[WIKI-830] fix: copy clipboard functionality in the editor#8229
[WIKI-830] fix: copy clipboard functionality in the editor#8229sriramveeraghanta merged 17 commits intopreviewfrom
Conversation
|
Note Other AI code review bot(s) detectedCodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review. WalkthroughExpanded duplicate-asset endpoint permissions to include guests and removed workspace constraint from asset lookup; added EditorRef.copyMarkdownToClipboard and a custom clipboard MIME; paste now prefers that MIME and processes asset-duplication handlers; hardened image node loading/visibility and removed the PasteAssetPlugin registration. Changes
Sequence DiagramsequenceDiagram
participant User
participant UI as Editor UI (EditorRef)
participant EditorView as Editor View
participant Clipboard
participant PasteHandler as handlePaste / processAssetDuplication
participant Server as Asset API
User->>UI: trigger copy (copyMarkdownToClipboard)
UI->>EditorView: read current HTML & metadata
EditorView-->>UI: return HTML & metadata
UI->>Clipboard: intercept copy event & set formats
Clipboard-->>Clipboard: set "text/plain", "text/html", "text/plane-editor-html"
User->>EditorView: paste
EditorView->>PasteHandler: handlePaste(event)
PasteHandler->>Clipboard: read "text/plane-editor-html"
alt custom MIME present
PasteHandler->>PasteHandler: processAssetDuplication(html)
loop per asset handler
PasteHandler->>Server: (optional) duplicate/resolve asset
Server-->>PasteHandler: duplication result
end
PasteHandler->>EditorView: view.pasteHTML(processedHtml)
else
PasteHandler-->>EditorView: return false (fallback to default paste)
end
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes
Pre-merge checks and finishing touches❌ Failed checks (1 warning)
✅ Passed checks (2 passed)
✨ Finishing touches
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Pull request overview
This PR fixes clipboard functionality in the editor by improving image handling during copy/paste operations and removes a workspace-specific constraint from the backend asset duplication logic.
Key Changes
- Enhanced clipboard handling to support a custom MIME type (
text/plane-editor-html) for better internal copy/paste operations - Improved error handling and state management in the image node view component
- Removed workspace filtering from asset lookup during duplication to allow cross-workspace asset copying
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 5 comments.
| File | Description |
|---|---|
| packages/editor/src/core/plugins/paste-asset.ts | Added support for custom text/plane-editor-html MIME type with charset metadata |
| packages/editor/src/core/plugins/markdown-clipboard.ts | Set clipboard data with custom MIME type during copy operations |
| packages/editor/src/core/extensions/custom-image/components/node-view.tsx | Enhanced image loading with error handling, state resets, and improved validation logic |
| apps/api/plane/app/views/asset/v2.py | Removed workspace filter from asset lookup to enable cross-workspace duplication |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
packages/editor/src/core/extensions/custom-image/components/node-view.tsx
Show resolved
Hide resolved
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 0
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
apps/api/plane/app/views/asset/v2.py (1)
793-801: Cross‑workspace asset duplication weakens workspace isolation; confirm this is intentional and gated.By dropping the
workspace__slug=slugfilter here, any uploaded asset with a knownasset_idcan now be duplicated into the current workspace, regardless of which workspace owns the original asset. The only permission check is on the destination workspace (via@allow_permission(..., level="WORKSPACE")onslug), not on the source asset’s workspace.That means:
- A user with access to workspace A but not workspace B cannot directly access B’s assets, but
- A user with access to workspace B can duplicate an uploaded asset from any workspace they can learn an
asset_idfor, effectively copying the underlying S3 object across workspaces.If workspace is meant to be a hard multi‑tenant boundary, this is a significant relaxation. Consider:
- Either restoring a workspace constraint on the lookup, or
- Explicitly validating that
request.useralso has appropriate access tooriginal_asset.workspacebefore allowing duplication.If cross‑workspace duplication is intended, it’d be good to document this behavior and confirm that asset IDs are treated as non‑guessable secrets and cannot leak across tenants inadvertently.
🧹 Nitpick comments (2)
packages/editor/src/core/extensions/custom-image/components/node-view.tsx (1)
52-75: Defensive image loading + visibility logic look solid; consider guarding against async races.The new flow around
resolvedSrc/resolvedDownloadSrc,failedToLoadImage, andhasValidImageSourceis coherent and should make uploader vs. block rendering much more predictable, especially after duplication succeeds or an image load fails.One thing you might optionally tighten later: in the
getImageSourceeffect, multiple rapidimgNodeSrcchanges could let an older async call overwriteresolvedSrcfor a newerimgNodeSrc. Capturing the currentimgNodeSrcin a local variable and bailing out if it no longer matches before setting state would avoid that race.Otherwise the duplication success/reset and
shouldShowBlockconditions look good.Also applies to: 88-100, 120-124, 127-130
packages/editor/src/core/plugins/paste-asset.ts (1)
11-19: TypehtmlContentexplicitly and (optionally) make the processed marker more specific.The new logic for preferring
text/plane-editor-htmland injecting a UTF‑8 meta tag looks good functionally and cooperates with the copy plugin.Two small refinements:
- Avoid implicit
anyonhtmlContentin TS:let htmlContent: string | null = null; if (event.clipboardData.getData("text/plane-editor-html")) { htmlContent = event.clipboardData.getData("text/plane-editor-html"); const metaTag = document.createElement("meta"); metaTag.setAttribute("charset", "utf-8"); htmlContent = metaTag.outerHTML + htmlContent; } else { htmlContent = event.clipboardData.getData("text/html"); } if (!htmlContent || htmlContent.includes('data-uploaded="true"')) return false;
- Optional: consider using a more specific marker like
data-plane-asset-uploaded="true"instead of the genericdata-uploaded="true"to reduce the chance of skipping processing for third‑party HTML that happens to use the same attribute.Also applies to: 20-21
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (4)
apps/api/plane/app/views/asset/v2.py(1 hunks)packages/editor/src/core/extensions/custom-image/components/node-view.tsx(3 hunks)packages/editor/src/core/plugins/markdown-clipboard.ts(1 hunks)packages/editor/src/core/plugins/paste-asset.ts(1 hunks)
🧰 Additional context used
📓 Path-based instructions (1)
**/*.{ts,tsx,mts,cts}
📄 CodeRabbit inference engine (.github/instructions/typescript.instructions.md)
**/*.{ts,tsx,mts,cts}: Useconsttype parameters for more precise literal inference in TypeScript 5.0+
Use thesatisfiesoperator to validate types without widening them
Leverage inferred type predicates to reduce the need for explicitisreturn types in filter/check functions
UseNoInfer<T>utility to block inference for specific type arguments when they should be determined by other arguments
Utilize narrowing inswitch(true)blocks for control flow analysis (TypeScript 5.3+)
Rely on narrowing from direct boolean comparisons for type guards
Trust preserved narrowing in closures when variables aren't modified after the check (TypeScript 5.4+)
Use constant indices to narrow object/array properties (TypeScript 5.5+)
Use standard ECMAScript decorators (Stage 3) instead of legacyexperimentalDecorators
Useusingdeclarations for explicit resource management with Disposable pattern instead of manual cleanup (TypeScript 5.2+)
Usewith { type: "json" }for import attributes; avoid deprecatedassertsyntax (TypeScript 5.3/5.8+)
Useimport typeexplicitly when importing types to ensure they are erased during compilation, respectingverbatimModuleSyntaxflag
Use.ts,.mts,.ctsextensions inimport typestatements (TypeScript 5.2+)
Useimport type { Type } from "mod" with { "resolution-mode": "import" }for specific module resolution contexts (TypeScript 5.3+)
Use new iterator methods (map, filter, etc.) if targeting modern environments (TypeScript 5.6+)
Utilize newSetmethods likeunion,intersection, etc., when available (TypeScript 5.5+)
UseObject.groupBy/Map.groupBystandard methods for grouping instead of external libraries (TypeScript 5.4+)
UsePromise.withResolvers()for creating promises with exposed resolve/reject functions (TypeScript 5.7+)
Use copying array methods (toSorted,toSpliced,with) for immutable array operations (TypeScript 5.2+)
Avoid accessing instance fields viasuperin classes (TypeScript 5....
Files:
packages/editor/src/core/plugins/paste-asset.tspackages/editor/src/core/extensions/custom-image/components/node-view.tsxpackages/editor/src/core/plugins/markdown-clipboard.ts
🧬 Code graph analysis (1)
packages/editor/src/core/extensions/custom-image/components/node-view.tsx (1)
packages/editor/src/core/extensions/custom-image/utils.ts (1)
hasImageDuplicationFailed(63-64)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)
- GitHub Check: CodeQL analysis (javascript-typescript)
- GitHub Check: Analyze (javascript)
- GitHub Check: Build and lint web apps
🔇 Additional comments (1)
packages/editor/src/core/plugins/markdown-clipboard.ts (1)
33-36: LGTM – custom clipboard MIME type integrates cleanly with existing copy behavior.Emitting
text/plane-editor-htmlalongsidetext/plainandtext/htmlis backward‑compatible and lines up with the paste plugin’s new behavior, without changing existing consumers.
iam-vipin
changed the title
|
Linked to Plane Work Item(s) This comment was auto-generated by Plane |
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (1)
apps/web/core/components/core/description-versions/modal.tsx (1)
13-79: Clipboard handler wiring withcopyMarkdownToClipboardis solidThe modal now correctly:
- Pulls
{ markdown, html }fromeditorRef.current.getMarkDown().- Uses
copyMarkdownToClipboard({ markdown, html })and surfaces success/failure via toasts.- Guards against a missing
editorRef.current.Implementation is consistent with the new clipboard utility and editor ref API. If you want to polish later, you could (optionally) make
handleCopyMarkdownasyncand usetry/catchinstead of.then/.catch, and consider localizing the toast messages.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (6)
apps/web/core/components/core/description-versions/modal.tsx(2 hunks)apps/web/core/components/pages/editor/toolbar/options-dropdown.tsx(2 hunks)apps/web/core/components/pages/modals/export-page-modal.tsx(1 hunks)packages/editor/src/core/helpers/editor-ref.ts(1 hunks)packages/editor/src/core/types/editor.ts(1 hunks)packages/utils/src/string.ts(1 hunks)
🧰 Additional context used
📓 Path-based instructions (1)
**/*.{ts,tsx,mts,cts}
📄 CodeRabbit inference engine (.github/instructions/typescript.instructions.md)
**/*.{ts,tsx,mts,cts}: Useconsttype parameters for more precise literal inference in TypeScript 5.0+
Use thesatisfiesoperator to validate types without widening them
Leverage inferred type predicates to reduce the need for explicitisreturn types in filter/check functions
UseNoInfer<T>utility to block inference for specific type arguments when they should be determined by other arguments
Utilize narrowing inswitch(true)blocks for control flow analysis (TypeScript 5.3+)
Rely on narrowing from direct boolean comparisons for type guards
Trust preserved narrowing in closures when variables aren't modified after the check (TypeScript 5.4+)
Use constant indices to narrow object/array properties (TypeScript 5.5+)
Use standard ECMAScript decorators (Stage 3) instead of legacyexperimentalDecorators
Useusingdeclarations for explicit resource management with Disposable pattern instead of manual cleanup (TypeScript 5.2+)
Usewith { type: "json" }for import attributes; avoid deprecatedassertsyntax (TypeScript 5.3/5.8+)
Useimport typeexplicitly when importing types to ensure they are erased during compilation, respectingverbatimModuleSyntaxflag
Use.ts,.mts,.ctsextensions inimport typestatements (TypeScript 5.2+)
Useimport type { Type } from "mod" with { "resolution-mode": "import" }for specific module resolution contexts (TypeScript 5.3+)
Use new iterator methods (map, filter, etc.) if targeting modern environments (TypeScript 5.6+)
Utilize newSetmethods likeunion,intersection, etc., when available (TypeScript 5.5+)
UseObject.groupBy/Map.groupBystandard methods for grouping instead of external libraries (TypeScript 5.4+)
UsePromise.withResolvers()for creating promises with exposed resolve/reject functions (TypeScript 5.7+)
Use copying array methods (toSorted,toSpliced,with) for immutable array operations (TypeScript 5.2+)
Avoid accessing instance fields viasuperin classes (TypeScript 5....
