Only show locked banner if current user is in organization of the annotation

[MichaelBuessemeyer]

And do not show it when the annotation is from another organization

URL of deployed dev instance (used for testing):

• https://___.webknossos.xyz

Steps to test:

• create another organization in a new context browser tab (e.g. private window) and stay logged in.
• As a logged-in user of the sample_orga create a new annotation and make it public & othersMayEdit in the sharing settings.
• Copy the link into the private browser tab / open it with the other user. There shouldn't be a locked banner.
• confirm bug: Checkout master and reload the link as the user from the 2nd orga. A locked banner "locked by anonymous user"

Issues:

• fixes Do not show locked banner if backend sends restrictions.allowUpdate=false #7934

---

(Please delete unneeded items, merge only when none are left open)

• Updated changelog

[coderabbitai]

📝 Walkthrough

📝 Walkthrough

Walkthrough

The pull request introduces several modifications across multiple files to enhance the handling of user permissions and organizational context within the application. Key changes include the addition of new state properties and functions to evaluate whether annotations are from different organizations. The Navbar component's rendering logic is adjusted to reflect these changes, ensuring that UI elements are displayed based on user permissions accurately. Additionally, the data structures related to annotations are updated to include organizational information, improving the overall context management.

Changes

File Path	Change Summary
frontend/javascripts/navbar.tsx	Added state property isAnnotationFromDifferentOrganization and updated rendering logic for AnnotationLockedByUserTag. Updated mapStateToProps to include the new property.
frontend/javascripts/oxalis/default_state.ts	Added organization property to the tracing object in defaultState.
frontend/javascripts/oxalis/model/accessors/annotation_accessor.ts	Introduced isAnnotationFromDifferentOrganization function to check user organization against annotation tracing.
frontend/javascripts/oxalis/model/reducers/reducer_helpers.ts	Updated convertServerAnnotationToFrontendAnnotation to include organization in the returned annotation object.
frontend/javascripts/oxalis/store.ts	Added readonly organization: string; property to the Annotation type.

Assessment against linked issues

Objective	Addressed	Explanation
Do not show locked banner if backend sends restrictions.allowUpdate=false (#7934)	✅

Possibly related PRs

• Fix bbox export via bbox menu #8152: Modifies the handleExportBoundingBox function, relevant to user permissions and organizational context.
• Wrap antd tree to enable scrolling while dragging #8162: Introduces a wrapper for the Ant Design tree component, relevant to rendering logic changes in the navbar.tsx.
• Fix performance bottleneck when deleting a lot of trees at once #8176: Addresses performance issues when deleting multiple trees, indirectly related to user interactions with datasets.
• Fix layout persistence when switching between orthogonal, flight, and oblique mode #8177: Fixes layout persistence issues, which could relate to rendering logic changes in the navbar.tsx.
• Add total voxel count and dataset extent to tooltip in dataset info tab #8229: Adds a tooltip for the total voxel count, which may relate to enhancing user interaction in the navbar.tsx.

Suggested labels

usability

Suggested reviewers

• daniel-wer
• hotzenklotz

Poem

In the navbar bright, new changes take flight,
With permissions refined, our UI feels right.
Organizations now clear, no locked banners near,
Annotations unite, in context so bright! 🐇✨

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Experiment)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Outside diff range and nitpick comments (1)

frontend/javascripts/oxalis/model/accessors/annotation_accessor.ts (1)

27-31: Consider improving edge case handling and type safety

The function could be enhanced to handle edge cases more explicitly:

 export function isAnnotationFromDifferentOrganization(state: OxalisState) {
   const activeUser = state.activeUser;
-
-  return !!(activeUser && activeUser?.organization !== state.tracing.organization);
+  // If there's no active user, consider it as a different organization
+  if (!activeUser) return true;
+  
+  return activeUser.organization !== state.tracing.organization;
 }

This refactor:

• Makes the edge case handling more explicit
• Removes redundant optional chaining since we've already checked for activeUser
• Eliminates the need for double bang (!!) operator

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c18c5e3 and 5acc47b.

