Fix web share permission access controls

[appflowy]

Summary

• Allow full-access users to manage private-page sharing and invite with Full access.
• Keep promoted Full access collaborators reversible from the share panel.
• Add seeded BDD coverage plus a focused dropdown regression test.

Tests

• pnpm exec jest src/components/app/share/tests/AccessLevelDropdown.test.tsx --runInBand --no-coverage
• pnpm exec eslint --quiet src/components/app/share/AccessLevelDropdown.tsx src/components/app/share/tests/AccessLevelDropdown.test.tsx
• pnpm run type-check

Summary by Sourcery

Adjust web share permission handling to distinguish private, shared, and public pages, and centralize share access loading while enabling full-access collaborators to manage sharing and invitations.

New Features:

• Allow granting and managing Full access for collaborators directly from the share panel and invite flow.
• Introduce a share section type model to classify pages as public, shared, private, or unknown based on outline and access details.
• Expose a hook to load share access details for the current view and surface the current user access level to consumers.

Bug Fixes:

• Prevent non-full-access users from inheriting or managing private-page sharing where they should not have permissions.
• Disable publishing actions and share invite controls for users with read-only or insufficient permissions.

Enhancements:

• Refactor share panel and related components to consume preloaded share access details instead of querying access independently.
• Update general access indicators to rely on resolved share section types rather than private flags alone.
• Allow existing full-access rows in the people-with-access list to remain editable when the current user can modify access.

Tests:

• Add Jest tests for the access level dropdown to ensure full-access collaborators remain editable only for authorized users.
• Add Playwright BDD suites and fixtures covering seeded role-matrix scenarios and full-access share management flows, including temporary public-to-private space transitions.

[sourcery-ai]

Reviewer's Guide

Refactors share access state management into a dedicated hook, updates Share/Publish panels and related components to respect full-access semantics for private pages, and adds seeded Playwright BDD plus unit tests to cover the new permission and sharing behavior.

File-Level Changes

Change	Details	Files
Move share access loading/derivation into a reusable hook and thread its results through ShareTabs, SharePanel, PeopleWithAccess, and GeneralAccess.	Introduce useShareAccessDetails hook to fetch share details, derive current user access level, hasFullAccess, and a ShareSectionType for the current view. Remove share-detail loading logic from SharePanel and instead accept people, isLoadingPeople, hasFullAccess, onPeopleChange, and sectionType as props. Update ShareTabs to call useShareAccessDetails when the Share panel is opened and to pass its results into SharePanel and PublishPanel. Change PeopleWithAccess to receive hasFullAccess as a prop instead of recomputing it locally and to pass it through to AccessLevelDropdown. Change GeneralAccess to use ShareSectionType instead of computing privacy from outline/viewId, and implement resolveShareSectionType to classify Public/Shared/Private at the view level.	src/components/app/share/useShareAccessDetails.ts src/components/app/share/ShareTabs.tsx src/components/app/share/SharePanel.tsx src/components/app/share/PeopleWithAccess.tsx src/components/app/share/GeneralAccess.tsx src/components/app/share/shareSectionType.ts src/components/app/share/useShareAccessDetails.test.ts
Adjust UI behavior so full-access collaborators remain modifiable by eligible users and can themselves grant Full access in the invite/dropdown controls.	Update AccessLevelDropdown so FullAccess entries are only rendered as static labels when canModify is false; otherwise they remain interactive and can have access changed or removed. Add a Full access option in AccessLevelDropdown’s menu with crown icon, description, async update handling, and success/error notifications. Update InviteGuest to display a Full access label and to offer a Full access option (with icon, description, and tick) in the invite access-level selector, and to tighten invite button disabling via canNotInvite. Add unit tests for AccessLevelDropdown to verify editable vs static rendering for full-access collaborators based on canModify and currentUserHasFullAccess. Wire hasFullAccess from useShareAccessDetails through SharePanel into PeopleWithAccess, so AccessLevelDropdown receives correct modification capability.	src/components/app/share/AccessLevelDropdown.tsx src/components/app/share/InviteGuest.tsx src/components/app/share/PeopleWithAccess.tsx src/components/app/share/__tests__/AccessLevelDropdown.test.tsx
Tighten PublishPanel access by honoring the current user’s access level when enabling publish actions and tooltips.	Extend PublishPanel props to accept currentUserAccessLevel and shareDetailsLoading, and forward these from ShareTabs using useShareAccessDetails. Disable the publish button for read-only users or while share details/publish are loading, and guard the handler so it no-ops for read-only users. Wrap the publish button in a Tooltip that shows a read-only specific message when the current user has ReadOnly access.	src/components/app/share/PublishPanel.tsx src/components/app/share/ShareTabs.tsx
Add seeded Playwright BDD coverage for role-matrix permissions and full-access share-management flows, including temporary space setup/cleanup helpers.	Introduce seeded-role-matrix.steps.ts to drive scenarios around owners, co-owners, members, various guest roles, and nonmembers, including workspace public-to-private transitions using a temporary space page. Introduce full-access-share-management.steps.ts to validate share panel controls, invite capabilities, and title edit behavior for owners, full-access members/guests, edit/read guests, and no-share guests. Add feature files describing the role matrix behavior for private/public pages and the full-access share-management expectations in Given/When/Then form. Implement helper utilities in these step files to manage per-scenario state, open seeded pages by ID, reset browser sessions, obtain auth tokens, call backend APIs, and clean up/restore seeded data after tests.	playwright/bdd/steps/seeded-role-matrix.steps.ts playwright/bdd/features/page/seeded-role-matrix.feature playwright/bdd/steps/full-access-share-management.steps.ts playwright/bdd/features/page/full-access-share-management.feature

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[github-actions]

🥷 Ninja i18n – 🛎️ Translations need to be updated

Project /project.inlang

lint rule	new reports	level	link
Missing translation	109	warning	contribute (via Fink 🐦)

[sourcery-ai]

Hey - I've left some high level feedback:

• The two new BDD step files (seeded-role-matrix.steps.ts and full-access-share-management.steps.ts) duplicate quite a bit of low-level helper logic (auth token retrieval, page-title restoration, sharePersonRow, etc.); consider extracting these into shared test utilities under playwright/support to keep the steps smaller and easier to maintain.
• Both BDD step files hard-code substantial seeded account/page metadata inline; moving the constants (account emails, page IDs/titles, workspace IDs) into a shared fixture module would make it easier to adjust the seeded data without touching the step definitions themselves.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- The two new BDD step files (`seeded-role-matrix.steps.ts` and `full-access-share-management.steps.ts`) duplicate quite a bit of low-level helper logic (auth token retrieval, page-title restoration, `sharePersonRow`, etc.); consider extracting these into shared test utilities under `playwright/support` to keep the steps smaller and easier to maintain.
- Both BDD step files hard-code substantial seeded account/page metadata inline; moving the constants (account emails, page IDs/titles, workspace IDs) into a shared fixture module would make it easier to adjust the seeded data without touching the step definitions themselves.

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}