Files:
packages/editor/src/core/helpers/editor-ref.tsapps/web/core/components/pages/editor/toolbar/options-dropdown.tsxpackages/editor/src/core/types/editor.tsapps/web/core/components/pages/modals/export-page-modal.tsxapps/web/core/components/core/description-versions/modal.tsxpackages/utils/src/string.ts
🧠 Learnings (4)
📚 Learning: 2025-11-25T10:18:05.172Z
Learnt from: CR
Repo: makeplane/plane PR: 0
File: .github/instructions/typescript.instructions.md:0-0
Timestamp: 2025-11-25T10:18:05.172Z
Learning: Applies to **/*.{ts,tsx,mts,cts} : Use copying array methods (`toSorted`, `toSpliced`, `with`) for immutable array operations (TypeScript 5.2+)
Applied to files:
apps/web/core/components/pages/editor/toolbar/options-dropdown.tsxpackages/utils/src/string.ts
📚 Learning: 2025-10-21T17:22:05.204Z
Learnt from: lifeiscontent
Repo: makeplane/plane PR: 7989
File: apps/web/app/(all)/[workspaceSlug]/(projects)/projects/(detail)/[projectId]/pages/(detail)/[pageId]/page.tsx:45-46
Timestamp: 2025-10-21T17:22:05.204Z
Learning: In the makeplane/plane repository, the refactor from useParams() to params prop is specifically scoped to page.tsx and layout.tsx files in apps/web/app (Next.js App Router pattern). Other components (hooks, regular client components, utilities) should continue using the useParams() hook as that is the correct pattern for non-route components.
Applied to files:
apps/web/core/components/pages/editor/toolbar/options-dropdown.tsx
📚 Learning: 2025-10-01T15:30:17.605Z
Learnt from: lifeiscontent
Repo: makeplane/plane PR: 7888
File: packages/propel/src/avatar/avatar.stories.tsx:2-3
Timestamp: 2025-10-01T15:30:17.605Z
Learning: In the makeplane/plane repository, avoid suggesting inline type imports (e.g., `import { Avatar, type TAvatarSize }`) due to bundler compatibility issues. Keep type imports and value imports as separate statements.
Applied to files:
apps/web/core/components/core/description-versions/modal.tsx
📚 Learning: 2025-10-09T20:42:31.843Z
Learnt from: lifeiscontent
Repo: makeplane/plane PR: 7922
File: apps/admin/app/(all)/(dashboard)/ai/form.tsx:19-19
Timestamp: 2025-10-09T20:42:31.843Z
Learning: In the makeplane/plane repository, React types are globally available through TypeScript configuration. Type annotations like React.FC, React.ReactNode, etc. can be used without explicitly importing the React namespace. The codebase uses the modern JSX transform, so React imports are not required for JSX or type references.
Applied to files:
apps/web/core/components/core/description-versions/modal.tsx
🧬 Code graph analysis (3)
packages/editor/src/core/helpers/editor-ref.ts (1)
packages/utils/src/editor/markdown-parser/root.ts (1)
convertHTMLToMarkdown(112-143)
apps/web/core/components/core/description-versions/modal.tsx (3)
packages/utils/src/string.ts (1)
copyMarkdownToClipboard(387-414)packages/propel/src/toast/toast.tsx (1)
setToast(202-222)packages/i18n/src/store/index.ts (1)
t(223-244)
packages/utils/src/string.ts (1)
apps/space/helpers/string.helper.ts (1)
copyTextToClipboard(25-31)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)
- GitHub Check: Build and lint web apps
- GitHub Check: Analyze (javascript)
🔇 Additional comments (4)
packages/editor/src/core/helpers/editor-ref.ts (1)
81-91: UpdatedgetMarkDownshape and null handling look correct
getMarkDownnow returns{ markdown, html }and gracefully handles!editorwith{ markdown: "", html: "" }, matching the updatedEditorRefApitype and avoiding null/undefined at call sites.apps/web/core/components/pages/modals/export-page-modal.tsx (1)
157-167: Markdown export correctly adapts to newgetMarkDownAPIDestructuring
{ markdown: markdownContent } = editorRef?.getMarkDown() ?? { markdown: "" }is type-safe with the new return shape and avoids runtime errors wheneditorRefis null, while preserving previous behavior for empty content.packages/editor/src/core/types/editor.ts (1)
100-139:EditorRefApi.getMarkDowntype now matches runtime behaviorUpdating
getMarkDownto return{ markdown: string; html: string }aligns the type with the new implementation and all updated call sites, preventing type mismatches and clarifying the API contract.apps/web/core/components/pages/editor/toolbar/options-dropdown.tsx (1)
8-91: Page options “Copy markdown” action correctly migrated to new clipboard APIThe extra menu option now:
- Safely exits if
editorRefis missing.- Uses
editorRef.getMarkDown()to obtain{ markdown, html }.- Delegates to
copyMarkdownToClipboard({ markdown, html })and surfaces success/failure via toasts.This is consistent with the updated EditorRef API and shared clipboard logic used elsewhere.
packages/utils/src/string.ts
Outdated
| /** | ||
| * @description Copies markdown and HTML content to clipboard with multiple formats including custom plane-editor format | ||
| * @param {Object} params - Parameters object | ||
| * @param {string} params.markdown - Markdown text to copy | ||
| * @param {string} params.html - HTML content to copy | ||
| * @returns {Promise<void>} Promise that resolves when copying is complete | ||
| * @example | ||
| * await copyMarkdownToClipboard({ markdown: "# Hello", html: "<h1>Hello</h1>" }) | ||
| */ | ||
| export const copyMarkdownToClipboard = async ({ | ||
| markdown, | ||
| html, | ||
| }: { | ||
| markdown: string; | ||
| html: string; | ||
| }): Promise<void> => { | ||
| // Try using the copy event to support custom MIME types | ||
| try { | ||
| const handleCopy = (event: ClipboardEvent) => { | ||
| event.preventDefault(); | ||
| event.clipboardData?.clearData(); | ||
| event.clipboardData?.setData("text/plain", markdown); | ||
| event.clipboardData?.setData("text/html", html); | ||
| event.clipboardData?.setData("text/plane-editor-html", html); | ||
| document.removeEventListener("copy", handleCopy); | ||
| }; | ||
|
|
||
| document.addEventListener("copy", handleCopy); | ||
| document.execCommand("copy"); | ||
| return; | ||
| } catch (error) { | ||
| console.warn("Failed to copy with custom formats, trying standard clipboard API:", error); | ||
| } | ||
|
|
||
| // Final fallback to simple text copy | ||
| await copyTextToClipboard(markdown); | ||
| }; |
There was a problem hiding this comment.
Harden copyMarkdownToClipboard against execCommand failures and listener leaks
The current implementation can leave the "copy" listener attached and report success even when document.execCommand("copy") silently fails:
- If
execCommand("copy")throws before the event fires,handleCopyis never called, soremoveEventListeneris never run and the listener will hijack future copy events. - If
execCommand("copy")returnsfalse(copy blocked/unsupported) without throwing, youreturnearly, never fall back tocopyTextToClipboard, and the listener also stays attached.
This can corrupt subsequent clipboard behavior across the app.
You can make this more robust by always cleaning up the listener and treating a false result as failure, e.g.:
export const copyMarkdownToClipboard = async ({
markdown,
html,
}: {
markdown: string;
html: string;
}): Promise<void> => {
- // Try using the copy event to support custom MIME types
- try {
- const handleCopy = (event: ClipboardEvent) => {
- event.preventDefault();
- event.clipboardData?.clearData();
- event.clipboardData?.setData("text/plain", markdown);
- event.clipboardData?.setData("text/html", html);
- event.clipboardData?.setData("text/plane-editor-html", html);
- document.removeEventListener("copy", handleCopy);
- };
-
- document.addEventListener("copy", handleCopy);
- document.execCommand("copy");
- return;
- } catch (error) {
- console.warn("Failed to copy with custom formats, trying standard clipboard API:", error);
- }
-
- // Final fallback to simple text copy
- await copyTextToClipboard(markdown);
+ const handleCopy = (event: ClipboardEvent) => {
+ event.preventDefault();
+ event.clipboardData?.clearData();
+ event.clipboardData?.setData("text/plain", markdown);
+ event.clipboardData?.setData("text/html", html);
+ event.clipboardData?.setData("text/plane-editor-html", html);
+ };
+
+ // Try using the copy event to support custom MIME types
+ try {
+ document.addEventListener("copy", handleCopy, { once: true });
+
+ const success = document.execCommand("copy");
+ if (!success) {
+ throw new Error("document.execCommand('copy') returned false");
+ }
+ return;
+ } catch (error) {
+ console.warn(
+ "Failed to copy with custom formats, falling back to plain-text clipboard copy:",
+ error
+ );
+ } finally {
+ document.removeEventListener("copy", handleCopy);
+ }
+
+ // Final fallback to simple text copy
+ await copyTextToClipboard(markdown);
};This keeps the listener from leaking and guarantees you fall back when the custom path doesn’t actually copy anything.
🤖 Prompt for AI Agents
In packages/utils/src/string.ts around lines 378 to 414, the copy handler can
leak if document.execCommand("copy") throws or returns false; ensure the "copy"
listener is always removed and treat a false return as failure so you fall back
to copyTextToClipboard. Implement execCommand call inside a try/catch/finally
where you: add the listener, call execCommand and capture its boolean result, on
success let the handler remove itself, but in finally always call
document.removeEventListener("copy", handleCopy) to guard against leaks, and if
execCommand threw or returned false then call await
copyTextToClipboard(markdown) as the fallback.
| metaTag.setAttribute("charset", "utf-8"); | ||
| htmlContent = metaTag.outerHTML + htmlContent; | ||
| } else { | ||
| htmlContent = event.clipboardData.getData("text/html"); |
There was a problem hiding this comment.
There's no need to handle for the else condition.
| getDocumentInfo: () => TDocumentInfo; | ||
| getHeadings: () => IMarking[]; | ||
| getMarkDown: () => string; | ||
| getMarkDown: () => { markdown: string; html: string }; |
There was a problem hiding this comment.
Revert the getMarkdown function to its original state. Crate a new copyMarkdown function which will take care of copying content of all types.
packages/utils/src/string.ts
Outdated
| * @example | ||
| * await copyMarkdownToClipboard({ markdown: "# Hello", html: "<h1>Hello</h1>" }) | ||
| */ | ||
| export const copyMarkdownToClipboard = async ({ |
There was a problem hiding this comment.
Remove this function and move it to editor.
| ); | ||
| const { markdown, html } = editorRef.current.getMarkDown(); | ||
|
|
||
| copyMarkdownToClipboard({ markdown, html }) |
There was a problem hiding this comment.
Use editorRef's copy function.
| words: editor?.storage.characterCount?.words?.() ?? 0, | ||
| }), | ||
| getHeadings: () => (editor ? editor.storage.headingsList?.headings : []), | ||
| getMarkDown: () => { |
…board for simplified clipboard operations
There was a problem hiding this comment.
Actionable comments posted: 0
♻️ Duplicate comments (2)
apps/api/plane/app/views/asset/v2.py (1)
769-799: Workspace scoping removed from source asset lookup – possible cross‑workspace exposureBy changing the lookup to:
original_asset = FileAsset.objects.filter( id=asset_id, is_uploaded=True ).first()the source asset is no longer constrained to the current
workspace(fromslug). Combined with allowing[ROLE.ADMIN, ROLE.MEMBER, ROLE.GUEST]atlevel="WORKSPACE", any user with access to a workspace can duplicate any uploaded asset they can guess/obtain theasset_idfor, regardless of the asset’s original workspace.That effectively bypasses the usual
workspace__slug=...scoping used elsewhere in this file and may allow cross‑workspace data access via server‑side S3 copy.If the intent is not to allow arbitrary cross‑workspace duplication, please reintroduce workspace scoping (or an equivalent authorization check), e.g.:
- storage = S3Storage(request=request) - original_asset = FileAsset.objects.filter( - id=asset_id, is_uploaded=True - ).first() + storage = S3Storage(request=request) + original_asset = FileAsset.objects.filter( + id=asset_id, + is_uploaded=True, + workspace=workspace, + ).first()and optionally revisit whether
ROLE.GUESTshould be allowed here.apps/web/core/components/core/description-versions/modal.tsx (1)
13-69: UseeditorRef.current.copyMarkdownToClipboard()for the copy actionRight now the copy button still calls
copyTextToClipboard(editorRef.current.getMarkDown()), so:
- Only
text/plainis set on the clipboard.- The new multi‑format clipboard flow (
text/html+text/plane-editor-html) and paste plugin won’t kick in.- The newly imported
copyMarkdownToClipboardfrom@plane/utilsisn’t used.Since
EditorRefApinow exposescopyMarkdownToClipboard(), it’s cleaner to delegate to that and then show the toast:-import { calculateTimeAgo, cn, copyMarkdownToClipboard, copyTextToClipboard, getFileURL } from "@plane/utils"; +import { calculateTimeAgo, cn, getFileURL } from "@plane/utils"; ... const handleCopyMarkdown = useCallback(() => { if (!editorRef.current) return; - copyTextToClipboard(editorRef.current.getMarkDown()).then(() => + editorRef.current.copyMarkdownToClipboard().then(() => setToast({ type: TOAST_TYPE.SUCCESS, title: t("toast.success"), message: "Markdown copied to clipboard.", }) ); }, [t]);This hooks the modal into the same clipboard pipeline as the rest of the editor and avoids unused imports.
