Skip to content

fix(doc): add task read scope to docs fetch#440

Open
ILUO wants to merge 1 commit intolarksuite:mainfrom
ILUO:fix/docs-fetch-task-scope
Open

fix(doc): add task read scope to docs fetch#440
ILUO wants to merge 1 commit intolarksuite:mainfrom
ILUO:fix/docs-fetch-task-scope

Conversation

@ILUO
Copy link
Copy Markdown
Contributor

@ILUO ILUO commented Apr 13, 2026
edited by coderabbitai bot
Loading

Summary

docs +fetch may need to read task-related data referenced in Lark documents. This PR adds the task:task:read scope to docs +fetch to avoid missing-scope failures when fetching docs that include tasks.

Changes

  • Add task:task:read to DocsFetch.Scopes in shortcuts/doc/docs_fetch.go

Test Plan

  • go test ./shortcuts/doc/...

Related Issues

N/A

Summary by CodeRabbit

  • Updates
    • Expanded permission requirements to enable task reading capabilities for the DocsFetch shortcut, complementing existing document access permissions for enhanced functionality.

@coderabbitai
Copy link
Copy Markdown

coderabbitai bot commented Apr 13, 2026
edited
Loading

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 3282af62-6eb1-401b-bd12-c25e626d59b7

📥 Commits

Reviewing files that changed from the base of the PR and between bb79572 and 802e34d.

📒 Files selected for processing (1)
  • shortcuts/doc/docs_fetch.go
📝 Walkthrough

Walkthrough

The DocsFetch shortcut's permission scope configuration is expanded to include task:task:read alongside the existing docx:document:readonly permission, enabling access to task-related operations.

Changes

Cohort / File(s) Summary
Permission Scope Configuration
shortcuts/doc/docs_fetch.go		 Added task:task:read scope to the DocsFetch shortcut's permission requirements alongside existing docx:document:readonly scope.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Suggested labels

domain/task, size/M

Suggested reviewers

  • tengchengwei
  • LuckyTerry

Poem

🐰 A tiny change hops into sight,
One scope added, just right,
Tasks now whisper to docs so dear,
Permissions granted, crystal clear! ✨

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Title check ✅ Passed The title accurately summarizes the main change: adding the task read scope to the docs fetch shortcut.
Description check ✅ Passed The description follows the template and includes all required sections: Summary, Changes, Test Plan, and Related Issues are complete and informative.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands and usage tips.

@github-actions github-actions bot added domain/ccm PR touches the ccm domain size/M Single-domain feat or fix with limited business impact labels Apr 13, 2026
@greptile-apps
Copy link
Copy Markdown

greptile-apps bot commented Apr 13, 2026

Greptile Summary

This PR adds task:task:read to DocsFetch.Scopes so that when a user fetches a Lark document containing embedded task references, the CLI can proactively check for and request this scope instead of surfacing a cryptic missing-scope error at runtime. The change is minimal and correct: checkShortcutScopes in runner.go only validates scopes for user-auth identities (as == core.AsUser), so bot auth is completely unaffected by adding a scope to the shared Scopes field.

Confidence Score: 5/5

Safe to merge — the one-line scope addition is correct and bot auth is unaffected.

All findings are P2 (style suggestion only). The core change is correct: checkShortcutScopes only validates scopes for user auth, so adding task:task:read to the shared Scopes field introduces no functional regression for bot users. The fix addresses a real missing-scope failure for user auth when fetching docs that contain task references.

No files require special attention.

Important Files Changed

Filename Overview
shortcuts/doc/docs_fetch.go Adds task:task:read to the shared Scopes slice; scope checking only runs for user auth so bot behavior is unchanged.

Sequence Diagram

sequenceDiagram
    participant User
    participant CLI as lark-cli docs +fetch
    participant Runner as runner.go (checkShortcutScopes)
    participant MCP as MCP Server (fetch-doc)
    participant LarkAPI as Lark API

    User->>CLI: docs +fetch --doc url
    CLI->>Runner: ScopesForIdentity("user") → ["docx:document:readonly", "task:task:read"]
    Runner->>Runner: checkScopePrereqs(appID, userOpenID, scopes)
    alt Missing task:task:read
        Runner-->>User: Error: missing_scope → prompt re-auth
    else All scopes present
        CLI->>MCP: tools/call fetch-doc {doc_id}
        MCP->>LarkAPI: fetch document content
        LarkAPI-->>MCP: document blocks (may include task refs)
        MCP->>LarkAPI: fetch task data (requires task:task:read)
        LarkAPI-->>MCP: task data
        MCP-->>CLI: {title, markdown, has_more}
        CLI-->>User: formatted document output
    end
Loading

Reviews (1): Last reviewed commit: "fix(doc): add task read scope to docs fe..." | Re-trigger Greptile

greptile-apps[bot]
greptile-apps bot reviewed Apr 13, 2026
View reviewed changes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

domain/ccm PR touches the ccm domain size/M Single-domain feat or fix with limited business impact

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ILUO