Backend table db structure

[Artuomka]

Summary by CodeRabbit

• Bug Fixes
  • Updated authorization permissions for the connection database diagram endpoint.

[coderabbitai]

📝 Walkthrough

Walkthrough

The connection diagram retrieval endpoint's authorization guard is changed from ConnectionReadGuard to ConnectionEditGuard, requiring edit-level permissions instead of read-level permissions to fetch the diagram.

Changes

Authorization Guard Update

Layer / File(s)	Summary
Endpoint Authorization backend/src/entities/connection/connection.controller.ts	Connection diagram endpoint guard updated from ConnectionReadGuard to ConnectionEditGuard at the decorator level.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐰 A guard stands tall at the diagram gate,
From Read to Edit—a permission shift's fate!
Only editors now see the schema's delight,
One tiny swap makes the access just right! ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Security Check	⚠️ Warning	Authorization guard changed from ConnectionReadGuard to ConnectionEditGuard on GET endpoint, violating least privilege principle.	Revert guard to ConnectionReadGuard since the endpoint retrieves read-only data without performing modifications.
Title check	❓ Inconclusive	The title 'Backend table db structure' is vague and generic, using non-descriptive terms that don't convey what actually changed in the pull request (guard change from ConnectionReadGuard to ConnectionEditGuard).	Consider a more specific title like 'Change authorization guard for connection diagram endpoint' to clearly indicate the main change being made.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch backend_table_db_structure

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Review rate limit: 0/1 reviews remaining, refill in 60 minutes.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

This PR adjusts backend authorization for the connection database-structure diagram endpoint in the connection controller. In the broader codebase, this endpoint serves a read-only schema visualization for an existing connection.

Changes:

• Replaced the guard on GET /connection/diagram/:connectionId.
• The endpoint now requires ConnectionEditGuard instead of ConnectionReadGuard.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

backend/src/entities/connection/connection.controller.ts (1)

724-745: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Confirm that restricting diagram retrieval to edit-level users is intentional.

GET /connection/diagram/:connectionId is a pure read operation (no mutations, InTransactionEnum.OFF), yet it is now guarded by ConnectionEditGuard (CedarAction.ConnectionEdit). Every other read-only GET in this controller (e.g., /connection/users/:connectionId) uses ConnectionReadGuard.

Concretely, any user who holds ConnectionRead but not ConnectionEdit will receive a 403 Forbidden when trying to fetch the Mermaid diagram — a capability they previously had.

If the intent is to restrict schema visibility to editors/admins only (reasonable for sensitive schema data), please add a short comment documenting the rationale so future reviewers don't treat it as a bug. If it's unintentional, revert to ConnectionReadGuard:

↩️ Revert to read-level guard

-	`@UseGuards`(ConnectionEditGuard)
+	`@UseGuards`(ConnectionReadGuard)
 	`@Get`('/connection/diagram/:connectionId')

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@backend/src/entities/connection/connection.controller.ts` around lines 724 -
745, The getConnectionDiagram handler (getConnectionDiagram) is currently
protected by ConnectionEditGuard (CedarAction.ConnectionEdit) which blocks users
with only ConnectionRead permission; either document this intentional
restriction by adding an inline comment above the
`@UseGuards`(ConnectionEditGuard) explaining why diagram access requires
edit-level rights, or if that was unintentional change, replace
ConnectionEditGuard with ConnectionReadGuard so read-only users can access the
diagram; update the annotation/comment adjacent to getConnectionDiagram to
reflect the chosen policy.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In `@backend/src/entities/connection/connection.controller.ts`:
- Around line 724-745: The getConnectionDiagram handler (getConnectionDiagram)
is currently protected by ConnectionEditGuard (CedarAction.ConnectionEdit) which
blocks users with only ConnectionRead permission; either document this
intentional restriction by adding an inline comment above the
`@UseGuards`(ConnectionEditGuard) explaining why diagram access requires
edit-level rights, or if that was unintentional change, replace
ConnectionEditGuard with ConnectionReadGuard so read-only users can access the
diagram; update the annotation/comment adjacent to getConnectionDiagram to
reflect the chosen policy.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: fb67201d-f1d9-44de-af02-cf4f110ec8de

📥 Commits

Reviewing files that changed from the base of the PR and between 03ab135 and c5ca153.

📒 Files selected for processing (1)

• backend/src/entities/connection/connection.controller.ts