🧹 Nitpick comments (2)
packages/editor/src/core/plugins/paste-asset.ts (1)
11-21: Minor cleanup of clipboard read logicThe logic is fine, but you can simplify and make the type clearer by avoiding repeated
getDatacalls and using a single, well-typed value:
- Read
"text/plane-editor-html"once.- Early-return if it’s empty.
- Build a separate
htmlWithMeta(or reassign) and pass that downstream.For example:
- let htmlContent; - if (event.clipboardData.getData("text/plane-editor-html")) { - htmlContent = event.clipboardData.getData("text/plane-editor-html"); - const metaTag = document.createElement("meta"); - metaTag.setAttribute("charset", "utf-8"); - htmlContent = metaTag.outerHTML + htmlContent; - } else { - return false; - } + const planeEditorHtml = event.clipboardData.getData("text/plane-editor-html"); + if (!planeEditorHtml) return false; + + const metaTag = document.createElement("meta"); + metaTag.setAttribute("charset", "utf-8"); + const htmlContent = metaTag.outerHTML + planeEditorHtml;
htmlContentthen continues to work with the existing checks andprocessAssetDuplicationcall.packages/editor/src/core/helpers/editor-ref.ts (1)
81-112: copyMarkdownToClipboard implementation aligns with the new clipboard flowThe implementation correctly:
- Derives Markdown from the current HTML + meta.
- Sets
text/plainto Markdown and bothtext/htmlandtext/plane-editor-htmlto the HTML.- Uses a one‑shot
copylistener and cleans it up immediately after.To reduce the chance of future typos, consider centralizing the
"text/plane-editor-html"MIME string in a shared constant used here and in the paste/clipboard plugins, rather than hardcoding it in multiple places.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (5)
apps/api/plane/app/views/asset/v2.py(2 hunks)apps/web/core/components/core/description-versions/modal.tsx(1 hunks)packages/editor/src/core/helpers/editor-ref.ts(1 hunks)packages/editor/src/core/plugins/paste-asset.ts(1 hunks)packages/editor/src/core/types/editor.ts(1 hunks)
🧰 Additional context used
📓 Path-based instructions (1)
**/*.{ts,tsx,mts,cts}
📄 CodeRabbit inference engine (.github/instructions/typescript.instructions.md)
**/*.{ts,tsx,mts,cts}: Useconsttype parameters for more precise literal inference in TypeScript 5.0+
Use thesatisfiesoperator to validate types without widening them
Leverage inferred type predicates to reduce the need for explicitisreturn types in filter/check functions
UseNoInfer<T>utility to block inference for specific type arguments when they should be determined by other arguments
Utilize narrowing inswitch(true)blocks for control flow analysis (TypeScript 5.3+)
Rely on narrowing from direct boolean comparisons for type guards
Trust preserved narrowing in closures when variables aren't modified after the check (TypeScript 5.4+)
Use constant indices to narrow object/array properties (TypeScript 5.5+)
Use standard ECMAScript decorators (Stage 3) instead of legacyexperimentalDecorators
Useusingdeclarations for explicit resource management with Disposable pattern instead of manual cleanup (TypeScript 5.2+)
Usewith { type: "json" }for import attributes; avoid deprecatedassertsyntax (TypeScript 5.3/5.8+)
Useimport typeexplicitly when importing types to ensure they are erased during compilation, respectingverbatimModuleSyntaxflag
Use.ts,.mts,.ctsextensions inimport typestatements (TypeScript 5.2+)
Useimport type { Type } from "mod" with { "resolution-mode": "import" }for specific module resolution contexts (TypeScript 5.3+)
Use new iterator methods (map, filter, etc.) if targeting modern environments (TypeScript 5.6+)
Utilize newSetmethods likeunion,intersection, etc., when available (TypeScript 5.5+)
UseObject.groupBy/Map.groupBystandard methods for grouping instead of external libraries (TypeScript 5.4+)
UsePromise.withResolvers()for creating promises with exposed resolve/reject functions (TypeScript 5.7+)
Use copying array methods (toSorted,toSpliced,with) for immutable array operations (TypeScript 5.2+)
Avoid accessing instance fields viasuperin classes (TypeScript 5....
Files:
packages/editor/src/core/types/editor.tspackages/editor/src/core/plugins/paste-asset.tspackages/editor/src/core/helpers/editor-ref.tsapps/web/core/components/core/description-versions/modal.tsx
🧠 Learnings (3)
📚 Learning: 2025-07-23T18:18:06.875Z
Learnt from: NarayanBavisetti
Repo: makeplane/plane PR: 7460
File: apps/api/plane/app/serializers/draft.py:112-122
Timestamp: 2025-07-23T18:18:06.875Z
Learning: In the Plane codebase serializers, workspace_id is not consistently passed in serializer context, so parent issue validation in DraftIssueCreateSerializer only checks project_id rather than both workspace_id and project_id. The existing project member authentication system already validates that users can only access projects they belong to, providing sufficient security without risking breaking functionality by adding workspace_id validation where the context might not be available.
Applied to files:
apps/api/plane/app/views/asset/v2.py
📚 Learning: 2025-10-01T15:30:17.605Z
Learnt from: lifeiscontent
Repo: makeplane/plane PR: 7888
File: packages/propel/src/avatar/avatar.stories.tsx:2-3
Timestamp: 2025-10-01T15:30:17.605Z
Learning: In the makeplane/plane repository, avoid suggesting inline type imports (e.g., `import { Avatar, type TAvatarSize }`) due to bundler compatibility issues. Keep type imports and value imports as separate statements.
Applied to files:
apps/web/core/components/core/description-versions/modal.tsx
📚 Learning: 2025-10-09T20:42:31.843Z
Learnt from: lifeiscontent
Repo: makeplane/plane PR: 7922
File: apps/admin/app/(all)/(dashboard)/ai/form.tsx:19-19
Timestamp: 2025-10-09T20:42:31.843Z
Learning: In the makeplane/plane repository, React types are globally available through TypeScript configuration. Type annotations like React.FC, React.ReactNode, etc. can be used without explicitly importing the React namespace. The codebase uses the modern JSX transform, so React imports are not required for JSX or type references.
Applied to files:
apps/web/core/components/core/description-versions/modal.tsx
🧬 Code graph analysis (1)
packages/editor/src/core/helpers/editor-ref.ts (1)
packages/utils/src/editor/markdown-parser/root.ts (1)
convertHTMLToMarkdown(112-143)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)
- GitHub Check: Analyze (javascript)
- GitHub Check: Build and lint web apps
🔇 Additional comments (1)
packages/editor/src/core/types/editor.ts (1)
100-122: NewcopyMarkdownToClipboardAPI signature looks consistentAdding
copyMarkdownToClipboard: () => Promise<void>;to
EditorRefApimatches the helper implementation and cleanly exposes the new clipboard behavior to consumers.
…board with copyMarkdownToClipboard in editor components
There was a problem hiding this comment.
Actionable comments posted: 0
🧹 Nitpick comments (2)
apps/web/core/components/core/description-versions/modal.tsx (1)
60-69: Good adoption of the new API, but consider adding error handling.This change correctly addresses the past review feedback to use
editorRef's copy function. The implementation properly null-checks the ref and shows a success toast.However, consider adding error handling to inform users if the clipboard operation fails:
const handleCopyMarkdown = useCallback(() => { if (!editorRef.current) return; editorRef.current.copyMarkdownToClipboard().then(() => setToast({ type: TOAST_TYPE.SUCCESS, title: t("toast.success"), message: "Markdown copied to clipboard.", }) - ); + ).catch(() => + setToast({ + type: TOAST_TYPE.ERROR, + title: t("toast.error"), + message: "Failed to copy markdown to clipboard.", + }) + ); }, [t]);apps/web/core/components/pages/editor/toolbar/options-dropdown.tsx (1)
71-86: API adoption looks good; consider adding error handling.The change correctly adopts the new
copyMarkdownToClipboard()API with proper null-checking and success feedback.Consider adding error handling to provide user feedback if the clipboard operation fails:
{ key: "copy-markdown", action: () => { if (!editorRef) return; editorRef.copyMarkdownToClipboard().then(() => setToast({ type: TOAST_TYPE.SUCCESS, title: "Success!", message: "Markdown copied to clipboard.", }) - ); + ).catch(() => + setToast({ + type: TOAST_TYPE.ERROR, + title: "Error!", + message: "Failed to copy markdown to clipboard.", + }) + ); }, title: "Copy markdown", icon: Clipboard, shouldRender: true, },
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (3)
apps/web/core/components/core/description-versions/modal.tsx(1 hunks)apps/web/core/components/pages/editor/toolbar/options-dropdown.tsx(1 hunks)packages/editor/src/core/plugins/paste-asset.ts(2 hunks)
🚧 Files skipped from review as they are similar to previous changes (1)
- packages/editor/src/core/plugins/paste-asset.ts
🧰 Additional context used
📓 Path-based instructions (1)
**/*.{ts,tsx,mts,cts}
📄 CodeRabbit inference engine (.github/instructions/typescript.instructions.md)
**/*.{ts,tsx,mts,cts}: Useconsttype parameters for more precise literal inference in TypeScript 5.0+
Use thesatisfiesoperator to validate types without widening them
Leverage inferred type predicates to reduce the need for explicitisreturn types in filter/check functions
UseNoInfer<T>utility to block inference for specific type arguments when they should be determined by other arguments
Utilize narrowing inswitch(true)blocks for control flow analysis (TypeScript 5.3+)
Rely on narrowing from direct boolean comparisons for type guards
Trust preserved narrowing in closures when variables aren't modified after the check (TypeScript 5.4+)
Use constant indices to narrow object/array properties (TypeScript 5.5+)
Use standard ECMAScript decorators (Stage 3) instead of legacyexperimentalDecorators
Useusingdeclarations for explicit resource management with Disposable pattern instead of manual cleanup (TypeScript 5.2+)
Usewith { type: "json" }for import attributes; avoid deprecatedassertsyntax (TypeScript 5.3/5.8+)
Useimport typeexplicitly when importing types to ensure they are erased during compilation, respectingverbatimModuleSyntaxflag
Use.ts,.mts,.ctsextensions inimport typestatements (TypeScript 5.2+)
Useimport type { Type } from "mod" with { "resolution-mode": "import" }for specific module resolution contexts (TypeScript 5.3+)
Use new iterator methods (map, filter, etc.) if targeting modern environments (TypeScript 5.6+)
Utilize newSetmethods likeunion,intersection, etc., when available (TypeScript 5.5+)
UseObject.groupBy/Map.groupBystandard methods for grouping instead of external libraries (TypeScript 5.4+)
UsePromise.withResolvers()for creating promises with exposed resolve/reject functions (TypeScript 5.7+)
Use copying array methods (toSorted,toSpliced,with) for immutable array operations (TypeScript 5.2+)
Avoid accessing instance fields viasuperin classes (TypeScript 5....
Files:
apps/web/core/components/core/description-versions/modal.tsxapps/web/core/components/pages/editor/toolbar/options-dropdown.tsx
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)
- GitHub Check: Analyze (javascript)
- GitHub Check: Build and lint web apps
aaryan610
changed the title
…handling and streamlining HTML processing
| const handleCopyMarkdown = useCallback(() => { | ||
| if (!editorRef.current) return; | ||
| copyTextToClipboard(editorRef.current.getMarkDown()).then(() => | ||
| editorRef.current.copyMarkdownToClipboard().then(() => |
| }); | ||
| return markdown; | ||
| }, | ||
| copyMarkdownToClipboard: async () => { |
…ipboard functionality
There was a problem hiding this comment.