📒 Files selected for processing (5)

• frontend/javascripts/navbar.tsx (5 hunks)
• frontend/javascripts/oxalis/default_state.ts (1 hunks)
• frontend/javascripts/oxalis/model/accessors/annotation_accessor.ts (1 hunks)
• frontend/javascripts/oxalis/model/reducers/reducer_helpers.ts (2 hunks)
• frontend/javascripts/oxalis/store.ts (1 hunks)

🔇 Additional comments (7)

frontend/javascripts/oxalis/model/reducers/reducer_helpers.ts (1)

98-98: LGTM: Organization field properly added to annotation conversion

The organization field is correctly extracted from the API annotation and included in the frontend annotation object.

Also applies to: 112-112

frontend/javascripts/oxalis/default_state.ts (1)

181-181: LGTM: Organization field properly initialized

The organization field is correctly initialized with an empty string, consistent with other similar fields in the default state.

Let's verify that organization handling is consistent across the codebase:

✅ Verification successful

Based on the search results, I can see that the organization field is consistently used across the codebase:

1. It's initialized with an empty string in the default state (frontend/javascripts/oxalis/default_state.ts)
2. It's used in permission checks:
   • frontend/javascripts/libs/utils.ts: Comparing user organization with dataset ownership
   • frontend/javascripts/oxalis/view/right-border-tabs/dataset_info_tab_view.tsx: Organization-based access control
   • frontend/javascripts/dashboard/folders/details_sidebar.tsx: Organization ownership checks
   • frontend/javascripts/oxalis/model/accessors/annotation_accessor.ts: Cross-organization annotation checks

LGTM: Organization field is consistently handled

The empty string default is appropriate and the organization field is used consistently throughout the codebase for permission checks and access control. The implementation aligns with the application's organization-based security model.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check for other organization-related fields and their initialization
rg "organization: \"\"" --type typescript
# Check for organization field usage in conditions
rg "\.organization\s*[!=]==?\s*" --type typescript

Length of output: 164

---

Script:

#!/bin/bash
# Check for other organization-related fields and their initialization
rg "organization:\s*[\"']\"" 

# Check for organization field usage in conditions
rg "\.organization\s*[!=]==?\s*"

# Look for organization-related type definitions
ast-grep --pattern 'interface $_ {
  $$$
  organization: $_
  $$$
}'

# Look for organization field usage in components
ast-grep --pattern '$_.organization'

Length of output: 67170

frontend/javascripts/oxalis/store.ts (1)

200-200: LGTM: Well-structured type definition addition

The addition of the readonly organization property to the Annotation type is clean and follows immutability best practices for Redux state management.

frontend/javascripts/navbar.tsx (4)

67-70: LGTM: Clean import organization

Good separation of concerns by importing the organization check from a dedicated accessor.

---

91-91: LGTM: Well-typed state property addition

The new state property follows the existing type system and naming conventions.

---

885-890: LGTM: Clear conditional logic for locked banner

The modified condition correctly implements the PR objective by only showing the locked banner when:

• Others may edit (othersMayEdit)
• Updates are not allowed (!allowUpdate)
• Not locked by owner (!isLockedByOwner)
• User is in the same organization (!isAnnotationFromDifferentOrganization)

---

1021-1021: LGTM: Clean Redux state mapping

The new state mapping follows the existing pattern and properly connects the organization check to the component.

[coderabbitai]

Actionable comments posted: 0

🧹 Outside diff range and nitpick comments (1)

CHANGELOG.unreleased.md (1)

26-26: Enhance the changelog entry with more details.

While the current entry is accurate, consider expanding it to provide more context and reference the fixed issue:

-A "Locked by anonymous user" banner is no longer shown when opening public editable annotations of other organizations. [#8273](https://github.com/scalableminds/webknossos/pull/8273)
+A "Locked by anonymous user" banner is no longer incorrectly shown when viewing public editable annotations from organizations that the current user is not a member of. Fixes [#7934](https://github.com/scalableminds/webknossos/issues/7934). [#8273](https://github.com/scalableminds/webknossos/pull/8273)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5acc47b and d41782b.

📒 Files selected for processing (1)

• CHANGELOG.unreleased.md (1 hunks)

[MichaelBuessemeyer]

apparently the organization prop was already sent by the backend but the frontend discarded this.
-> I fixed this here.

Side note: But there might also be other fields the frontend drops in this function which might be useful to still have 🤔.

[philippotto]

But there might also be other fields the frontend drops in this function which might be useful to still have 🤔.

if the frontend doesn't use these properties, there's no need to add them, I think.

[philippotto]

thank you for the fix!