma/seed.ts (2 hunks)
  • apps/backend/src/lib/permissions.tsx (1 hunks)
🧰 Additional context used
🧬 Code graph analysis (2)
apps/backend/src/lib/permissions.tsx (3)
apps/backend/src/lib/types.tsx (1)
  • PrismaTransaction (3-3)
apps/backend/src/lib/tenancies.tsx (1)
  • Tenancy (53-53)
packages/stack-shared/src/utils/objects.tsx (1)
  • getOrUndefined (545-548)
apps/backend/prisma/seed.ts (3)
apps/backend/src/lib/permissions.tsx (1)
  • ensurePermissionDefinition (337-374)
apps/backend/src/prisma-client.tsx (1)
  • globalPrismaClient (37-37)
apps/backend/src/lib/tenancies.tsx (2)
  • getSoleTenancyFromProjectBranch (65-72)
  • DEFAULT_BRANCH_ID (19-19)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (11)
  • GitHub Check: Vercel Agent Review
  • GitHub Check: check_prisma_migrations (22.x)
  • GitHub Check: docker
  • GitHub Check: build (22.x)
  • GitHub Check: restart-dev-and-test
  • GitHub Check: setup-tests
  • GitHub Check: build (22.x)
  • GitHub Check: all-good
  • GitHub Check: build (22.x)
  • GitHub Check: lint_and_build (latest)
  • GitHub Check: restart-dev-and-test-with-custom-base-port
🔇 Additional comments (2)
apps/backend/src/lib/permissions.tsx (1)

337-374: LGTM! Well-implemented upsert pattern for permission definitions.

The ensurePermissionDefinition function correctly implements an upsert pattern by checking for existence and delegating to either updatePermissionDefinition or createPermissionDefinition. The transaction handling is appropriate, and the API design with id as a top-level parameter is cleaner than the update-only approach.

apps/backend/prisma/seed.ts (1)

206-232: Excellent fix for seed script idempotency.

The change from updatePermissionDefinition to ensurePermissionDefinition correctly addresses the issue where the seed script would fail on a fresh database (since permissions wouldn't exist yet to update). The tenancy refresh on line 219 is necessary because the first call modifies the config, and the second call needs the updated state.

Minor note: The descriptions "1" and "2" appear to be placeholder values, which is acceptable for seeding purposes.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@BilalG1 BilalG1 mentioned this pull request Nov 13, 2025
Closed
@greptile-apps
Copy link
Copy Markdown
Contributor

greptile-apps bot commented Nov 13, 2025

Greptile Overview

Greptile Summary

Introduces ensurePermissionDefinition helper function that intelligently handles both permission creation and updates. This improves the seed script by making it idempotent - it can now handle both first-time setup (when permissions don't exist) and subsequent runs (when they need to be updated). The refactoring simplifies the API by removing redundant id fields and consolidating the oldId parameter into a single id parameter for cleaner semantics.

Confidence Score: 5/5

  • This PR is safe to merge with no issues found
  • The PR introduces a clean refactoring that improves code maintainability and makes the seed script more robust by handling both creation and update scenarios. The transaction handling is correct - createPermissionDefinition doesn't need sourceOfTruthTx since it only updates config without touching database records
  • No files require special attention

Important Files Changed

File Analysis

Filename Score Overview
apps/backend/src/lib/permissions.tsx 5/5 Added ensurePermissionDefinition helper that creates or updates a permission definition based on whether it exists
apps/backend/prisma/seed.ts 5/5 Replaced updatePermissionDefinition with ensurePermissionDefinition for more robust seeding that handles both creation and update cases

Sequence Diagram

sequenceDiagram
    participant Seed as seed.ts
    participant EPD as ensurePermissionDefinition
    participant Config as tenancy.config
    participant UPD as updatePermissionDefinition
    participant CPD as createPermissionDefinition
    participant DB as Database

    Seed->>EPD: ensurePermissionDefinition(globalTx, sourceOfTruthTx, {id, data})
    EPD->>Config: Check if permission exists
    
    alt Permission exists
        Config-->>EPD: Permission found
        EPD->>UPD: updatePermissionDefinition(globalTx, sourceOfTruthTx, {oldId, data})
        UPD->>Config: Update config with new permission data
        UPD->>DB: Update teamMemberDirectPermission records (via sourceOfTruthTx)
        UPD->>DB: Update projectUserDirectPermission records (via sourceOfTruthTx)
        UPD-->>EPD: Return updated permission
    else Permission does not exist
        Config-->>EPD: Permission not found
        EPD->>CPD: createPermissionDefinition(globalTx, {data})
        CPD->>Config: Add new permission to config
        CPD-->>EPD: Return created permission
    end
    
    EPD-->>Seed: Return permission definition
Loading

greptile-apps[bot]
greptile-apps bot reviewed Nov 13, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

2 files reviewed, 1 comment

Edit Code Review Agent Settings | Greptile

apps/backend/src/lib/permissions.tsx
},
});
} else {
return await createPermissionDefinition(globalTx, {
Copy link
Copy Markdown
Contributor

@greptile-apps greptile-apps bot Nov 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

logic: createPermissionDefinition only takes one transaction parameter (globalTx), but ensurePermissionDefinition receives two (globalTx and sourceOfTruthTx). The sourceOfTruthTx is dropped here, which causes transaction inconsistency.

Suggested change
return await createPermissionDefinition(globalTx, {
return await createPermissionDefinition(globalTx, sourceOfTruthTx, {
Prompt To Fix With AI 
This is a comment left during a code review.
Path: apps/backend/src/lib/permissions.tsx
Line: 364:364

Comment:
**logic:** `createPermissionDefinition` only takes one transaction parameter (`globalTx`), but `ensurePermissionDefinition` receives two (`globalTx` and `sourceOfTruthTx`). The `sourceOfTruthTx` is dropped here, which causes transaction inconsistency.

```suggestion
    return await createPermissionDefinition(globalTx, sourceOfTruthTx, {
```

How can I resolve this? If you propose a fix, please make it concise.

@BilalG1 BilalG1 merged commit 6af5589 into dev Nov 13, 2025
23 checks passed
@BilalG1 BilalG1 deleted the fix/team_permission branch November 13, 2025 22:54
@coderabbitai coderabbitai bot mentioned this pull request Nov 20, 2025
Closed
@coderabbitai coderabbitai bot mentioned this pull request Jan 9, 2026
Merged
@madster456 madster456 mentioned this pull request Feb 4, 2026
Closed
This was referenced Mar 19, 2026
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@BilalG1 BilalG1

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@BilalG1 @ArvindParekh