Skip to content

feat(drive): add +folder-permission-get shortcut#1738

Open
zhaojiaxing-coding wants to merge 1 commit into
mainfrom
feat/drive-folder-permission-get
Open

feat(drive): add +folder-permission-get shortcut#1738
zhaojiaxing-coding wants to merge 1 commit into
mainfrom
feat/drive-folder-permission-get

Conversation

@zhaojiaxing-coding

@zhaojiaxing-coding zhaojiaxing-coding commented Jul 3, 2026

Copy link
Copy Markdown
Collaborator

Add a Drive shortcut for reading a folder's own public permission settings through the v2 permission endpoint. This gives agents a typed, folder-specific path when raw permission.public get does not accept folder targets, without turning folder permission checks into recursive governance scans.

Key features:

  • Accept exactly one folder locator through --url or --folder-token and validate non-folder inputs before API calls

  • Return permission_public unchanged so callers can reason from server-provided fields

  • Register the shortcut and cover unit plus dry-run E2E behavior

  • Document when to use +folder-permission-get in lark-drive permission workflows

Summary

Changes

  • Change 1
  • Change 2

Test Plan

  • Unit tests pass
  • Manual local verification confirms the lark-cli <domain> <command> flow works as expected

Related Issues

  • None

Summary by CodeRabbit

  • New Features

    • Added a new Drive command to view a folder’s public sharing settings directly.
    • Supports using either a folder URL or folder token, with dry-run and live execution.
  • Bug Fixes

    • Improved input handling for folder links and tokens.
    • Added clearer validation for invalid or mixed command inputs.
  • Documentation

    • Updated Drive help and workflow guides with the new command and usage examples.

Add a Drive shortcut for reading a folder's own public permission settings through the v2 permission endpoint. This gives agents a typed, folder-specific path when raw permission.public get does not accept folder targets, without turning folder permission checks into recursive governance scans.

Key features:

- Accept exactly one folder locator through --url or --folder-token and validate non-folder inputs before API calls

- Return permission_public unchanged so callers can reason from server-provided fields

- Register the shortcut and cover unit plus dry-run E2E behavior

- Document when to use +folder-permission-get in lark-drive permission workflows
@github-actions github-actions Bot added domain/ccm PR touches the ccm domain size/L Large or sensitive change across domains or core paths labels Jul 3, 2026
@coderabbitai

coderabbitai Bot commented Jul 3, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

Adds a new DriveFolderPermissionGet shortcut that fetches a Drive folder's own permission_public settings via --url or --folder-token, supporting dry-run and execute modes. Registers the shortcut, adds unit and e2e tests, and updates skill/workflow documentation to reference the new command.

Changes

Folder Permission Get Shortcut

Layer / File(s) Summary
Shortcut implementation
shortcuts/drive/drive_folder_permission_get.go
Defines driveFolderPermissionGetSpec, parsing/validation logic for --url/--folder-token, request path/params helpers, output extraction of permission_public, and the exported DriveFolderPermissionGet shortcut with dry-run/execute support.
Registration and tests
shortcuts/drive/shortcuts.go, shortcuts/drive/shortcuts_test.go, shortcuts/drive/drive_folder_permission_get_test.go, tests/cli_e2e/drive/drive_folder_permission_get_dryrun_test.go
Registers the new shortcut in the Drive shortcuts list, adds it to expected command lists, and adds unit tests for URL/token parsing, validation errors, dry-run output, execution, plus an e2e dry-run test.
Skill and workflow documentation
skills/lark-drive/SKILL.md, skills/lark-drive/references/lark-drive-folder-permission-get.md, skills/lark-drive/references/lark-drive-workflow-permission-governance*.md
Updates decision guidance, shortcuts table, adds a new reference doc, and revises permission-governance workflow rules to route folder self-permission reads through the new command.