Actionable comments posted: 3
🧹 Nitpick comments (1)
packages/editor/src/core/helpers/paste-asset.ts (1)
24-25: Consider optimizing the repeated DOM updates.The pattern of updating
tempDiv.innerHTMLafter processing each component type (line 25) is functionally correct but inefficient. Each update re-parses the entire HTML string. Since the handlers modify HTML strings rather than DOM nodes directly, this approach is necessary for the current architecture.For better performance with large documents or many handlers, consider refactoring to work with DOM nodes directly instead of serializing and re-parsing HTML strings on each iteration.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (3)
packages/editor/src/core/extensions/utility.ts(0 hunks)packages/editor/src/core/helpers/paste-asset.ts(1 hunks)packages/editor/src/core/props.ts(2 hunks)
💤 Files with no reviewable changes (1)
- packages/editor/src/core/extensions/utility.ts
🧰 Additional context used
📓 Path-based instructions (1)
**/*.{ts,tsx,mts,cts}
📄 CodeRabbit inference engine (.github/instructions/typescript.instructions.md)
**/*.{ts,tsx,mts,cts}: Useconsttype parameters for more precise literal inference in TypeScript 5.0+
Use thesatisfiesoperator to validate types without widening them
Leverage inferred type predicates to reduce the need for explicitisreturn types in filter/check functions
UseNoInfer<T>utility to block inference for specific type arguments when they should be determined by other arguments
Utilize narrowing inswitch(true)blocks for control flow analysis (TypeScript 5.3+)
Rely on narrowing from direct boolean comparisons for type guards
Trust preserved narrowing in closures when variables aren't modified after the check (TypeScript 5.4+)
Use constant indices to narrow object/array properties (TypeScript 5.5+)
Use standard ECMAScript decorators (Stage 3) instead of legacyexperimentalDecorators
Useusingdeclarations for explicit resource management with Disposable pattern instead of manual cleanup (TypeScript 5.2+)
Usewith { type: "json" }for import attributes; avoid deprecatedassertsyntax (TypeScript 5.3/5.8+)
Useimport typeexplicitly when importing types to ensure they are erased during compilation, respectingverbatimModuleSyntaxflag
Use.ts,.mts,.ctsextensions inimport typestatements (TypeScript 5.2+)
Useimport type { Type } from "mod" with { "resolution-mode": "import" }for specific module resolution contexts (TypeScript 5.3+)
Use new iterator methods (map, filter, etc.) if targeting modern environments (TypeScript 5.6+)
Utilize newSetmethods likeunion,intersection, etc., when available (TypeScript 5.5+)
UseObject.groupBy/Map.groupBystandard methods for grouping instead of external libraries (TypeScript 5.4+)
UsePromise.withResolvers()for creating promises with exposed resolve/reject functions (TypeScript 5.7+)
Use copying array methods (toSorted,toSpliced,with) for immutable array operations (TypeScript 5.2+)
Avoid accessing instance fields viasuperin classes (TypeScript 5....
Files:
packages/editor/src/core/helpers/paste-asset.tspackages/editor/src/core/props.ts
🧬 Code graph analysis (1)
packages/editor/src/core/helpers/paste-asset.ts (1)
packages/editor/src/ce/helpers/asset-duplication.ts (1)
assetDuplicationHandlers(38-40)
🪛 ast-grep (0.40.0)
packages/editor/src/core/helpers/paste-asset.ts
[warning] 5-5: Direct HTML content assignment detected. Modifying innerHTML, outerHTML, or using document.write with unsanitized content can lead to XSS vulnerabilities. Use secure alternatives like textContent or sanitize HTML with libraries like DOMPurify.
Context: tempDiv.innerHTML = htmlContent
Note: [CWE-79] Improper Neutralization of Input During Web Page Generation [REFERENCES]
- https://www.dhairyashah.dev/posts/why-innerhtml-is-a-bad-idea-and-how-to-avoid-it/
- https://cwe.mitre.org/data/definitions/79.html
(unsafe-html-content-assignment)
[warning] 24-24: Direct HTML content assignment detected. Modifying innerHTML, outerHTML, or using document.write with unsanitized content can lead to XSS vulnerabilities. Use secure alternatives like textContent or sanitize HTML with libraries like DOMPurify.
Context: tempDiv.innerHTML = processedHtml
Note: [CWE-79] Improper Neutralization of Input During Web Page Generation [REFERENCES]
- https://www.dhairyashah.dev/posts/why-innerhtml-is-a-bad-idea-and-how-to-avoid-it/
- https://cwe.mitre.org/data/definitions/79.html
(unsafe-html-content-assignment)
[warning] 5-5: Direct modification of innerHTML or outerHTML properties detected. Modifying these properties with unsanitized user input can lead to XSS vulnerabilities. Use safe alternatives or sanitize content first.
Context: tempDiv.innerHTML = htmlContent
Note: [CWE-79] Improper Neutralization of Input During Web Page Generation [REFERENCES]
- https://owasp.org/www-community/xss-filter-evasion-cheatsheet
- https://cwe.mitre.org/data/definitions/79.html
(dom-content-modification)
[warning] 24-24: Direct modification of innerHTML or outerHTML properties detected. Modifying these properties with unsanitized user input can lead to XSS vulnerabilities. Use safe alternatives or sanitize content first.
Context: tempDiv.innerHTML = processedHtml
Note: [CWE-79] Improper Neutralization of Input During Web Page Generation [REFERENCES]
- https://owasp.org/www-community/xss-filter-evasion-cheatsheet
- https://cwe.mitre.org/data/definitions/79.html
(dom-content-modification)
packages/editor/src/core/props.ts
[warning] 46-46: Direct HTML content assignment detected. Modifying innerHTML, outerHTML, or using document.write with unsanitized content can lead to XSS vulnerabilities. Use secure alternatives like textContent or sanitize HTML with libraries like DOMPurify.
Context: tempDiv.innerHTML = processedHtml
Note: [CWE-79] Improper Neutralization of Input During Web Page Generation [REFERENCES]
- https://www.dhairyashah.dev/posts/why-innerhtml-is-a-bad-idea-and-how-to-avoid-it/
- https://cwe.mitre.org/data/definitions/79.html
(unsafe-html-content-assignment)
[warning] 46-46: Direct modification of innerHTML or outerHTML properties detected. Modifying these properties with unsanitized user input can lead to XSS vulnerabilities. Use safe alternatives or sanitize content first.
Context: tempDiv.innerHTML = processedHtml
Note: [CWE-79] Improper Neutralization of Input During Web Page Generation [REFERENCES]
- https://owasp.org/www-community/xss-filter-evasion-cheatsheet
- https://cwe.mitre.org/data/definitions/79.html
(dom-content-modification)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)
- GitHub Check: Build and lint web apps
- GitHub Check: Analyze (javascript)
🔇 Additional comments (1)
packages/editor/src/core/props.ts (1)
1-1: LGTM! Imports support the new paste handling logic.The new imports for
DOMParserandprocessAssetDuplicationare correctly added to support the custom paste handling functionality.Also applies to: 5-6
There was a problem hiding this comment.
Actionable comments posted: 0
🧹 Nitpick comments (2)
packages/editor/src/core/helpers/editor-ref.ts (2)
92-112: Prefer modern Clipboard API over deprecatedexecCommand.While the current implementation works,
document.execCommand("copy")is deprecated. The modernnavigator.clipboard.write()API withClipboardItemsupports custom MIME types (contrary to the earlier discussion) and provides better error handling and permissions support.Consider this async alternative:
-copyMarkdownToClipboard: () => { +copyMarkdownToClipboard: async () => { if (!editor) return; const html = editor.getHTML(); const metaData = getEditorMetaData(html); const markdown = convertHTMLToMarkdown({ description_html: html, metaData, }); - const copyHandler = (event: ClipboardEvent) => { - event.preventDefault(); - event.clipboardData?.setData("text/plain", markdown); - event.clipboardData?.setData("text/html", html); - event.clipboardData?.setData("text/plane-editor-html", html); - document.removeEventListener("copy", copyHandler); - }; - - document.addEventListener("copy", copyHandler); - document.execCommand("copy"); + try { + const item = new ClipboardItem({ + "text/plain": new Blob([markdown], { type: "text/plain" }), + "text/html": new Blob([html], { type: "text/html" }), + "text/plane-editor-html": new Blob([html], { type: "text/plane-editor-html" }), + }); + await navigator.clipboard.write([item]); + } catch (error) { + console.error("Failed to copy to clipboard:", error); + throw error; + } },Note: This requires updating the calling code in
modal.tsxandoptions-dropdown.tsxto handle the async nature (e.g.,await editorRef.copyMarkdownToClipboard()or.then()), and updating the TypeScript signature in the EditorRefApi type definition.
102-112: Consider adding error handling for clipboard failures.The current implementation lacks error handling for cases where:
document.execCommand("copy")returnsfalse(copy failed)- Clipboard access is denied by the browser
clipboardDataisnull(silent failure)If keeping the current approach, consider:
const copyHandler = (event: ClipboardEvent) => { event.preventDefault(); - event.clipboardData?.setData("text/plain", markdown); - event.clipboardData?.setData("text/html", html); - event.clipboardData?.setData("text/plane-editor-html", html); + const clipboardData = event.clipboardData; + if (!clipboardData) { + console.error("Clipboard data unavailable"); + return; + } + clipboardData.setData("text/plain", markdown); + clipboardData.setData("text/html", html); + clipboardData.setData("text/plane-editor-html", html); document.removeEventListener("copy", copyHandler); }; document.addEventListener("copy", copyHandler); -document.execCommand("copy"); +const success = document.execCommand("copy"); +if (!success) { + document.removeEventListener("copy", copyHandler); + console.error("Copy command failed"); +}This provides better observability when clipboard operations fail.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (4)
apps/web/core/components/core/description-versions/modal.tsx(1 hunks)apps/web/core/components/pages/editor/toolbar/options-dropdown.tsx(1 hunks)packages/editor/src/core/helpers/editor-ref.ts(1 hunks)packages/editor/src/core/types/editor.ts(1 hunks)
🚧 Files skipped from review as they are similar to previous changes (1)
- packages/editor/src/core/types/editor.ts
🧰 Additional context used
📓 Path-based instructions (1)
**/*.{ts,tsx,mts,cts}
📄 CodeRabbit inference engine (.github/instructions/typescript.instructions.md)
**/*.{ts,tsx,mts,cts}: Useconsttype parameters for more precise literal inference in TypeScript 5.0+
Use thesatisfiesoperator to validate types without widening them
Leverage inferred type predicates to reduce the need for explicitisreturn types in filter/check functions
UseNoInfer<T>utility to block inference for specific type arguments when they should be determined by other arguments
Utilize narrowing inswitch(true)blocks for control flow analysis (TypeScript 5.3+)
Rely on narrowing from direct boolean comparisons for type guards
Trust preserved narrowing in closures when variables aren't modified after the check (TypeScript 5.4+)
Use constant indices to narrow object/array properties (TypeScript 5.5+)
Use standard ECMAScript decorators (Stage 3) instead of legacyexperimentalDecorators
Useusingdeclarations for explicit resource management with Disposable pattern instead of manual cleanup (TypeScript 5.2+)
Usewith { type: "json" }for import attributes; avoid deprecatedassertsyntax (TypeScript 5.3/5.8+)
Useimport typeexplicitly when importing types to ensure they are erased during compilation, respectingverbatimModuleSyntaxflag
Use.ts,.mts,.ctsextensions inimport typestatements (TypeScript 5.2+)
Useimport type { Type } from "mod" with { "resolution-mode": "import" }for specific module resolution contexts (TypeScript 5.3+)
Use new iterator methods (map, filter, etc.) if targeting modern environments (TypeScript 5.6+)
Utilize newSetmethods likeunion,intersection, etc., when available (TypeScript 5.5+)
UseObject.groupBy/Map.groupBystandard methods for grouping instead of external libraries (TypeScript 5.4+)
UsePromise.withResolvers()for creating promises with exposed resolve/reject functions (TypeScript 5.7+)
Use copying array methods (toSorted,toSpliced,with) for immutable array operations (TypeScript 5.2+)
Avoid accessing instance fields viasuperin classes (TypeScript 5....
