Skip to content

Dev to Main Sync#281

Merged
iamitprakash merged 1 commit intomainfrom
develop
Sep 26, 2025
Merged

Dev to Main Sync#281
iamitprakash merged 1 commit intomainfrom
develop

Conversation

@AnujChhikara
Copy link
Contributor

@AnujChhikara AnujChhikara commented Sep 26, 2025
edited by korbit-ai bot
Loading

Date: 26 Sep 2025

Developer Name: @AnujChhikara

Issue Ticket Number

PRs going in Sync

Description

  • Added a middleware for the team info api so only team members can view the team related informations

Documentation Updated?

  • Yes
  • No

Under Feature Flag

  • Yes
  • No

Database Changes

  • Yes
  • No

Breaking Changes

  • Yes
  • No

Development Tested?

  • Yes
  • No

Screenshots

Staging Proof
screen-recording-2025-09-26-at-94357-pm_aKtDphHU.mp4

Note

I'm currently writing a description for your pull request. I should be done shortly (<1 minute). Please don't edit the description field until I'm finished, or we may overwrite each other. If I find nothing to write about, I'll delete this message.

Description by Korbit AI

What change is being made?

Implement a new TeamAccessMiddleware to enforce team-scoped access on protected routes, return 400 when team_id is missing, 403 when access is unauthorized, and 500 on internal errors; add unit tests for the middleware; expose 403 responses in relevant views; propagate forbidden responses from service layer and register the middleware in the project settings.

Why are these changes being made?

To centralize and secure team-level access control, ensuring only users with appropriate team roles can access protected endpoints and clearly communicate forbidden scenarios to clients. Minor updates to views and OpenAPI docs reflect the new 403 responses, and the middleware is wired in the application startup.

Is this description stale? Ask me to generate a new description by commenting /korbit-generate-pr-description

@AnujChhikara
fix(#274): add middleware for the restricting non team members from v…
8a995e9 
…iewing team details (#275)

* feat(team_access): implement team access control

* refactor(task): simplify error handling in TaskListView response

* refactor(team_access): remove debug print statements

* test(team): enhance team member removal tests with access control checks

* feat: add 403 Forbidden response to various team and task views

* test(team_access): add unit tests for team access utility functions and decorator

* refactor(team_access): simplify access check logic in has_team_access function

* refactor(team_access): remove redundant team_id extraction logic from decorator

* refactor(team_access): remove team access decorator and simplify access check logic

* refactor(team_access): integrate team access logic into middleware and remove utility function
@coderabbitai
Copy link

coderabbitai bot commented Sep 26, 2025

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

✨ Finishing touches
🧪 Generate unit tests
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch develop

Tip

👮 Agentic pre-merge checks are now available in preview!

Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.

  • Built-in checks – Quickly apply ready-made checks to enforce title conventions, require pull request descriptions that follow templates, validate linked issues for compliance, and more.
  • Custom agentic checks – Define your own rules using CodeRabbit’s advanced agentic capabilities to enforce organization-specific policies and workflows. For example, you can instruct CodeRabbit’s agent to verify that API documentation is updated whenever API schema files are modified in a PR. Note: Upto 5 custom checks are currently allowed during the preview period. Pricing for this feature will be announced in a few weeks.

Please see the documentation for more information.

Example:

reviews:
  pre_merge_checks:
    custom_checks:
      - name: "Undocumented Breaking Changes"
        mode: "warning"
        instructions: |
          Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).

Please share your feedback with us on this Discord post.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

korbit-ai[bot]
korbit-ai bot reviewed Sep 26, 2025
View reviewed changes
Copy link

@korbit-ai korbit-ai bot left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review by Korbit AI

Korbit automatically attempts to detect when you fix issues in new commits.
Category Issue Status
Documentation Inaccurate middleware behavior description ▹ view
Error Handling Generic exception handling loses error context ▹ view
Security Lack of explicit authentication check ▹ view
Logging Insufficient error logging context ▹ view
Security Missing authentication check before authorization ▹ view
Readability Hardcoded Route Names ▹ view
Readability Unclear Request Attribute Access ▹ view
Performance Unnecessary URL resolution on all requests ▹ view
Security Middleware ordering may break team access control ▹ view
Files scanned
File Path Reviewed
todo/middlewares/team_access_middleware.py
todo_project/settings/base.py
todo/views/task.py
todo/views/team.py

Explore our documentation to understand the languages and file types we support and the files we ignore.

Check out our docs on how you can make Korbit work best for you and your team.

Loving Korbit!? Share us on LinkedIn Reddit and X

@AnujChhikara AnujChhikara self-assigned this Sep 26, 2025
@iamitprakash iamitprakash merged commit e39038c into main Sep 26, 2025
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@korbit-ai korbit-ai[bot] korbit-ai[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@AnujChhikara AnujChhikara

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@AnujChhikara @iamitprakash