Skip to content

Backend table db structure#1751

Merged
Artuomka merged 2 commits into
mainfrom
backend_table_db_structure
May 4, 2026
Merged

Backend table db structure#1751
Artuomka merged 2 commits into
mainfrom
backend_table_db_structure

Conversation

@Artuomka
Copy link
Copy Markdown
Collaborator

@Artuomka Artuomka commented May 4, 2026
edited by coderabbitai Bot
Loading

Summary by CodeRabbit

  • Bug Fixes
    • Updated authorization permissions for the connection database diagram endpoint.

Copilot AI review requested due to automatic review settings May 4, 2026 07:32
@Artuomka Artuomka enabled auto-merge May 4, 2026 07:32
@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented May 4, 2026
edited
Loading

📝 Walkthrough

Walkthrough

The connection diagram retrieval endpoint's authorization guard is changed from ConnectionReadGuard to ConnectionEditGuard, requiring edit-level permissions instead of read-level permissions to fetch the diagram.

Changes

Authorization Guard Update

Layer / File(s) Summary
Endpoint Authorization
backend/src/entities/connection/connection.controller.ts		 Connection diagram endpoint guard updated from ConnectionReadGuard to ConnectionEditGuard at the decorator level.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐰 A guard stands tall at the diagram gate,
From Read to Edit—a permission shift's fate!
Only editors now see the schema's delight,
One tiny swap makes the access just right! ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name Status Explanation Resolution
Security Check ⚠️ Warning Authorization guard changed from ConnectionReadGuard to ConnectionEditGuard on GET endpoint, violating least privilege principle. Revert guard to ConnectionReadGuard since the endpoint retrieves read-only data without performing modifications.
Title check ❓ Inconclusive The title 'Backend table db structure' is vague and generic, using non-descriptive terms that don't convey what actually changed in the pull request (guard change from ConnectionReadGuard to ConnectionEditGuard). Consider a more specific title like 'Change authorization guard for connection diagram endpoint' to clearly indicate the main change being made.
✅ Passed checks (4 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch backend_table_db_structure

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share
Review rate limit: 0/1 reviews remaining, refill in 60 minutes.

Comment @coderabbitai help to get the list of available commands and usage tips.

Copilot AI reviewed May 4, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adjusts backend authorization for the connection database-structure diagram endpoint in the connection controller. In the broader codebase, this endpoint serves a read-only schema visualization for an existing connection.

Changes:

  • Replaced the guard on GET /connection/diagram/:connectionId.
  • The endpoint now requires ConnectionEditGuard instead of ConnectionReadGuard.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread backend/src/entities/connection/connection.controller.ts
type: ConnectionDiagramResponseDTO,
})
@UseGuards(ConnectionReadGuard)
@UseGuards(ConnectionEditGuard)
coderabbitai[bot]
coderabbitai Bot reviewed May 4, 2026
View reviewed changes
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
backend/src/entities/connection/connection.controller.ts (1)

724-745: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Confirm that restricting diagram retrieval to edit-level users is intentional.

GET /connection/diagram/:connectionId is a pure read operation (no mutations, InTransactionEnum.OFF), yet it is now guarded by ConnectionEditGuard (CedarAction.ConnectionEdit). Every other read-only GET in this controller (e.g., /connection/users/:connectionId) uses ConnectionReadGuard.

Concretely, any user who holds ConnectionRead but not ConnectionEdit will receive a 403 Forbidden when trying to fetch the Mermaid diagram — a capability they previously had.

If the intent is to restrict schema visibility to editors/admins only (reasonable for sensitive schema data), please add a short comment documenting the rationale so future reviewers don't treat it as a bug. If it's unintentional, revert to ConnectionReadGuard:

↩️ Revert to read-level guard 
-	`@UseGuards`(ConnectionEditGuard)
+	`@UseGuards`(ConnectionReadGuard)
 	`@Get`('/connection/diagram/:connectionId')
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@backend/src/entities/connection/connection.controller.ts` around lines 724 -
745, The getConnectionDiagram handler (getConnectionDiagram) is currently
protected by ConnectionEditGuard (CedarAction.ConnectionEdit) which blocks users
with only ConnectionRead permission; either document this intentional
restriction by adding an inline comment above the
`@UseGuards`(ConnectionEditGuard) explaining why diagram access requires
edit-level rights, or if that was unintentional change, replace
ConnectionEditGuard with ConnectionReadGuard so read-only users can access the
diagram; update the annotation/comment adjacent to getConnectionDiagram to
reflect the chosen policy.
🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In `@backend/src/entities/connection/connection.controller.ts`:
- Around line 724-745: The getConnectionDiagram handler (getConnectionDiagram)
is currently protected by ConnectionEditGuard (CedarAction.ConnectionEdit) which
blocks users with only ConnectionRead permission; either document this
intentional restriction by adding an inline comment above the
`@UseGuards`(ConnectionEditGuard) explaining why diagram access requires
edit-level rights, or if that was unintentional change, replace
ConnectionEditGuard with ConnectionReadGuard so read-only users can access the
diagram; update the annotation/comment adjacent to getConnectionDiagram to
reflect the chosen policy.
ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: fb67201d-f1d9-44de-af02-cf4f110ec8de

📥 Commits

Reviewing files that changed from the base of the PR and between 03ab135 and c5ca153.

📒 Files selected for processing (1)
  • backend/src/entities/connection/connection.controller.ts

@Artuomka Artuomka merged commit 6795766 into main May 4, 2026
22 of 23 checks passed
@Artuomka Artuomka deleted the backend_table_db_structure branch May 4, 2026 07:45
@coderabbitai coderabbitai Bot mentioned this pull request May 18, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Artuomka