Limit github onboarding to team users

[gaspergrom]

Changes proposed ✍️

What

copilot:summary
​
copilot:poem

Why

How

copilot:walkthrough

Checklist ✅

• Label appropriately with Feature, Improvement, or Bug.
• Add screenshots to the PR description for relevant FE changes
• New backend functionality has been unit-tested.
• API documentation has been updated (if necessary) (see docs on API documentation).
• Quality standards are met.

Summary by CodeRabbit

• New Features

  • The GitHub connection button now conditionally enables or disables based on team membership status.
  • A new function to identify team users based on user IDs has been introduced.

• Bug Fixes

  • Improved user interface responsiveness to user permissions regarding GitHub integration.

[coderabbitai]

Important

Review skipped

Auto incremental reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

This pull request introduces a new mechanism to control GitHub connection button interactions based on team user status. By implementing an isTeamUser function in the permissions configuration and adding a reactive computed property in the GitHub connection component, the changes enable dynamic button state management. The implementation checks whether a user belongs to a predefined list of team users and adjusts the UI interaction accordingly.

Changes

File	Change Summary
frontend/src/config/permissions/index.ts	Added teamUsers array and isTeamUser function to validate team user status
frontend/src/config/integrations/github/components/github-connect.vue	Introduced isTeam computed property and modified template to conditionally enable GitHub connection button

Sequence Diagram

sequenceDiagram
    participant User
    participant AuthStore
    participant GithubConnect
    participant Permissions

    User->>AuthStore: Login
    AuthStore->>GithubConnect: Provide user object
    GithubConnect->>Permissions: Check isTeamUser(user)
    Permissions-->>GithubConnect: Return team status
    GithubConnect->>GithubConnect: Update button state

Loading

Possibly related PRs

• Fix people tab loading in organization profiles #2693: Data handling changes in another component, but not directly related to team user functionality

Poem

🐰 A rabbit's tale of GitHub's might,
Where team users dance in digital light,
Buttons enabled with computed grace,
Permissions checked at a rabbit's pace,
Connecting code with magical flair! 🔗✨

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 2

🔭 Outside diff range comments (1)

frontend/src/config/integrations/github/components/github-connect.vue (1)

Line range hint 8-17: Improve user feedback and error handling

The current implementation has several UX concerns:

1. The tooltip message about "disabled due to issues" is misleading for team users
2. No visual feedback during permission checks
3. Commented out "Details" button without explanation

Consider these improvements:

 <el-tooltip
-  content="Onboarding new data for GitHub is currently disabled due to some issues we are experiencing.
-    Please contact support if you need to onboard new data or update settings."
+  :content="isTeam ? 'Connect your GitHub account' : 'GitHub integration is currently limited to team members only. Please contact support for access.'"
   placement="top"
   :disabled="isTeam"
 >
-  <lf-button type="secondary" :disabled="!isTeam" @click="isSettingsDrawerOpen = true">
+  <lf-button 
+    type="secondary" 
+    :disabled="!isTeam" 
+    :loading="isCheckingPermissions"
+    @click="handleConnect"
+  >
     <lf-icon name="link-simple" />
     Connect
   </lf-button>
 </el-tooltip>

🧹 Nitpick comments (2)

frontend/src/config/permissions/index.ts (1)

31-31: Add input validation for user ID format

The isTeamUser function should validate the UUID format before checking inclusion.

Consider adding validation:

-export const isTeamUser = (user: User | null) => user && teamUsers.includes(user.id);
+export const isTeamUser = (user: User | null) => {
+  const UUID_REGEX = /^[0-9a-f]{8}-[0-9a-f]{4}-4[0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i;
+  return user && UUID_REGEX.test(user.id) && teamUsers.includes(user.id);
+};

frontend/src/config/integrations/github/components/github-connect.vue (1)

Line range hint 4-8: Document or remove commented code

The commented out "Details" button lacks context. Either document why it's commented out or remove it.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c948751 and bb6a648.

📒 Files selected for processing (2)

• frontend/src/config/integrations/github/components/github-connect.vue (1 hunks)
• frontend/src/config/permissions/index.ts (2 hunks)

[coderabbitai]

⚠️ Potential issue

Consider moving team user management to the backend

Hardcoding user IDs in the frontend raises several concerns:

1. Security: User IDs are exposed in client-side code
2. Maintainability: Adding/removing users requires code changes
3. Documentation: No context for the listed IDs or the commented out ID

Consider these alternatives:

1. Move team user management to the backend with proper access control
2. Implement a configuration endpoint to fetch authorized users
3. Add role-based access control instead of user-based restrictions

Would you like me to propose a detailed implementation for any of these alternatives?

[coderabbitai]

🛠️ Refactor suggestion

Add error handling and loading state

The component should handle potential store errors and loading states.

Add error handling and loading state:

 const isSettingsDrawerOpen = ref(false);
+const isCheckingPermissions = ref(false);
+const error = ref<Error | null>(null);
 
 const { user } = storeToRefs(useAuthStore());
 
-const isTeam = computed(() => isTeamUser(user.value));
+const isTeam = computed(() => {
+  try {
+    return isTeamUser(user.value);
+  } catch (e) {
+    error.value = e as Error;
+    return false;
+  }
+});
+
+const handleConnect = async () => {
+  isCheckingPermissions.value = true;
+  try {
+    // Verify permissions before opening drawer
+    if (await verifyGithubPermissions()) {
+      isSettingsDrawerOpen.value = true;
+    }
+  } catch (e) {
+    error.value = e as Error;
+  } finally {
+    isCheckingPermissions.value = false;
+  }
+};

Committable suggestion skipped: line range outside the PR's diff.

[joanagmaia]

Hey @gaspergrom , why not adding this to .env.override.local in crowd-kube?
I think it will be better for security reasons