Estimated code review effort: 3 (Moderate) | ~25 minutes

Sequence Diagram(s)

sequenceDiagram
  participant User
  participant CLI as lark-cli
  participant Spec as readDriveFolderPermissionGetSpec
  participant API as Open API

  User->>CLI: drive +folder-permission-get --url/--folder-token
  CLI->>Spec: parse and validate input
  Spec-->>CLI: FolderToken
  alt dry-run
    CLI-->>User: print GET request description
  else execute
    CLI->>API: GET folder permission_public
    API-->>CLI: permission_public data
    CLI-->>User: formatted output (masked token)
  end
Loading

Possibly related PRs

  • larksuite/cli#588: Both PRs update the Drive shortcut registry in shortcuts/drive/shortcuts.go and shortcuts_test.go to add a new command entry.

Suggested labels: documentation

Suggested reviewers: fangshuyu-768, wittam-01

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Description check ⚠️ Warning The description includes a useful overview, but the required template sections are left as placeholders and not filled in. Fill the Summary, Changes, Test Plan, and Related Issues sections with concrete PR details instead of template placeholders.
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title is concise and accurately summarizes the main addition: a new drive folder permission shortcut.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch feat/drive-folder-permission-get

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown

PR Quality Summary

CI did not complete successfully. Use the failed check links below to decide whether this PR needs a code change or a rerun.

Failed checks

  • unit-test — failure — details
  • coverage — failure — details
  • deterministic-gate — failure — details
  • results — failure — details

deterministic-gate

  • example_dry_runskills/lark-drive/references/lark-drive-workflow-permission-governance-commands.md:169 — example dry-run exited with code 2: { "ok": false, "identity": "user", "error": { "type": "validation", "subtype": "invalid_argument", "message": "--label-id must be a numeric secure label ID, not a display name: \"label_test123\"", "hint": "run `lark-cli drive +secure-label-list` and pass the numeric `id` value; do not pass label names like `Public(D)`", "param": "--label-id" } } — Action: update the example so it can run locally with --dry-run, or mark placeholders explicitly

@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown

🚀 PR Preview Install Guide

🧰 CLI update

npm i -g https://pkg.pr.new/larksuite/cli/@larksuite/cli@963d8b3c2494a88f83812bc7067680e7b1a2d771

🧩 Skill update

npx skills add larksuite/cli#feat/drive-folder-permission-get -y -g

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@shortcuts/drive/drive_folder_permission_get.go`:
- Around line 21-64: The validation errors in readDriveFolderPermissionGetSpec
mix the failing input with recovery guidance in the message, which should be
moved to .WithHint(...). Update the checks around rawURL/rawToken, the
unsupported URL case, and the non-folder ref.Type branch so the error message
only states what failed and .WithHint(...) carries guidance like which flag to
pass or what folder URL format is accepted; keep the param on the actual failing
input such as --url or --folder-token.
- Around line 87-95: The driveFolderPermissionGetSpec.output method is falling
back to the entire data map when permission_public is missing, which reshapes
the output unexpectedly; update output to return only the nested
permission_public object (or an empty/absent value) instead of data, and keep
the behavior localized to driveFolderPermissionGetSpec.output and common.GetMap
handling. Add a test covering the missing permission_public case to verify the
response does not expose unrelated top-level fields.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 57f56f6c-bd78-4676-8c24-5648173b585e

📥 Commits

Reviewing files that changed from the base of the PR and between a1506cd and 963d8b3.

📒 Files selected for processing (9)
  • shortcuts/drive/drive_folder_permission_get.go
  • shortcuts/drive/drive_folder_permission_get_test.go
  • shortcuts/drive/shortcuts.go
  • shortcuts/drive/shortcuts_test.go
  • skills/lark-drive/SKILL.md
  • skills/lark-drive/references/lark-drive-folder-permission-get.md
  • skills/lark-drive/references/lark-drive-workflow-permission-governance-commands.md
  • skills/lark-drive/references/lark-drive-workflow-permission-governance.md
  • tests/cli_e2e/drive/drive_folder_permission_get_dryrun_test.go