Files:
apps/web/core/components/core/description-versions/modal.tsxpackages/editor/src/core/helpers/editor-ref.tsapps/web/core/components/pages/editor/toolbar/options-dropdown.tsx
🧬 Code graph analysis (3)
apps/web/core/components/core/description-versions/modal.tsx (2)
packages/propel/src/toast/toast.tsx (1)
setToast(202-222)packages/i18n/src/store/index.ts (1)
t(223-244)
packages/editor/src/core/helpers/editor-ref.ts (1)
packages/utils/src/editor/markdown-parser/root.ts (1)
convertHTMLToMarkdown(112-143)
apps/web/core/components/pages/editor/toolbar/options-dropdown.tsx (1)
packages/propel/src/toast/toast.tsx (1)
setToast(202-222)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)
- GitHub Check: Build and lint web apps
- GitHub Check: Analyze (javascript)
🔇 Additional comments (2)
apps/web/core/components/core/description-versions/modal.tsx (1)
60-68: LGTM! Simplified clipboard flow.The refactored implementation using
editorRef.current.copyMarkdownToClipboard()is cleaner and more direct than the previous promise-based approach. The synchronous toast feedback provides immediate user confirmation.apps/web/core/components/pages/editor/toolbar/options-dropdown.tsx (1)
73-81: LGTM! Consistent with editor API updates.The migration to
editorRef.copyMarkdownToClipboard()maintains consistency with the changes in the description versions modal and simplifies the copy flow.
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (1)
packages/editor/src/core/props.ts (1)
1-1: Remove unused import.The
DOMParserimport from@tiptap/pm/modelis not used anywhere in this file. This appears to be leftover from a previous implementation that has since been refactored to useview.pasteHTMLinstead.Apply this diff to remove the unused import:
-import { DOMParser } from "@tiptap/pm/model"; - import type { EditorProps } from "@tiptap/pm/view";
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
packages/editor/src/core/props.ts(2 hunks)
🧰 Additional context used
📓 Path-based instructions (1)
**/*.{ts,tsx,mts,cts}
📄 CodeRabbit inference engine (.github/instructions/typescript.instructions.md)
**/*.{ts,tsx,mts,cts}: Useconsttype parameters for more precise literal inference in TypeScript 5.0+
Use thesatisfiesoperator to validate types without widening them
Leverage inferred type predicates to reduce the need for explicitisreturn types in filter/check functions
UseNoInfer<T>utility to block inference for specific type arguments when they should be determined by other arguments
Utilize narrowing inswitch(true)blocks for control flow analysis (TypeScript 5.3+)
Rely on narrowing from direct boolean comparisons for type guards
Trust preserved narrowing in closures when variables aren't modified after the check (TypeScript 5.4+)
Use constant indices to narrow object/array properties (TypeScript 5.5+)
Use standard ECMAScript decorators (Stage 3) instead of legacyexperimentalDecorators
Useusingdeclarations for explicit resource management with Disposable pattern instead of manual cleanup (TypeScript 5.2+)
Usewith { type: "json" }for import attributes; avoid deprecatedassertsyntax (TypeScript 5.3/5.8+)
Useimport typeexplicitly when importing types to ensure they are erased during compilation, respectingverbatimModuleSyntaxflag
Use.ts,.mts,.ctsextensions inimport typestatements (TypeScript 5.2+)
Useimport type { Type } from "mod" with { "resolution-mode": "import" }for specific module resolution contexts (TypeScript 5.3+)
Use new iterator methods (map, filter, etc.) if targeting modern environments (TypeScript 5.6+)
Utilize newSetmethods likeunion,intersection, etc., when available (TypeScript 5.5+)
UseObject.groupBy/Map.groupBystandard methods for grouping instead of external libraries (TypeScript 5.4+)
UsePromise.withResolvers()for creating promises with exposed resolve/reject functions (TypeScript 5.7+)
Use copying array methods (toSorted,toSpliced,with) for immutable array operations (TypeScript 5.2+)
Avoid accessing instance fields viasuperin classes (TypeScript 5....
Files:
packages/editor/src/core/props.ts
🧬 Code graph analysis (1)
packages/editor/src/core/props.ts (1)
packages/editor/src/core/helpers/paste-asset.ts (1)
processAssetDuplication(4-30)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)
- GitHub Check: Build and lint web apps
- GitHub Check: Analyze (javascript)
| handlePaste: (view, event) => { | ||
| if (!event.clipboardData) return false; | ||
|
|
||
| const htmlContent = event.clipboardData.getData("text/plane-editor-html"); | ||
| if (!htmlContent) return false; | ||
|
|
||
| const { processedHtml } = processAssetDuplication(htmlContent); | ||
| event.preventDefault(); | ||
| view.pasteHTML(processedHtml); | ||
| return true; | ||
| }, |
There was a problem hiding this comment.
Add error handling and respect the hasChanges flag.
The implementation has two concerns:
-
Ignoring the
hasChangesflag: TheprocessAssetDuplicationfunction returns bothprocessedHtmlandhasChanges, but the code only usesprocessedHtml. This means the handler always prevents the default paste behavior and re-pastes the content even when no asset processing occurred, adding unnecessary overhead. IfhasChangesis false, the default paste behavior should be allowed. -
Missing error handling: If
processAssetDuplicationorview.pasteHTMLthrows an error, it will propagate uncaught, potentially breaking the paste functionality.
Apply this diff to respect the hasChanges flag and add error handling:
handlePaste: (view, event) => {
- if (!event.clipboardData) return false;
-
- const htmlContent = event.clipboardData.getData("text/plane-editor-html");
- if (!htmlContent) return false;
-
- const { processedHtml } = processAssetDuplication(htmlContent);
- event.preventDefault();
- view.pasteHTML(processedHtml);
- return true;
+ try {
+ if (!event.clipboardData) return false;
+
+ const htmlContent = event.clipboardData.getData("text/plane-editor-html");
+ if (!htmlContent) return false;
+
+ const { processedHtml, hasChanges } = processAssetDuplication(htmlContent);
+ if (!hasChanges) return false;
+
+ event.preventDefault();
+ view.pasteHTML(processedHtml);
+ return true;
+ } catch (error) {
+ console.error("Error handling paste:", error);
+ return false;
+ }
},📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| handlePaste: (view, event) => { | |
| if (!event.clipboardData) return false; | |
| const htmlContent = event.clipboardData.getData("text/plane-editor-html"); | |
| if (!htmlContent) return false; | |
| const { processedHtml } = processAssetDuplication(htmlContent); | |
| event.preventDefault(); | |
| view.pasteHTML(processedHtml); | |
| return true; | |
| }, | |
| handlePaste: (view, event) => { | |
| try { | |
| if (!event.clipboardData) return false; | |
| const htmlContent = event.clipboardData.getData("text/plane-editor-html"); | |
| if (!htmlContent) return false; | |
| const { processedHtml, hasChanges } = processAssetDuplication(htmlContent); | |
| if (!hasChanges) return false; | |
| event.preventDefault(); | |
| view.pasteHTML(processedHtml); | |
| return true; | |
| } catch (error) { | |
| console.error("Error handling paste:", error); | |
| return false; | |
| } | |
| }, |
🤖 Prompt for AI Agents
In packages/editor/src/core/props.ts around lines 33 to 43, update the paste
handler to respect the hasChanges flag returned by processAssetDuplication and
to guard against exceptions: call processAssetDuplication and check its
hasChanges boolean — only call event.preventDefault() and
view.pasteHTML(processedHtml) when hasChanges is true (if false, return false to
allow default paste), and wrap the processing and paste calls in a try/catch; on
error log the exception (or call an existing logger) and return false so paste
doesn't crash the app.
…for simplified asset processing
|
Build Link Check is Failing. Please resolve it. |
There was a problem hiding this comment.
Actionable comments posted: 0
🧹 Nitpick comments (1)
apps/web/core/components/pages/editor/toolbar/options-dropdown.tsx (1)
71-80: ConfirmcopyMarkdownToClipboardsuccess semantics before always showing a success toastThe handler now always fires a “Success!” toast immediately after calling
editorRef.copyMarkdownToClipboard(), whereas the previous implementation only showed success in the.then(...)ofcopyTextToClipboard(...). IfcopyMarkdownToClipboardcan fail (e.g., clipboard permission issues) and does not itself handle user feedback, this could show a success toast even when the copy didn’t succeed.Consider one of the following, depending on how
copyMarkdownToClipboardis implemented:
- If it returns a Promise/boolean, gate the success toast on the resolved/true path (and optionally add an error toast on failure), or
- If it already encapsulates success/failure toasts, remove this extra toast to avoid duplicate/conflicting messages.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
apps/web/core/components/pages/editor/toolbar/options-dropdown.tsx(1 hunks)
🧰 Additional context used
📓 Path-based instructions (1)
**/*.{ts,tsx,mts,cts}
📄 CodeRabbit inference engine (.github/instructions/typescript.instructions.md)
**/*.{ts,tsx,mts,cts}: Useconsttype parameters for more precise literal inference in TypeScript 5.0+
Use thesatisfiesoperator to validate types without widening them
Leverage inferred type predicates to reduce the need for explicitisreturn types in filter/check functions
UseNoInfer<T>utility to block inference for specific type arguments when they should be determined by other arguments
Utilize narrowing inswitch(true)blocks for control flow analysis (TypeScript 5.3+)
Rely on narrowing from direct boolean comparisons for type guards
Trust preserved narrowing in closures when variables aren't modified after the check (TypeScript 5.4+)
Use constant indices to narrow object/array properties (TypeScript 5.5+)
Use standard ECMAScript decorators (Stage 3) instead of legacyexperimentalDecorators
Useusingdeclarations for explicit resource management with Disposable pattern instead of manual cleanup (TypeScript 5.2+)
Usewith { type: "json" }for import attributes; avoid deprecatedassertsyntax (TypeScript 5.3/5.8+)
Useimport typeexplicitly when importing types to ensure they are erased during compilation, respectingverbatimModuleSyntaxflag
Use.ts,.mts,.ctsextensions inimport typestatements (TypeScript 5.2+)
Useimport type { Type } from "mod" with { "resolution-mode": "import" }for specific module resolution contexts (TypeScript 5.3+)
Use new iterator methods (map, filter, etc.) if targeting modern environments (TypeScript 5.6+)
Utilize newSetmethods likeunion,intersection, etc., when available (TypeScript 5.5+)
UseObject.groupBy/Map.groupBystandard methods for grouping instead of external libraries (TypeScript 5.4+)
UsePromise.withResolvers()for creating promises with exposed resolve/reject functions (TypeScript 5.7+)
Use copying array methods (toSorted,toSpliced,with) for immutable array operations (TypeScript 5.2+)
Avoid accessing instance fields viasuperin classes (TypeScript 5....
