mirror of
https://github.com/makeplane/plane.git
synced 2026-05-18 21:25:41 +02:00
cea3082c82
* fix(permissions): drop WorkspaceFeaturePermissions, gate features on workspace:view/manage Workspace features endpoints now use the generic workspace permission since the FE does not consume a dedicated workspace_feature resource. GET is gated on workspace:view (widens access to W-Guest); PATCH is gated on workspace:manage (admin-only toggles, matching the original WorkSpaceAdminPermission intent on the external API). Removes the workspace_feature ResourceType, permission class, scheme grants, inheritance entry, and model registry mapping; docs updated to reflect the new permission strings and role access deltas. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(permissions): expose integration connect/manage in custom PS UI, rename edit label Add integration.connect and integration.manage to the workspace custom PS builder so custom roles can be granted the two actions the BE already gates traffic on (Slack/GitHub connect, OAuth app install, import-job management). Without this, custom roles were structurally unable to use integration features that built-in member/admin roles receive via code. Rename the integration.edit label across all 19 locales from "Configure" to "Edit" for consistency with webhook/customer/dashboard rows and to match the underlying `integration:edit` permission string. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(permissions): use intake:submit for IntakeSettingEndpoint GET The GET handler previously used intake:view, which project guests hold only as intake:view+creator. At project scope the creator condition evaluates against Project.created_by_id, so guests (who never create the project) always got a 403 even though they can submit into intake. Switch the decorator to intake:submit, which every intake-using role (Contributor, Commenter, Guest) holds unconditionally and Admin holds via intake:*. PATCH continues to use CONFIGURE as the admin-only gate for mutating settings. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(permissions): switch IntakeSettingEndpoint GET to intake:view with defer_conditions Using intake:submit worked for system roles but is fragile: custom permission schemes can grant intake read access without granting submit. intake:view is the canonical read gate for intake. The reason a plain @can(intake:view) fails for P-Guest is that guest holds intake:view+creator; at project scope the engine evaluates the creator condition against Project.created_by_id, which never matches a guest → 403. With defer_conditions=True, intake being a child of project in the resource hierarchy lets the conditional grant pass the gate and hands the condition to the view. The view then consumes the condition purely to satisfy finalize_response's consumption check — the settings endpoint returns a single project-level config document, so there is no row to filter by creator. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(permissions): gate WorkspaceFileAssetEndpoint upload/view on workspace:view Project creation uploads the cover image before the Project row exists, so project_asset:create is unavailable; the old gate of workspace_asset:create is held only by workspace Owner/Admin/Member and can be omitted by custom schemes, so the upload 403d for guests and for custom roles without that grant. Switch POST (upload) and GET (download) on WorkspaceFileAssetEndpoint to workspace:view. Both are safe: POST only writes a FileAsset row and returns a presigned URL, GET returns a signed download URL — neither mutates workspace/project state. PATCH (finalize) and DELETE stay on workspace_asset:edit/delete. Those paths call entity_asset_save/entity_asset_delete, which flip workspace.logo_asset_id and project.cover_image_asset_id; loosening them would let a workspace Guest overwrite or clear a workspace logo or project cover by crafting a request with entity_type=WORKSPACE_LOGO or PROJECT_COVER. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * fix(group_sync): handle group extraction when IdP drops user from all… (#6888) * fix(group_sync): handle group extraction when IdP drops user from all groups and ensure auto-remove functionality * fix(teamspace_members): clarify model attribute handling in TeamspaceMembersEndpoint --------- Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com> Co-authored-by: Nikhil <118773738+pablohashescobar@users.noreply.github.com>