Comment on lines +21 to +64
func readDriveFolderPermissionGetSpec(runtime *common.RuntimeContext) (driveFolderPermissionGetSpec, error) {
rawURL := strings.TrimSpace(runtime.Str("url"))
rawToken := strings.TrimSpace(runtime.Str("folder-token"))

if rawURL == "" && rawToken == "" {
return driveFolderPermissionGetSpec{}, errs.NewValidationError(
errs.SubtypeInvalidArgument,
"pass exactly one of --url or --folder-token",
).WithParam("--url")
}
if rawURL != "" && rawToken != "" {
return driveFolderPermissionGetSpec{}, errs.NewValidationError(
errs.SubtypeInvalidArgument,
"--url and --folder-token are mutually exclusive; pass only one folder locator",
).WithParam("--url")
}

if rawToken != "" {
if err := validate.ResourceName(rawToken, "--folder-token"); err != nil {
return driveFolderPermissionGetSpec{}, errs.NewValidationError(errs.SubtypeInvalidArgument, "%s", err).WithParam("--folder-token")
}
return driveFolderPermissionGetSpec{FolderToken: rawToken}, nil
}

ref, ok := common.ParseResourceURL(rawURL)
if !ok {
return driveFolderPermissionGetSpec{}, errs.NewValidationError(
errs.SubtypeInvalidArgument,
"unsupported --url %q: pass a recognized Lark Drive folder URL such as https://example.feishu.cn/drive/folder/<folder_token>",
rawURL,
).WithParam("--url")
}
if ref.Type != "folder" {
return driveFolderPermissionGetSpec{}, errs.NewValidationError(
errs.SubtypeInvalidArgument,
"--url must point to a Drive folder; got resource type %q",
ref.Type,
).WithParam("--url")
}
if err := validate.ResourceName(ref.Token, "--url"); err != nil {
return driveFolderPermissionGetSpec{}, errs.NewValidationError(errs.SubtypeInvalidArgument, "%s", err).WithParam("--url")
}
return driveFolderPermissionGetSpec{FolderToken: ref.Token}, nil
}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

📐 Maintainability & Code Quality | 🟠 Major | ⚡ Quick win

Move recovery guidance into .WithHint(...).

Several validation errors embed recovery guidance directly in the message instead of using .WithHint(...) (e.g., "pass exactly one of --url or --folder-token", "pass a recognized Lark Drive folder URL such as..."). Per coding guidelines, the message/param should identify what failed, and actionable guidance belongs in .WithHint(...).

♻️ Example fix
 	if rawURL == "" && rawToken == "" {
 		return driveFolderPermissionGetSpec{}, errs.NewValidationError(
 			errs.SubtypeInvalidArgument,
-			"pass exactly one of --url or --folder-token",
-		).WithParam("--url")
+			"missing folder locator",
+		).WithParam("--url").WithHint("pass exactly one of --url or --folder-token")
 	}

Apply similarly to the mutually-exclusive and unsupported/non-folder URL errors.

As per coding guidelines, "param field in errors should only name the user input that actually failed; recovery guidance goes in .WithHint(...)".

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@shortcuts/drive/drive_folder_permission_get.go` around lines 21 - 64, The
validation errors in readDriveFolderPermissionGetSpec mix the failing input with
recovery guidance in the message, which should be moved to .WithHint(...).
Update the checks around rawURL/rawToken, the unsupported URL case, and the
non-folder ref.Type branch so the error message only states what failed and
.WithHint(...) carries guidance like which flag to pass or what folder URL
format is accepted; keep the param on the actual failing input such as --url or
--folder-token.

Source: Coding guidelines

Comment on lines +87 to +95
func (s driveFolderPermissionGetSpec) output(runtime *common.RuntimeContext, data map[string]interface{}) map[string]interface{} {
permissionPublic := interface{}(data)
if nestedPermissionPublic := common.GetMap(data, "permission_public"); nestedPermissionPublic != nil {
permissionPublic = nestedPermissionPublic
}
return map[string]interface{}{
"permission_public": permissionPublic,
}
}

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

printf '%s\n' '--- file: shortcuts/drive/drive_folder_permission_get.go ---'
cat -n shortcuts/drive/drive_folder_permission_get.go | sed -n '1,180p'

printf '\n%s\n' '--- search for permission_public usage ---'
rg -n "permission_public|driveFolderPermissionGetSpec|output\\(" shortcuts/drive -S

printf '\n%s\n' '--- relevant tests ---'
cat -n shortcuts/drive/drive_folder_permission_get_test.go | sed -n '1,260p'

