Added cancel permission#170
Conversation
📝 WalkthroughWalkthroughChangesSession controls
Estimated code review effort: 2 (Simple) | ~10 minutes Sequence Diagram(s)sequenceDiagram
participant WorkspaceSessions
participant canCancelSession
participant SessionTemplate
participant SessionModal
WorkspaceSessions->>canCancelSession: Evaluate workspace permission and session type
canCancelSession-->>WorkspaceSessions: Return canCancel
WorkspaceSessions->>SessionTemplate: Pass canCancel
SessionTemplate->>SessionModal: Pass canCancel
SessionModal->>SessionModal: Render cancellation section when canManage or canCancel
Suggested reviewers: 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Warning There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure. 🔧 ESLint
ESLint install timed out. The project may have too many dependencies for the sandbox. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 1
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
components/topbar.tsx (1)
73-78: 🎯 Functional Correctness | 🟡 Minor | ⚡ Quick winOnly show the success toast for explicit refreshes.
fetchSessionsis also called when the user first opens the Sessions panel, so this unconditional toast displays “Sessions refreshed” during initial loading. Add ashowToastparameter or separate the initial-load and refresh functions, then call the toast only from the refresh button.Suggested fix
- const fetchSessions = async () => { + const fetchSessions = async (showToast = false) => { setSessionsLoading(true); try { const res = await axios.get("/api/user/sessions"); setSessions(res.data.sessions || []); - toast.success("Sessions refreshed") + if (showToast) toast.success("Sessions refreshed");- onClick={fetchSessions} + onClick={() => fetchSessions(true)}🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@components/topbar.tsx` around lines 73 - 78, Update fetchSessions so the “Sessions refreshed” success toast is conditional and only enabled for explicit refresh actions. Pass a showToast flag from the refresh button while leaving the initial Sessions panel load silent; preserve the existing session-fetching and loading behavior.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@components/sessioncard.tsx`:
- Line 731: Update the session action condition near the canManage/canCancel
check so the Uncancel control is rendered only when canManage is true, while
preserving the existing cancelled-state guard and cancel-only behavior.
---
Outside diff comments:
In `@components/topbar.tsx`:
- Around line 73-78: Update fetchSessions so the “Sessions refreshed” success
toast is conditional and only enabled for explicit refresh actions. Pass a
showToast flag from the refresh button while leaving the initial Sessions panel
load silent; preserve the existing session-fetching and loading behavior.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 5635f683-5323-49c9-9d9a-0f92e5f3ee96
📒 Files selected for processing (5)
components/sessioncard.tsxcomponents/settings/permissions/roles.tsxcomponents/topbar.tsxpages/workspace/[id]/sessions.tsxutils/sessionPermissions.ts
| )} | ||
|
|
||
| {canManage && !session.cancelled && ( | ||
| {(canManage || canCancel) && !session.cancelled && ( |
There was a problem hiding this comment.
🔒 Security & Privacy | 🟡 Minor | ⚡ Quick win
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
rg -n 'sessions/.*/cancel|canCancelSession|sessions_[^"]*_cancel' .Repository: PlanetaryOrbit/orbit
Length of output: 917
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "== components/sessioncard.tsx (relevant ranges) =="
sed -n '180,280p' components/sessioncard.tsx
echo
sed -n '700,770p' components/sessioncard.tsx
echo
echo "== utils/sessionPermissions.ts =="
cat -n utils/sessionPermissions.ts
echo
echo "== API route search =="
rg -n 'cancelled|uncancel|restore|canCancelSession|canManageSession|authorize|permission' pages components utils api -g '!**/node_modules/**'Repository: PlanetaryOrbit/orbit
Length of output: 50376
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "== pages/api/workspace/[id]/sessions/[sid]/cancel.ts (full) =="
cat -n pages/api/workspace/[id]/sessions/[sid]/cancel.ts
echo
echo "== permission wrapper and session permission helpers =="
sed -n '1,260p' utils/permissionsManager.ts 2>/dev/null || true
sed -n '1,220p' utils/sessionPermissions.tsRepository: PlanetaryOrbit/orbit
Length of output: 14145
Hide the Uncancel action behind manage access. The DELETE route already requires sessions_*_manage, but the button is still rendered for any cancelled session. That leaves users with cancel-only access at a dead end. Either gate this control on canManage or add a separate uncancel permission and enforce it server-side too.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@components/sessioncard.tsx` at line 731, Update the session action condition
near the canManage/canCancel check so the Uncancel control is rendered only when
canManage is true, while preserving the existing cancelled-state guard and
cancel-only behavior.
Summary by CodeRabbit
New Features
Bug Fixes