[MOBIL-1039] dev: add teamspace validation in work item info query (#3602)

* dev: handled the teamspace permissions

* dev: updated the await in teamspace filter

* dev: handled the project details in workitem info query
This commit is contained in:
guru_sainath
2025-07-08 18:20:22 +05:30
committed by GitHub
parent 5e9f1352dd
commit 2fe8405bb0

View File

@@ -9,6 +9,7 @@ from strawberry.types import Info
# Module Imports
from plane.db.models import Issue, Project, ProjectMember
from plane.graphql.helpers.teamspace import project_member_filter_via_teamspaces_async
from plane.graphql.permissions.workspace import WorkspacePermission
from plane.graphql.types.issues.meta import IssueShortenedMetaInfo
from plane.graphql.utils.roles import Roles
@@ -72,6 +73,9 @@ class IssueShortenedMetaInfoQuery:
async def issue_shortened_meta_info(
self, info: Info, slug: str, work_item_identifier: str
) -> IssueShortenedMetaInfo:
user = info.context.user
user_id = str(user.id)
workspace_slug = slug
project_identifier = None
issue_sequence = None
@@ -87,15 +91,25 @@ class IssueShortenedMetaInfoQuery:
error_extensions = {"code": "ISSUE_NOT_FOUND", "statusCode": 404}
raise GraphQLError(message, extensions=error_extensions)
project_id = await get_project_id(workspace_slug, project_identifier)
is_project_member = await project_member_exists(
workspace_slug, project_identifier, info.context.user
)
if not is_project_member:
message = "User does not have permission to access this project."
error_extensions = {"code": "UNAUTHORIZED", "statusCode": 403}
raise GraphQLError(message, extensions=error_extensions)
project_id = await get_project_id(workspace_slug, project_identifier)
# validate teamspace membership
project_teamspace_filter = await project_member_filter_via_teamspaces_async(
user_id=user_id,
workspace_slug=workspace_slug,
)
teamspace_project_ids = project_teamspace_filter.teamspace_project_ids
if (
not teamspace_project_ids
or str(project_id) not in teamspace_project_ids
):
message = "User does not have permission to access this project."
error_extensions = {"code": "UNAUTHORIZED", "statusCode": 403}
raise GraphQLError(message, extensions=error_extensions)
issue_id, is_epic = await get_issue_id(
workspace_slug, project_id, issue_sequence