Repository: larksuite/cli

Length of output: 17452


🏁 Script executed:

#!/bin/bash
set -euo pipefail

printf '%s\n' '--- common.GetMap ---'
rg -n "func GetMap|GetMap\\(" shortcuts internal -S

printf '\n%s\n' '--- similar output() patterns in shortcuts ---'
rg -n "permission_public|interface{}\\(data\\)|nested.*GetMap" shortcuts -S

printf '\n%s\n' '--- drive permission-related shortcuts ---'
fd -a 'drive_*permission*go' shortcuts

printf '\n%s\n' '--- read any closely related implementations ---'
for f in \
  shortcuts/drive/drive_folder_permission_get.go \
  shortcuts/drive/drive_folder_permission_list.go \
  shortcuts/drive/drive_file_permission_get.go \
  shortcuts/drive/drive_file_permission_list.go
do
  [ -f "$f" ] && { echo "### $f"; cat -n "$f" | sed -n '1,220p'; }
done

Repository: larksuite/cli

Length of output: 7948


🏁 Script executed:

#!/bin/bash
set -euo pipefail

printf '%s\n' '--- shortcuts/common/extract.go ---'
cat -n shortcuts/common/extract.go | sed -n '1,140p'

printf '\n%s\n' '--- drive/doc/app output patterns ---'
for f in \
  shortcuts/doc/doc_resource_cover.go \
  shortcuts/apps/apps_openapi_key_get.go \
  shortcuts/apps/apps_openapi_key_create.go \
  shortcuts/drive/drive_member_add.go
do
  if [ -f "$f" ]; then
    echo "### $f"
    cat -n "$f" | sed -n '1,220p'
    echo
  fi
done

printf '\n%s\n' '--- search for "return map[string]interface{}{\"permission_public\": data}"-style fallbacks ---'
rg -n "return map\\[string\\]interface\\{\\}.*data|permission_public" shortcuts -U -S

Repository: larksuite/cli

Length of output: 32891


🏁 Script executed:

#!/bin/bash
set -euo pipefail

printf '%s\n' '--- search for drive permission public API docs / response shape ---'
rg -n "permission_public|permissions/.*/public|drive/v2/permissions" . -S

printf '\n%s\n' '--- inspect any docs or comments around the shortcut ---'
for f in \
  shortcuts/drive/drive_folder_permission_get.go \
  shortcuts/drive/drive_folder_permission_get_test.go \
  README.md
do
  if [ -f "$f" ]; then
    echo "### $f"
    cat -n "$f" | sed -n '1,260p'
    echo
  fi
done

Repository: larksuite/cli

Length of output: 33248


🏁 Script executed:

#!/bin/bash
set -euo pipefail

printf '%s\n' '--- CallAPITyped implementation and callers ---'
rg -n "func .*CallAPITyped|CallAPITyped\\(" shortcuts internal errs -S

printf '\n%s\n' '--- RuntimeContext / typed API response handling ---'
for f in \
  shortcuts/common/runtime.go \
  shortcuts/common/runtime_test.go \
  internal/httpmock/*.go
do
  [ -f "$f" ] && { echo "### $f"; cat -n "$f" | sed -n '1,260p'; echo; }
done

Repository: larksuite/cli

Length of output: 47313


Avoid falling back to the full response map

If permission_public is missing, this should not return the entire data payload as its value. That reshapes the output, can surface unrelated top-level fields, and hides a schema mismatch; return only the nested object (or fail/leave it empty) instead. Add a test for the missing-key case.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@shortcuts/drive/drive_folder_permission_get.go` around lines 87 - 95, The
driveFolderPermissionGetSpec.output method is falling back to the entire data
map when permission_public is missing, which reshapes the output unexpectedly;
update output to return only the nested permission_public object (or an
empty/absent value) instead of data, and keep the behavior localized to
driveFolderPermissionGetSpec.output and common.GetMap handling. Add a test
covering the missing permission_public case to verify the response does not
expose unrelated top-level fields.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

domain/ccm PR touches the ccm domain size/L Large or sensitive change across domains or core paths

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant