Allow admins (site or org) to download projects by code

[rmunn]

Fixes #1707.

Backend now gives frontend a project list for each server and whether the user is allowed to download arbitrary projects (by project code) from that server without being a member. This applies to site admins (who have rights to all projects) and org admins (who have rights to projects owned by their org). The latter case means the frontend still needs to handle "Well, turns out you're not authorized to download that project code" errors.

Screenshot when you aren't a member of any projects on Lexbox:

Screenshot when you are a member of some projects on Lexbox, but can also download any project by code:

Screenshot of download dialog (TODO: Tighten up that unneeded vertical space a little):

Screenshot of download dialog when you try to download a project you already have:

Screenshot of download dialog when you try to download a project that doesn't exist on the server:

[coderabbitai]

Important

Review skipped

Auto incremental reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

📝 Walkthrough

Walkthrough

This change introduces the ability for admins to download any FW Lite project by entering a project code, regardless of membership, with appropriate error handling for invalid or non-CRDT projects. It adds new API endpoints, result types, permissions checks, and UI elements to support this workflow, spanning backend and frontend.

Changes

Files / Areas	Change Summary
backend/FwLite/FwLiteShared/Projects/CombinedProjectsService.cs, .../LexboxProjectService.cs	Added download-by-code logic, result enums, permission flags, and CRDT project checks. Refactored API signatures.
backend/LexBoxApi/Controllers/CrdtController.cs, .../ProjectService.cs, .../LexAuthUserCanDownload...	Added new endpoints and permission logic for CRDT checking and download eligibility.
backend/LexCore/Entities/ListProjectsResult.cs	Introduced ListProjectsResult record for richer project listing responses.
backend/FwLite/FwLiteShared/TypeGen/ReinforcedFwLiteTypingConfig.cs	Exported new enum for TypeScript interop.
backend/FwLite/FwLiteWeb/Routes/ProjectRoutes.cs	Updated download route to accept role and use new download-by-code logic.
frontend/viewer/src/home/Server.svelte, .../ServersList.svelte	Added UI and logic for downloading by code, handling new permissions and result states.
frontend/viewer/src/lib/admin-dialogs/GetProjectByCodeDialog.svelte	New dialog component for entering project code and selecting role for download.
frontend/viewer/src/lib/dotnet-types/generated-types/...	Updated/added generated types and enums for new API contracts.
frontend/viewer/src/lib/services/projects-service.ts	Updated service signatures and added stub for new download-by-code method.

Estimated code review effort

3 (~45 minutes)

Possibly related PRs

• add observer role for fw lite projects #1710: Adds an observer role to project models and propagates role information in CombinedProjectsService. Related due to both PRs modifying role handling and CombinedProjectsService, though this PR focuses on download-by-code logic.

Suggested reviewers

• myieye
• hahn-kev

Poem

A rabbit hopped with admin might,
Now any project is in sight—
By code you type, the door unlocks,
With roles and checks, no paradox!
Download with care, CRDT in view,
This fluffy update’s just for you.
🐇✨

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feat/admins-can-download-any-crdt-project

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai generate unit tests to generate unit tests for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[github-actions]

UI unit Tests

  1 files  ±0   40 suites  ±0   23s ⏱️ -1s
 82 tests ±0   82 ✅ ±0  0 💤 ±0  0 ❌ ±0 
116 runs  ±0  116 ✅ ±0  0 💤 ±0  0 ❌ ±0 

Results for commit d3283ea. ± Comparison against base commit 28a13ec.

♻️ This comment has been updated with latest results.

[argos-ci]

The latest updates on your projects. Learn more about Argos notifications ↗︎

Build	Status	Details	Updated (UTC)
default (Inspect)	✅ No changes detected	-	Aug 5, 2025, 3:41 AM

[github-actions]

C# Unit Tests

126 tests  ±0   126 ✅ ±0   12s ⏱️ ±0s
 20 suites ±0     0 💤 ±0 
  1 files   ±0     0 ❌ ±0 

Results for commit d3283ea. ± Comparison against base commit 28a13ec.

♻️ This comment has been updated with latest results.

[coderabbitai]

Actionable comments posted: 4

♻️ Duplicate comments (1)

backend/FwLite/FwLiteShared/Projects/LexboxProjectService.cs (1)

86-86: Sanitize user input in log messages to prevent log injection.

The projectCode parameter comes from user input and should be sanitized before logging to prevent log injection attacks.

Consider using structured logging with parameters:

-logger.LogError(e, $"Error checking if lexbox project {projectCode} is a CRDT project");
+logger.LogError(e, "Error checking if lexbox project {ProjectCode} is a CRDT project", projectCode);

🧹 Nitpick comments (2)

backend/LexCore/Entities/ListProjectsResult.cs (1)

3-3: Address the TODO comment regarding record placement.

Consider moving this record to a more appropriate location that can be easily referenced from FwLiteShared to avoid cross-assembly reference issues. Perhaps a shared contracts or models assembly would be more suitable.

backend/FwLite/FwLiteShared/Projects/CombinedProjectsService.cs (1)

40-41: Address TODO comments during code review.

There are two TODO comments that need team discussion:

1. Line 40-41: Bikeshed the CanDownloadProjectsWithoutMembership property name
2. Line 94-96: Consider returning a proper object type instead of nullable ServerProjects

Would you like me to suggest alternative names for the property or help design a better return type structure?

Also applies to: 94-96

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a871faa and 0fd53e7.

📒 Files selected for processing (15)

• backend/FwLite/FwLiteShared/Projects/CombinedProjectsService.cs (7 hunks)
• backend/FwLite/FwLiteShared/Projects/LexboxProjectService.cs (1 hunks)
• backend/FwLite/FwLiteShared/TypeGen/ReinforcedFwLiteTypingConfig.cs (1 hunks)
• backend/FwLite/FwLiteWeb/Routes/ProjectRoutes.cs (1 hunks)
• backend/LexBoxApi/Controllers/CrdtController.cs (2 hunks)
• backend/LexBoxApi/GraphQL/LexAuthUserCanDownloadProjectsExtensions.cs (1 hunks)
• backend/LexBoxApi/Services/ProjectService.cs (1 hunks)
• backend/LexCore/Entities/ListProjectsResult.cs (1 hunks)
• frontend/viewer/src/home/Server.svelte (6 hunks)
• frontend/viewer/src/home/ServersList.svelte (3 hunks)
• frontend/viewer/src/lib/admin-dialogs/GetProjectByCodeDialog.svelte (1 hunks)
• frontend/viewer/src/lib/dotnet-types/generated-types/FwLiteShared/Projects/DownloadProjectByCodeResult.ts (1 hunks)
• frontend/viewer/src/lib/dotnet-types/generated-types/FwLiteShared/Projects/ICombinedProjectsService.ts (1 hunks)
• frontend/viewer/src/lib/dotnet-types/generated-types/FwLiteShared/Projects/IServerProjects.ts (1 hunks)
• frontend/viewer/src/lib/services/projects-service.ts (2 hunks)

🧠 Learnings (6)

📓 Common learnings

Learnt from: hahn-kev
PR: sillsdev/languageforge-lexbox#1753
File: backend/FwHeadless/Services/SyncHostedService.cs:212-235
Timestamp: 2025-06-16T04:10:03.163Z
Learning: In the FwHeadless project, using hard-coded "crdt" strings for CRDT project names is acceptable and doesn't cause issues with project name collisions in their current architecture, though the team acknowledges that using constants instead of magic strings would be a better practice.

backend/LexBoxApi/Services/ProjectService.cs (1)

Learnt from: hahn-kev
PR: #1804
File: backend/FwLite/LcmCrdt/CurrentProjectService.cs:18-19
Timestamp: 2025-07-07T06:02:41.194Z
Learning: In the CurrentProjectService class, the service locator pattern is intentionally used to retrieve IDbContextFactory and EntrySearchServiceFactory because these services indirectly depend on CurrentProjectService to have the current project set, creating a circular dependency. This is an acceptable use of service locator to break the circular dependency while keeping project context responsibility consolidated.

backend/LexBoxApi/Controllers/CrdtController.cs (1)

Learnt from: hahn-kev
PR: #1760
File: backend/FwLite/LcmCrdt/CrdtMiniLcmApi.cs:274-277
Timestamp: 2025-06-27T09:24:39.507Z
Learning: In the CrdtMiniLcmApi class, the user prefers to keep the current AddChanges method signature (IEnumerable) rather than modifying it to support IAsyncEnumerable for streaming, even when it means materializing collections into memory for bulk operations.

frontend/viewer/src/lib/admin-dialogs/GetProjectByCodeDialog.svelte (1)

Learnt from: hahn-kev
PR: #1710
File: frontend/viewer/src/project/browse/BrowseView.svelte:17-19
Timestamp: 2025-05-27T06:18:33.852Z
Learning: The NewEntryButton component in frontend/viewer/src/project/NewEntryButton.svelte already internally checks features.write permission and conditionally renders based on write access, so external disabled props are not needed.

frontend/viewer/src/home/Server.svelte (1)

Learnt from: hahn-kev
PR: #1710
File: frontend/viewer/src/project/browse/BrowseView.svelte:17-19
Timestamp: 2025-05-27T06:18:33.852Z
Learning: The NewEntryButton component in frontend/viewer/src/project/NewEntryButton.svelte already internally checks features.write permission and conditionally renders based on write access, so external disabled props are not needed.

backend/FwLite/FwLiteShared/Projects/LexboxProjectService.cs (1)

Learnt from: hahn-kev
PR: #1753
File: backend/FwHeadless/Services/SyncHostedService.cs:212-235
Timestamp: 2025-06-16T04:10:03.163Z
Learning: In the FwHeadless project, using hard-coded "crdt" strings for CRDT project names is acceptable and doesn't cause issues with project name collisions in their current architecture, though the team acknowledges that using constants instead of magic strings would be a better practice.

🧰 Additional context used

🧠 Learnings (6)

📓 Common learnings

Learnt from: hahn-kev
PR: sillsdev/languageforge-lexbox#1753
File: backend/FwHeadless/Services/SyncHostedService.cs:212-235
Timestamp: 2025-06-16T04:10:03.163Z
Learning: In the FwHeadless project, using hard-coded "crdt" strings for CRDT project names is acceptable and doesn't cause issues with project name collisions in their current architecture, though the team acknowledges that using constants instead of magic strings would be a better practice.

backend/LexBoxApi/Services/ProjectService.cs (1)

Learnt from: hahn-kev
PR: #1804
File: backend/FwLite/LcmCrdt/CurrentProjectService.cs:18-19
Timestamp: 2025-07-07T06:02:41.194Z
Learning: In the CurrentProjectService class, the service locator pattern is intentionally used to retrieve IDbContextFactory and EntrySearchServiceFactory because these services indirectly depend on CurrentProjectService to have the current project set, creating a circular dependency. This is an acceptable use of service locator to break the circular dependency while keeping project context responsibility consolidated.

backend/LexBoxApi/Controllers/CrdtController.cs (1)

Learnt from: hahn-kev
PR: #1760
File: backend/FwLite/LcmCrdt/CrdtMiniLcmApi.cs:274-277
Timestamp: 2025-06-27T09:24:39.507Z
Learning: In the CrdtMiniLcmApi class, the user prefers to keep the current AddChanges method signature (IEnumerable) rather than modifying it to support IAsyncEnumerable for streaming, even when it means materializing collections into memory for bulk operations.

frontend/viewer/src/lib/admin-dialogs/GetProjectByCodeDialog.svelte (1)

Learnt from: hahn-kev
PR: #1710
File: frontend/viewer/src/project/browse/BrowseView.svelte:17-19
Timestamp: 2025-05-27T06:18:33.852Z
Learning: The NewEntryButton component in frontend/viewer/src/project/NewEntryButton.svelte already internally checks features.write permission and conditionally renders based on write access, so external disabled props are not needed.

frontend/viewer/src/home/Server.svelte (1)

Learnt from: hahn-kev
PR: #1710
File: frontend/viewer/src/project/browse/BrowseView.svelte:17-19
Timestamp: 2025-05-27T06:18:33.852Z
Learning: The NewEntryButton component in frontend/viewer/src/project/NewEntryButton.svelte already internally checks features.write permission and conditionally renders based on write access, so external disabled props are not needed.

backend/FwLite/FwLiteShared/Projects/LexboxProjectService.cs (1)

Learnt from: hahn-kev
PR: #1753
File: backend/FwHeadless/Services/SyncHostedService.cs:212-235
Timestamp: 2025-06-16T04:10:03.163Z
Learning: In the FwHeadless project, using hard-coded "crdt" strings for CRDT project names is acceptable and doesn't cause issues with project name collisions in their current architecture, though the team acknowledges that using constants instead of magic strings would be a better practice.

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: Build UI / publish-ui
• GitHub Check: Build FwHeadless / publish-fw-headless
• GitHub Check: check-and-lint
• GitHub Check: Analyze (csharp)
• GitHub Check: Build FW Lite and run tests

🔇 Additional comments (17)

frontend/viewer/src/lib/dotnet-types/generated-types/FwLiteShared/Projects/IServerProjects.ts (1)

13-13: LGTM! Clean interface extension.

The new boolean property correctly follows TypeScript naming conventions and logically extends the interface to support admin download permissions.

backend/LexBoxApi/Services/ProjectService.cs (1)

368-371: LGTM! Clean CRDT project verification method.

The method correctly implements CRDT project detection using the existing CrdtCommits extension. The synchronous approach is appropriate for this simple existence check.

backend/FwLite/FwLiteShared/TypeGen/ReinforcedFwLiteTypingConfig.cs (1)

134-134: LGTM! Consistent enum export configuration.

The new enum export follows the established pattern and correctly uses string literals for TypeScript consumption.

backend/LexBoxApi/GraphQL/LexAuthUserCanDownloadProjectsExtensions.cs (1)

8-13: LGTM! Clear permission logic with broad admin access.

The extension method correctly implements the admin permission check. Note that organization admins can download any project by code (not just their org's projects), which aligns with the PR description that the frontend will handle authorization errors for unauthorized access.

frontend/viewer/src/lib/dotnet-types/generated-types/FwLiteShared/Projects/DownloadProjectByCodeResult.ts (1)

6-10: LGTM! Well-defined result enum.

The enum clearly defines the three possible outcomes for project download operations with descriptive names that align with the expected backend behavior.

backend/LexCore/Entities/ListProjectsResult.cs (1)

5-7: LGTM - Clean record definition.

The record structure is appropriate for encapsulating project listing results with the membership permission flag, aligning well with the PR's admin download functionality.

backend/LexBoxApi/Controllers/CrdtController.cs (2)

78-94: LGTM - Proper wrapping of existing functionality.

The change to return ListProjectsResult maintains the existing logic while adding the permission flag through the extension method. The user refresh logic is preserved correctly.

---

96-105: LGTM - Well-implemented CRDT check endpoint.

The endpoint properly:

• Validates view permissions
• Handles project lookup with appropriate 404 response
• Returns boolean CRDT status with correct HTTP status codes

backend/FwLite/FwLiteWeb/Routes/ProjectRoutes.cs (1)

52-63: LGTM - Proper integration of role parameter.

The route correctly:

• Adds the optional role query parameter with proper nullable typing
• Passes all required parameters to the renamed service method
• Maintains the existing endpoint behavior while extending functionality

frontend/viewer/src/lib/services/projects-service.ts (3)

1-2: LGTM - Proper import additions.

The imports correctly add the required types for the enhanced functionality.

---

10-12: LGTM - Correct return type update.

The method signature properly reflects the backend change from returning a simple array to the richer IServerProjects structure.

---

22-24: LGTM - Proper method signature for new functionality.

The method signature correctly includes all required parameters (code, server, userRole) and returns the appropriate result type for the download by code functionality.

frontend/viewer/src/home/ServersList.svelte (4)

2-2: LGTM - Appropriate type import addition.

The import correctly adds the IServerProjects type needed for the enhanced data structure.

---

13-13: LGTM - Correct state type update.

The state type properly reflects the backend change to return richer server project metadata.

---

20-22: LGTM - Proper data structure handling.

The code correctly stores the full serverProjects object rather than just the projects array, enabling access to the additional metadata.

---

60-64: LGTM - Correct property access and flag passing.

The template properly:

• Accesses the nested projects array with appropriate filtering
• Extracts the canDownloadProjectsWithoutMembership flag
• Passes the flag to the Server component as canDowloadByCode

frontend/viewer/src/lib/dotnet-types/generated-types/FwLiteShared/Projects/ICombinedProjectsService.ts (1)

1-23: Skip review of generated file.

This file is automatically generated by Reinforced.Typings tool. Any manual changes would be lost on regeneration.

[rmunn]

@hahn-kev - commit d4e2643 consolidates the three API calls into one like we discussed yesterday.

[rmunn]

@hahn-kev - The new API /api/crdt/lookupProjectIdForDownload is similar to /api/crdt/lookupProjectId. Do we need to have two? Is /api/crdt/lookupProjectId used anywhere else? Or can I just replace its workings with the implementation of /api/crdt/lookupProjectIdForDownload that I wrote?

... I imagine the answer is that we shouldn't change /api/crdt/lookupProjectId and it should remain just a "get the project ID and don't do other checks" call, given its name. In which case, I'll probably need the lookupProjectIdForDownload name bikeshedded in code review.

Edit: Just had another idea. We could let lookupProjectId take an extra query param to do the additional checks that lookupProjectIdForDownload does. Then we have one API call instead of two similar ones, it still has the previous functionality unchanged, but it can also perform the extra checks needed by this feature if requested. @hahn-kev, thoughts on that idea?

[hahn-kev]

@rmunn you're right, let's just modify lookupProjectId in the CrdtController, it should do exactly what your new lookupProjectIdForDownload API does, I'm fine that we're slightly changing an existing API since this actually makes more sense.

[rmunn]

@rmunn you're right, let's just modify lookupProjectId in the CrdtController, it should do exactly what your new lookupProjectIdForDownload API does, I'm fine that we're slightly changing an existing API since this actually makes more sense.

Done in commit f6d517b.

[hahn-kev]

left some comments I'd like dealt with before we merge.
I also made a couple tweaks myself, fixed the dialog height issue.

[hahn-kev]

Looks good to me, hopefully those merge conflicts aren't too big