Files:
apps/web/core/components/pages/editor/toolbar/options-dropdown.tsx
🧬 Code graph analysis (1)
apps/web/core/components/pages/editor/toolbar/options-dropdown.tsx (1)
packages/propel/src/toast/toast.tsx (1)
setToast(202-222)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)
- GitHub Check: Build and lint web apps
- GitHub Check: Analyze (javascript)
) * [PAI-963] feat: enhance CustomSelect component with context for dropdown management (makeplane#8202) * feat: enhance CustomSelect component with context for dropdown management * refactor: streamline CustomSelect component structure and improve dropdown options rendering * [WEB-5603] feat: enhance workspace settings layout and members page (makeplane#8266) * feat: enhance workspace settings layout and members page with new components * refactor: update workspace settings layout and members page to use default exports * refactor: settings layout import changes * refactor: simplify workspaceSlug usage in settings layout * [WEB-5592] chore: add static files update settings for static files support (makeplane#8251) * chore: add static files collection and update settings for static files support * chore: add WhiteNoise middleware for static file handling * chore(deps): upgrade WhiteNoise to version 6.11.0 and add static file reverse proxy in Caddyfile * [WEB-5256]chore: quick actions refactor (makeplane#8019) * chore: quick actions refactor * chore: lint fix * chore: unified factory for actions * chore: lint fix * * chore: removed redundant files * chore: updated imports * chore: updated interfaces to types * chore: updated undefined handling * [WIKI-829] fix: add option to only show placeholder on empty editor (makeplane#8232) * feat: add placeholderOnEmpty functionality to editor components * Update packages/editor/src/core/extensions/placeholder.ts Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * refactor: rename placeholderOnEmpty to showPlaceholderOnEmpty across editor components * chore : make optional --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * [WIKI-830] fix: copy clipboard functionality in the editor (makeplane#8229) * feat: enhance clipboard functionality for markdown and HTML content * fix: improve error handling and state management in CustomImageNodeView component * fix: correct asset retrieval query by removing workspace filter in DuplicateAssetEndpoint * fix: update meta tag creation in PasteAssetPlugin for clipboard HTML content * feat: implement copyMarkdownToClipboard utility for enhanced clipboard functionality * refactor: replace copyMarkdownToClipboard utility with copyTextToClipboard for simplified clipboard operations * refactor: streamline clipboard operations by replacing copyTextToClipboard with copyMarkdownToClipboard in editor components * refactor: simplify PasteAssetPlugin by removing unnecessary meta tag handling and streamlining HTML processing * feat: implement asset duplication processing on paste for enhanced clipboard functionality * chore:remove async from copy markdown method * chore: add paste html * remove:prevent default * refactor: remove hasChanges from processAssetDuplication return type for simplified asset processing * fix: format options-dropdown.tsx * feat: add timezone selection to workspace settings (makeplane#8248) * feat: add timezone selection to workspace onboarding, creation and settings * refactor: remove timezone selection from workspace creation and onboarding forms * [WEB-5285] feat: enhance ChangeTrackerMixin to capture changed fields on save (makeplane#8270) - Added an override for the save method in ChangeTrackerMixin to store changed fields before resetting tracking. - Implemented a new method, _reset_tracked_fields, to ensure subsequent saves detect changes relative to the last saved state. - Updated IssueComment to utilize _changes_on_save for determining changed fields, improving accuracy in tracking modifications. * [WEB-5585]chore: timeline chart refactor (makeplane#8246) * chore: timeline chart refactor * fix: format * [WEB-5575]feat: enhance APITokenLogMiddleware to support logging to MongoDB (makeplane#8241) * feat: enhance APITokenLogMiddleware to support logging to MongoDB - Added functionality to log external API requests to MongoDB, with a fallback to PostgreSQL if MongoDB is unavailable. - Implemented error handling for MongoDB connection and logging operations. - Introduced additional fields for MongoDB logs, including timestamps and user identifiers. - Refactored request logging logic to streamline the process and improve maintainability. * fix: improve MongoDB availability checks in APITokenLogMiddleware - Enhanced the logic for determining MongoDB availability by checking if the collection is not None. - Added a check for MongoDB configuration before attempting to retrieve the collection. - Updated error handling to ensure the middleware correctly reflects the state of MongoDB connectivity. * feat: implement logging functionality in logger_task for API activity - Added a new logger_task module to handle logging of API activity to MongoDB and PostgreSQL. - Introduced functions for safely decoding request/response bodies and processing logs based on MongoDB availability. - Refactored APITokenLogMiddleware to utilize the new logging functions, improving code organization and maintainability. * refactor: simplify MongoDB logging in logger_task and middleware - Removed direct dependency on MongoDB collection in log_to_mongo function, now retrieving it internally. - Updated process_logs to check MongoDB configuration before logging, enhancing error handling. - Cleaned up logger.py by removing unused imports related to MongoDB. * feat: add Celery task decorator to process_logs function in logger_task - Introduced the @shared_task decorator to the process_logs function, enabling asynchronous processing of log data. - Updated function signature to include a return type of None for clarity. * [WEB-5609] fix: extended sidebar item pin/unpin makeplane#8287 * [WEB-5608] chore: Hide "Pro" Features in Community Edition (makeplane#8288) * chore: Hide "Pro" Features in Community Edition * refactor: remove time tracking feature and simplify project features list * chore: moving star us button to the top navigation (makeplane#8289) * chore: optimize turborepo (makeplane#8286) * [WIKI-844] fix: realtime sync post vite migration with title editor sync and indexed db access (makeplane#8294) * fix: robust way to handle socket connection and read from indexeddb cache when reqd * fix: realtime sync working with failure handling * fix: title editor added * merge preview into fix/realtime-sync * check * page renderer props * lint errors * lint errors * lint errors * sanitize html * sanitize html * format fix * fix lint * [WEB-4440] fix: duplicate sequence when creating multiple workitems in rapid succession (makeplane#8298) - Replace advisory lock with transaction-level lock in Issue model save method - Updated the save method in the Issue model to use a transaction-level advisory lock for better concurrency control. - Simplified the locking mechanism by removing the explicit unlock step, as the lock is automatically released at the end of the transaction. - Maintained existing functionality for sequence and sort order management while improving code clarity. * chore: format files in API server (makeplane#8292) * chore: fix ruff checks (makeplane#8305) * fix: editor sync changes (makeplane#8306) * chore: upate function declarations * chore: formatted files * chore: fix/check tooling improvements with turbo (makeplane#8304) * fix: broken lock file * chore: add Plane sync label to github templates makeplane#8303 Co-authored-by: Pushya Mitra Thiruvooru <pushya@Pushyas-MacBook-Pro.local> * [WEB-5624] chore: added webhook translations makeplane#8312 * chore(deps): upgrade next themes package * [WEB-5654]fix: custom select selection and dropdown close makeplane#8324 * [WEB-5124] chore: intake work item toast enhancements (makeplane#8329) * [WEB-5647] chore: list layout work item identifier enhancements (makeplane#8326) * chore: file formating * [WEB-5650] feat: Enable Gitea OAuth configuration (makeplane#8325) * feat: implement OAuth configuration helper and integrate into auth forms * fix: ensure OAuth providers are disabled by default if not configured * [WEB-5602] feat: new design system (makeplane#8220) * chore: init tailwind v4 * chore: update all configs * chore: add source to parse monorepo packages * chore: combine all css files * feat: added extended colors * chore: update typography * chore: update extended color var names * refactor: remove initial spacing variable and update dark mode selector * chore: update css files * chore: update animations * chore: remove spacing tokens * fix: external css files * chore: update tailwind-merge version * chore: update font family * chore: added brief agents.md and story for new design system * chore: enhance design system documentation with rare exceptions for visual separation * chore: add fontsource package for typography * chore: material symbols font added * chore: update shadow default * chore: add stroke and outline theme vars * chore: update ring and fill colors * chore: overwrite tailwind typography tokens * chore: add high contrast mode tokens * chore: update scrollbar colors * chore: backward compatibility for buttons and placeholders * chore: add priority colors * chore: update urgent priority color * chore: update plan colors * chore: add missing utility class * chore: update height and padding classes * chore: update label colors * chore: add missing utlity * chore: add typography plugin to space app * chore: replace existing classNames with new design system tokens makeplane#8244 (makeplane#8278) * chore: update border colors * chore: update all borders * chore: update text colors * chore: update css variables * chore: update font sizes and weights * chore: update bg colors * chore: sync changes * fix: uncomment spacing-1200 variable in variables.css * chore: update primary colors * refactor: updated border to border-subtle * refactor: update various components and improve UI consistency across the application * updated classnames * updated classnames * refactor: update color-related class names to use new design system variables for consistency * chore: default automations * chore: update text sizes * chore: home and power k * chore: home and power k * chore: replace ui package button components * chore: update text sizes * chore: updated issue identifier (makeplane#8275) * refactor: top navigation and sidebar design token (makeplane#8276) * chore: update all button components (makeplane#8277) * chore: new button component * chore: update existing buttons * chore: overwrite tailwind typography tokens * fix: twMerge config + fixed cn instances * refactor: toast design token updated (makeplane#8279) * chore: update existing buttons * chore: tooltip design token updatged (makeplane#8280) * chore: moved cn utility to propel (makeplane#8281) * chore: update space app UI (makeplane#8285) * chore; update space app filters component * fix: button whitespace wrap * chore: space app votes * chore: update dropdown components * refactor: auth, onboarding, sidebar, and common component design token migration (makeplane#8291) * chore: checkbox component design token updated * chore: indicator and oauth component design token updated * chore: sidebar design token updated * chore: auth and onboarding design token updated * chore: update divider color * style: update background colors and hover effects across list components * fix: tailwind merge * refactor: toggle switch design token migration and header utility classname added (makeplane#8295) * chore: toggle component design token updated * chore: h-header utility class added * chore: updated color tokens for work item detail page (makeplane#8296) * chore: update react-day-picker UI * refactor: update button sizes and styles in filters components * refactor: breadcrumbs design token updated (makeplane#8297) * chore: update priority icon colors * refactor: updated layout variables * chore: update plan card primary CTA * Chore update editor design system (makeplane#8299) * refactor: update styles for callout, color selector, logo selector, and image uploader * refactor:fix image * chore: update settings UI * chore: updated notifications color and size tokens (makeplane#8302) * chore: update sm button border radius * fix: logo renderer * chore: icon button component * chore: remove deprecated classes * chore: remove deprecated classes * chore: update editor list spacing * fix: icon button size * chore: improvements (makeplane#8309) * chore: update cycles and modules pages * refactor: update background styles across various components to use new design system colors * fix: button type errors * chore: update modals design system (makeplane#8310) * refactor: callout bg * refactor: code bg * refactor: modal size and variant --------- Co-authored-by: Aaryan Khandelwal <aaryankhandu123@gmail.com> * chore: update next-themes * design: update billing and plans component styles and remove unused utility functions (makeplane#8313) * refactor: empty state design token migration and improvements (makeplane#8315) * fix: profile page * refactor: tabs design token updated (makeplane#8316) * chore: updated buttons and tokens for work items (makeplane#8317) * fix: adjust trial button spacing in checkout modal * chore: update add button hover state * fix: type error (makeplane#8318) * fix: type error * chore: code refactor * refactor: update button sizes and background styles in rich filters components * refactor: update editor bg * refactor: enhance Gantt chart sidebar functionality and styling - Removed unused prop from . - Updated to include new props for better block management and scrolling behavior. - Improved auto-scroll functionality for Gantt chart items. - Adjusted styles in component for consistent design. * regression: gantt design * chore: new badge component * fix: favorite star * chore: update backgroung, typography and button sizes across workspace settings general and members pages * fix: header button sizes * fix: emoji icon logo (makeplane#8323) * more fixes * chore: update settings sidebar * refactor: avatar component * chore: updated work item detail sidebar (makeplane#8327) * refactor: update link preview * fix: work item property dropdowns * fix: dropdown buttons border radius * chore: update power k translation * chore: updated profile activity design (makeplane#8328) * chore: update settings pages * chore: update work item sidebar alignments (makeplane#8330) * refactor: admin design system * chore: update page header --------- Co-authored-by: Jayash Tripathy <76092296+JayashTripathy@users.noreply.github.com> Co-authored-by: VipinDevelops <vipinchaudhary1809@gmail.com> Co-authored-by: Vamsi Krishna <46787868+vamsikrishnamathala@users.noreply.github.com> Co-authored-by: Anmol Singh Bhatia <121005188+anmolsinghbhatia@users.noreply.github.com> Co-authored-by: gakshita <akshitagoyal1516@gmail.com> Co-authored-by: Palanikannan M <akashmalinimurugu@gmail.com> Co-authored-by: Prateek Shourya <prateekshourya29@gmail.com> Co-authored-by: b-saikrishnakanth <bsaikrishnakanth97@gmail.com> Co-authored-by: M. Palanikannan <73993394+Palanikannan1437@users.noreply.github.com> * fix: formatting * reexport types * fix: lint error --------- Co-authored-by: Jayash Tripathy <76092296+JayashTripathy@users.noreply.github.com> Co-authored-by: VipinDevelops <vipinchaudhary1809@gmail.com> Co-authored-by: Vamsi Krishna <46787868+vamsikrishnamathala@users.noreply.github.com> Co-authored-by: Anmol Singh Bhatia <121005188+anmolsinghbhatia@users.noreply.github.com> Co-authored-by: gakshita <akshitagoyal1516@gmail.com> Co-authored-by: Palanikannan M <akashmalinimurugu@gmail.com> Co-authored-by: Prateek Shourya <prateekshourya29@gmail.com> Co-authored-by: b-saikrishnakanth <bsaikrishnakanth97@gmail.com> Co-authored-by: M. Palanikannan <73993394+Palanikannan1437@users.noreply.github.com> * [WEB-5668] fix: add fetchWorkspaceLevelProjectEntities method and update project-related fetch keys (makeplane#8347) * [SILO-783] feat: added porters and new serializer based exporter (makeplane#8335) * [WEB-5699] refactor: update styling and classnames of charts according to new design system (makeplane#8345) * refactor: update styling and class names according to new design system in charts * refactor: clean up * feat: custom theming enhancements (makeplane#8342) * [WEB-5671] chore: settings workspace members enhancements makeplane#8346 * [WEB-5666] chore: set project timezone same as workspace timezone in project (makeplane#8340) * [WEB-5614] fix: new design system consistency (makeplane#8351) * chore: tooltip enhancements * chore: project card enhancements * chore: work item card enhancements * chore: update component styles and class names for consistency across the application --------- Co-authored-by: Anmol Singh Bhatia <anmolsinghbhatia@plane.so> * [WEB-5708] regression: remove material icon instances from the Space app (makeplane#8353) * chore: sync changes (makeplane#8343) * [WEB-5614] chore: work item detail and list layout enhancements makeplane#8355 * regression: replace old css vars with the new design system tokens (makeplane#8354) * chore: replace old css vars * fix: replace shadow and primary colors * chore: remove hardcoded colors * [WEB-5614] chore: custom theme on colour improvement makeplane#8356 * [WEB-5732] style: update work item detail properties UI (makeplane#8357) * [WEB-5730] fix: user mention colors makeplane#8358 * [WEB-5614] fix: empty state and padding token fixes (makeplane#8359) * [WEB-5614] chore: update component styles and class names for consistency across projects makeplane#8360 * [WEB-5614] chore: logo and icon enhancements makeplane#8362 * fix: work item property icon renderer (makeplane#8363) * [WEB-5614] fix: sidebar and label dropdown makeplane#8364 * fix: material icons font file (makeplane#8366) * [WEB-5614] chore: lucide icon code refactor makeplane#8365 * fix: nested context menu UI (makeplane#8367) * [WEB-5708] style: space app kanban card UI (makeplane#8368) * [WEB-5742] fix: input field background makeplane#8369 * [WEB-5641] chore: sub work item quick menu padding makeplane#8370 * chore: replace old classNames (makeplane#8372) * chore: update component styles and class names for consistency across the application (makeplane#8376) * [WEB-5660] [WEB-5737] fix: cycle and module sidebar makeplane#8375 * [WEB-5676] style: gantt column outline makeplane#8374 * [WEB-5614] chore: platform design token enhancements (makeplane#8373) * [WEB-5649] [WEB-5675] fix: local font files makeplane#8377 * [WEB-5614] chore: primitive token updated (makeplane#8378) * fix: tooltip imports (makeplane#8379) * [WEB-5614] chore: platform header and breadcrumb enhancements (makeplane#8383) * [WEB-5652] fix: kanban quick add UI makeplane#8382 * [WEB-5726] fix: showing an empty state on deleted work item link makeplane#8381 * fix: space app default background (makeplane#8384) * [WIKI-849] feat: debounce for mention search (makeplane#8380) * fix: font imports (makeplane#8387) * chore: platform layout enhancements (makeplane#8386) * fix: image uploader bg in light mode (makeplane#8385) * [WEB-5614] refactor: update styling and structure across various components (makeplane#8388) * fix: input fields bg (makeplane#8389) * fix: custom z-index classNames (makeplane#8395) * [WEB-5454] fix: optimize date validation logic in CycleCreateUpdateModal makeplane#8394 * [WEB-5614] chore: work item detail comment and sidebar enhancements (makeplane#8397) * [WEB-5675] chore: implement `fontsource` as the fonts library (makeplane#8398) * [WEB-5762] fix: workitem detail sidebar properties design consistency (makeplane#8400) * [WEB-5761]fix: intake spacing issue (makeplane#8399) * [WEB-5614] chore: sidebar enhancement makeplane#8401 * [WEB-5768]chore: updated comment UI makeplane#8402 * [WEB-5614] chore: package and layout enhancements makeplane#8403 * chore: update storybook dependency * [WEB-5657] feat: add synchronization configuration for multiple providers in authentication adapter (makeplane#8336) * feat: add sync functionality for OAuth providers - Implemented `check_sync_enabled` method to verify if sync is enabled for Google, GitHub, GitLab, and Gitea. - Added `sync_user_data` method to update user details, including first name, last name, display name, and avatar. - Updated configuration variables to include sync options for each provider. - Integrated sync check into the login/signup process. * feat: add sync toggle for OAuth providers in configuration forms * fix: remove default value for sync options in OAuth configuration forms * chore: delete old avatar and upload a new one * chore: update class method * chore: add email nullable * refactor: streamline sync check for multiple providers and improve avatar deletion logic * fix: ensure ENABLE_SYNC configurations default to "0" for Gitea, Github, Gitlab, and Google forms * fix: simplify toggle switch value handling in ControllerSwitch component --------- Co-authored-by: b-saikrishnakanth <bsaikrishnakanth97@gmail.com> * [WEB-5657] chore: synchronization configuration for multiple providers in authentication adapter makeplane#8409 * [WEB-5746]fix: workspace member modal z-index makeplane#8410 * [WEB-5773] fix: editor image full screen modal (makeplane#8413) * [WEB-5774] fix: editor nodes background colors (makeplane#8416) * [WEB-5776]chore: updated design system for alert modal makeplane#8415 * [WEB-5775] fix: mentions search on empty query makeplane#8417 * [WEB-5662][WEB-5770] fix: alignment of cycles in sidebar and layout selection dropdown button (makeplane#8414) * fix: alpha colors (makeplane#8418) * [WEB-5784] fix: truncation issue in wi properties (makeplane#8422) * fix: update background surface 2 variables in tailwind config * fix: improve layout and truncation handling in issue link and list items * docs: update readme with react router badge (makeplane#8424) Updated feature list and modified the local development section. * [WEB-5788] fix: board layout group by icon makeplane#8426 * [WEB-5792] regression: editor font family makeplane#8427 * [WIKI-740] refactor: editor table performance (makeplane#8411) * [WEB-5786] fix: updated font size for dates at Kanban card makeplane#8429 * [WEB-5772] fix: theme switch flicker (makeplane#8428) * [WEB-5784] fix: truncation of links in work items (makeplane#8430) * [WEB-5772] chore: theme switcher and editor colors enhancements (makeplane#8436) * [WEB-5772] chore: theme switcher code refactor makeplane#8438 * chore: workspace events (makeplane#8439) * chore: adding invite and joined events * chore: adding workspace create and update events * [WEB-5798] refactor: web and admin auth related components and update admin designs (makeplane#8431) * refactor: web and admin auth related components and update admin designs. * fix: format * [WEB-5581] fix: resolve logo spinner hydration and theme loading issues (makeplane#8450) - Fix hydration mismatch by lazy loading components that depend on theme - Ensure LogoSpinner renders with correct theme on initial load * [WEB-5791] fix: broken favicon in links (makeplane#8396) * fix: using base url of a redirect url * chore: internal networks check for the final_url * fix: none final_url * fix: exception handling * fix: exception handling * chore: remove unused imports * refactor: moved ip address check logic into separate function * fix: ValueError logic * [WEB-5667] fix: estimate value display in analytics makeplane#8448 * [WEB-5779] fix: handle loading state while fetching project cover image (makeplane#8419) * refactor: replace cover image handling with CoverImage component across profile and project forms * fix: extend CoverImage component to accept additional img props * Update apps/web/core/components/common/cover-image.tsx Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * fix: handle undefined cover image URL in ProfileSidebar component --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * [WEB-5782]chore: migrated modals to @plane/ui (makeplane#8420) * chore: migrated modal to @plane/ui * chore: fixed spacings * [WEB-5808] chore: sidebar project list enhancements (makeplane#8451) * chore: sidebar project list enhancements * chore: code refactor * chore: code refactor * [WEB-5324] refactor: add Unified OAuth Configuration and Missing Gitea Options (makeplane#8050) * refactor: add Unified OAuth Configuration and Missing Gitea Options - Replaced the AuthenticationModes component with a more streamlined implementation using AuthenticationMethodCard. - Removed obsolete authentication modes files from the codebase. - Enhanced the AuthRoot component to utilize the new OAuth configuration hook for better management of authentication options. - Updated type definitions for instance authentication modes to reflect the new structure. * refactor: update OAuth type imports and remove obsolete types - Replaced local type imports with centralized imports from @plane/types in core, extended, and index OAuth hooks. - Removed the now redundant types.ts file as its definitions have been migrated. - Enhanced type definitions for OAuth options to improve consistency across the application. * feat: add new Gitea logo and update OAuth icon imports to use standard HTML img tags * chore: remove unused authentication logos and upgrade button component * [WEB-5574]chore: notification card refactor (makeplane#8234) * chore: notification card refactor * chore: moved base activity types to constants package * [WEB-5804] refactor: decouple filter value types from filter configurations (makeplane#8441) * [WEB-5804] refactor: decouple filter value types from filter configurations Remove value type constraints from filter configurations to support operator-specific value types. Different operators can accept different value types for the same filter property, so value types should be determined at the operator level rather than the filter level. - Remove generic value type parameter from TFilterConfig - Update TOperatorConfigMap to accept union of all value types - Simplify filter config factory signatures across all filter types - Add forceUpdate parameter to updateConditionValue method * refactor: remove filter value type constraints from filter configurations Eliminate the generic value type parameter from filter configurations to allow for operator-specific value types. This change enhances flexibility by enabling different operators to accept various value types for the same filter property. - Updated TFilterConfig and related interfaces to remove value type constraints - Adjusted filter configuration methods and types accordingly - Refactored date operator support to align with the new structure * [WEB-5785]fix: favorites icon size makeplane#8449 * [WEB-5781]chore: removed info banner for preferences makeplane#8442 * [WEB-5809] refactor: tailwind config inline variables (makeplane#8437) * refactor: actions icon migration (makeplane#8219) * chore: gitignore updated * chore: check icon added to propel package * feat: search icon migration * chore: check icon migration * chore: plus icon added to propel package * chore: code refactor * chore: plus icon migration and code refactor * chore: trash icon added to propel package * chore: code refactor * chore: trash icon migration * chore: edit icon added to propel package * chore: new tab icon added to propel package * chore: edit icon migration * chore: newtab icon migration * chore: lock icon added to propel package * chore: lock icon migration * chore: globe icon added to propel package * chore: globe icon migration * chore: copy icon added to propel package * chore: copy icon migration * chore: link icon added to propel package * chore: link icon migration * chore: link icon migration * chore: info icon added to propel package * chore: code refactor * chore: code refactor * chore: code refactor * chore: code refactor * regression: red and green color backgrounds (makeplane#8456) * [WEB-5815] chore: removed the deleted states (makeplane#8457) * Typo: database extension error message (makeplane#8461) * [WEB-5179] chore: icon utils code refactor makeplane#8458 * [WEB-5790] feat: new email templates (makeplane#8423) * chore: remove unused get_client_ip import (makeplane#8453) Remove unused import `get_client_ip` from workspace/invite.py. Identified by ruff linter (F401 error). Signed-off-by: majiayu000 <1835304752@qq.com> * [WEB-5822] fix: migrate ImagePickerPopover to Propel Tabs component and render only enabled tabs makeplane#8290 - Replace custom tab implementation with Propel Tabs - Dynamically render only enabled tabs based on configuration - Filter tabs by isEnabled property for cleaner conditional rendering - Improve tab navigation and accessibility with Propel components * chore: navigation preference enhancements (makeplane#8468) * [WEB-5472] refactor: components of project creation flow (makeplane#8462) * [WEB-857] regression: image uploader error state makeplane#8471 * [WEB-4959]chore: refactor project member page makeplane#8464 * [WEB-5472] refactor: project form makeplane#8472 * migration: added webhook version, navigation related fields and allowed_rate_limit for APIToken (makeplane#8339) * migration: added version field in webhook * chore: add max_length * chore: added product tour fields * chore: updated the migration file * chore: removed the duplicated migration file * chore: added allowed_rate_limit for api_tokens * chore: changed key feature tour to product tour * chore: added is_subscribed_to_changelog field --------- Co-authored-by: NarayanBavisetti <narayan3119@gmail.com> * fix: correct spelling error in database.ts log message (makeplane#8452) Fix "convertion" -> "conversion" in error log message. Signed-off-by: majiayu000 <1835304752@qq.com> * [WEB-5598] refactor: streamline object creation in workspace seed task and improve error handling in workspace creation makeplane#8264 * chore: remove posthog events (makeplane#8465) * chore: remove posthog events * chore: remove event tracking * chore: lint errors * chore: minor changes based on comments * fix: type errors * Revert "[WEB-4959]chore: refactor project member page makeplane#8464" (makeplane#8476) This reverts commit c97e418. * chore: remove unused right sidebar component and clean up workspace member settings (makeplane#8477) * [WEB-5537]refactor: rename IssueUserProperty to ProjectUserProperty and update related references (makeplane#8206) * refactor: rename IssueUserProperty to ProjectUserProperty and update related references across the codebase * migrate: move issue user properties to project user properties and update related fields and constraints * refactor: rename IssueUserPropertySerializer and IssueUserDisplayPropertyEndpoint to ProjectUserPropertySerializer and ProjectUserDisplayPropertyEndpoint, updating all related references * fix: enhance ProjectUserDisplayPropertyEndpoint to handle missing properties by creating new entries and improve response handling * fix: correct formatting in migration for ProjectUserProperty model options * migrate: add migration to update existing non-service API tokens to remove workspace association * migrate: refine migration to update existing non-service API tokens by excluding bot users from workspace removal * chore: changed the project sort order in project user property * chore: remove allowed_rate_limit from APIToken * chore: updated user-properties endpoint for frontend * chore: removed the extra projectuserproperty * chore: updated the migration file * chore: code refactor * fix: type error --------- Co-authored-by: NarayanBavisetti <narayan3119@gmail.com> Co-authored-by: sangeethailango <sangeethailango21@gmail.com> Co-authored-by: vamsikrishnamathala <matalav55@gmail.com> Co-authored-by: Anmol Singh Bhatia <anmolsinghbhatia@plane.so> * [WIKI-826] chore: add unique id as key to logo selector (makeplane#8494) * [VPAT-50] chore(security): add X-Frame-Options header to nginx configuration to prevent clickjacking attacks (makeplane#8507) * [VPAT-50] chore(security): add X-Frame-Options header to nginx configuration to prevent clickjacking attacks * [SECURITY] chore: enhance nginx configuration with additional security headers * chore: updated migration file name (makeplane#8515) * chore(deps): react router upgraded * [WEB-5890] migration: added getting_started_checklist, tips, explored_feature fields on the workspace member table (makeplane#8489) * migration: added getting_started_checklist and tips field * fix: remove defaults and added explored_features field * fix: added user table migration * [WEB-5907] fix: magic code sign-in at Space app. makeplane#8552 * [WIKI-735] fix: table insert handle z-index makeplane#8545 * [WEB-5898] chore: update tailwind config makeplane#8516 * chore(deps): bump lodash-es in the npm_and_yarn group across 1 directory (makeplane#8573) Bumps the npm_and_yarn group with 1 update in the / directory: [lodash-es](https://github.com/lodash/lodash). Updates `lodash-es` from 4.17.21 to 4.17.23 - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.21...4.17.23) --- updated-dependencies: - dependency-name: lodash-es dependency-version: 4.17.23 dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * [WEB-5845] chore: changing description field to description json (makeplane#8230) * chore: migrating description to description json * chore: replace description with description_json * chore: updated migration file * chore: updated the migration file * chore: added description key in external endpoint * chore: updated the migration file * chore: updated the typo --------- Co-authored-by: Aaryan Khandelwal <aaryankhandu123@gmail.com> * chore: fix typos in comments (makeplane#8553) * [GIT-61] chore: allow .md files to be uploaded (makeplane#8571) * chore: allow .md files to be uploaded * chore: allow .md files to be uploaded * [WEB-5860] [WEB-5861] [WEB-5862] style: improved settings interface (makeplane#8520) * style: improved profile settings * chore: minor improvements * style: improved workspace settings * style: workspace settings content * style: improved project settings * fix: project settings flat map * chore: add back navigation from settings pages * style: settings content * style: estimates list * refactor: remove old code * refactor: removed unnecessary line breaks * refactor: create a common component for page header * chore: add fade-in animation to sidebar * fix: formatting * fix: project settings sidebar header * fix: workspace settings sidebar header * fix: settings content wrapper scroll * chore: separate project settings features * fix: formatting * refactor: custom theme selector * refactor: settings headings * refactor: settings headings * fix: project settings sidebar padding * fix: sidebar header padding * fix: sidebar item permissions * fix: missing editable check * refactor: remove unused files * chore: remove unnecessary code * chore: add missing translations * fix: formatting * [GIT-45] fix: allow markdown file attachments (makeplane#8524) * fix: allow markdown file attachments - Add text/markdown to ATTACHMENT_MIME_TYPES - Fixes issue where .md files were rejected with 'Invalid file type' error * added the support for frontend mime type too * fix: node view renders (makeplane#8559) * fix node renders * fix handlers * fix: duplicate id * fix: pdf export (makeplane#8564) * feat: pdf export * fix: tests * fix: tests --------- Co-authored-by: sriram veeraghanta <veeraghanta.sriram@gmail.com> * migration: back migrate all product tour fields to set true (makeplane#8575) * [GIT-66] improvement: prevent disabling last enabled authentication method (makeplane#8570) * fully translated into Ukrainian language (makeplane#8579) * chore: add copyright (makeplane#8584) * feat: adding new copyright info on all files * chore: adding CI * fix: module percentage calculation (makeplane#8595) * fix: file fomatting * [SECUR-113] fix: ssrf for work item links (makeplane#8607) * [SECUR-104] fix: Arbitrary Modification of API Token Rate Limits#8612 * chore(deps): upgrade django version * [WEB-6058] chore : add logic to handle save#8614 * chore(deps): update the node pacakges * fix: type fix for description payload (makeplane#8619) * fix: type fix * fix: duplicate type fix * chore(deps): update lodash package * [WEB-6149] migration: change estimate point key max value to 50 makeplane#8620 * fix: remove ee folder from web (makeplane#8622) * chore: merge constants and services (makeplane#8623) * fix: remove constants and services * fix: formatting * fix: types check * chore: merge helpers and layouts (makeplane#8624) * fix: remove constants and services * fix: formatting * chore: merge helpers and layouts * fix: workspace disbale flag handling * chore(deps): bump cryptography (makeplane#8625) Bumps the pip group with 1 update in the /apps/api/requirements directory: [cryptography](https://github.com/pyca/cryptography). Updates `cryptography` from 44.0.1 to 46.0.5 - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@44.0.1...46.0.5) --- updated-dependencies: - dependency-name: cryptography dependency-version: 46.0.5 dependency-type: direct:production dependency-group: pip ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * style: update ASCII art in install script header (makeplane#8628) * [WEB-6038] fix: work item empty title flicker makeplane#8618 * fix: workitem description input inital load (makeplane#8617) * [WEB-6137] fix: work item peek view outside click makeplane#8610 * [SECUR-105] fix: csv injection vulnerability sanitization makeplane#8611 * [WIKI-877] fix: order of this dropdown options in pages makeplane#8563 * [WEB-5899]fix: project sort order (makeplane#8530) * fix: project sort order * chore: updated queryset for sort_order * chore: admin folder structure (makeplane#8632) * chore: admin folder structure * fix: copy right check and formatting * fix: types * i18n(ru): expand Russian translation coverage (makeplane#8603) Added missing translations for: - Profile preferences (language, timezone settings) - Account settings sections (preferences, notifications, security, api-tokens, activity) - Workspace settings (billing, exports, webhooks headings/descriptions) - Project settings (states, labels, estimates, automations headings/descriptions) - Power-K command palette (contextual actions, navigation, creation, preferences, help) - Sidebar elements (stickies, your_work, pin/unpin) - Common actions (copy_markdown, overview) - Navigation customization options * chore(deps): update axios dependency * [GIT-57 | WEB-5912] fix: app sidebar ux and responsiveness (makeplane#8560) * fix: project extended sidebar accordion ux * fix: app sidebar mobile responsiveness ux * chore: code refactor * refactor: table drag preview using decorations (makeplane#8597) * refactor: table drag preview using decorations * fix: history meta for table drag state * [WEB-5884] chore: layout loader enhancements makeplane#8500 * [WEB-1201] chore: dropdown options hierarchy improvements (makeplane#8501) * chore: sortBySelectedFirst and sortByCurrentUserThenSelected utils added * chore: members dropdown updated * chore: module dropdown updated * chore: project and label dropdown updated * chore: code refactor * [GIT-44] refactor(auth): add PASSWORD_TOO_WEAK error code (makeplane#8522) * refactor(auth): add PASSWORD_TOO_WEAK error code and update related error handling in password change flow * fix(auth): update import to use type for EAuthenticationErrorCodes in security page * Update apps/web/app/(all)/profile/security/page.tsx Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update apps/web/app/(all)/[workspaceSlug]/(settings)/settings/account/security/page.tsx Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * refactor: updated auth error exception accross zxcvbn usages * fix: improve error handling for password strength validation and update error messages * i18n(ru): update Russian translations for stickies and automation description Added translation for 'stickies' and improved formatting of the automation description in Russian locale. --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update translations.ts: issue-artifacts discoverd (makeplane#7979) * [WEB-5873] fix: user avatar ui consistency (makeplane#8495) * fix: user avatar ui consistency * chore: code refactor * [SILO-820] fix: update serializer for module detail API endpoint to use ModuleUpdateSerializer (makeplane#8496) * [VPAT-51] fix: update workspace invitation flow to use token for validation makeplane#8508 - Modified the invite link to include a token for enhanced security. - Updated the WorkspaceJoinEndpoint to validate the token instead of the email. - Adjusted the workspace invitation task to generate links with the token. - Refactored the frontend to handle token in the invitation process. Co-authored-by: sriram veeraghanta <veeraghanta.sriram@gmail.com> * [WEB-5871] chore: added intake count for projects (makeplane#8497) * chore: add intake_count in project list endpoint * chore: sidebar project navigation intake count added * fix: filter out closed intake issues in the count * chore: code refactor * chore: code refactor * fix: filter out deleted intake issues --------- Co-authored-by: Anmol Singh Bhatia <anmolsinghbhatia@plane.so> * [WEB-5829] fix: Intake open work count (makeplane#8547) * fix: open intake count at sidebar header * chore: reverted inbox store arguments to core store * fix: intake count update * [WEB-5863] fix: estimate point input validation makeplane#8492 Co-authored-by: sriram veeraghanta <veeraghanta.sriram@gmail.com> * [VPAT-55] chore(security): implement input validation across authentication and workspace forms (makeplane#8528) * chore(security): implement input validation across authentication and workspace forms - Add OWASP-compliant autocomplete attributes to all auth input fields - Create centralized validation utilities blocking injection-risk characters - Apply validation to names, display names, workspace names, and slugs - Block special characters: < > ' " % # { } [ ] * ^ ! - Secure sensitive input fields across admin, web, and space apps * chore: add missing workspace name validation to settings and admin forms * feat: enhance validation regex for international names and usernames - Updated regex patterns to support Unicode characters for person names, display names, company names, and slugs. - Improved validation functions to block injection-risk characters in names and slugs. * [VPAT-16] improvement: add file validation to prevent malicious uploads makeplane#8493 Add client-side checks for double extensions, dangerous file types, dot files, and path traversal patterns. Addresses security audit recommendations for file upload validation. * [WEB-5827] fix: persist external cover image URLs (Unsplash) in project updates makeplane#8482 * [VPAT-27] chore(security): disable autocomplete on sensitive input fields makeplane#8517 Disable autocomplete on authentication and security-related forms to prevent browsers from storing sensitive credentials. This affects sign-in, password reset, account security, and onboarding forms across admin, web, and space apps. Modified components: - Auth forms (email, password, unique code, forgot/reset/set password) - Account security pages - Instance setup and profile onboarding - Shared UI components (auth-input, password-input) * [WEB-5917] fix: generate clean plain text from HTML email template makeplane#8535 * [WEB-5878] chore: add validation for project name/identifier for special characters (makeplane#8529) * chore: update ProjectSerializer to raise validation for special characters in name and identifier * chore: update external endpoints * fix: external api serializer validation * update serializer to send error code * fix: move the regex expression to Project model * [WEB-6194]migration: added archived_at in IssueView makeplane#8641 * migration: added archived_at in IssueView * fix: lint * fix: IDOR Vulnerabilities in Asset & Attachment Endpoints (makeplane#8644) * fix: idor issues in project assets and issue attachements * fix: comments * fix: Member Information Disclosure via Public Endpoint makeplane#8646 * chore: Add forum link and remove discord link on readme (makeplane#8655) * Update README to remove Discord and add Forum link Removed Discord badge and replaced Releases link with Forum link. * Fix forum link in README.md * fix: Update healthcheck endpoint in Dockerfile to target /spaces/ path (makeplane#8674) * Change Dependabot update interval from weekly to daily * [WIKI-887] fix: add scroll in heading layout (makeplane#8596) * fix: add scroll in heading layout * chore: remove visible scroll bar * fix :format * chore: fix outline scroll * chore: fix format * chore: fix translation --------- Co-authored-by: Aaryan Khandelwal <aaryankhandu123@gmail.com> * fix: merge lists in editor (makeplane#8639) * chore: replace prettier with oxfmt (makeplane#8676) * fix: replace eslint with oxlint (makeplane#8677) * fix: replace eslint with oxlint * chore: adding max warning * fix: formatting * chore(deps): minimatch and rollup package vulnerabilities (makeplane#8675) * fix: package updates * fix: package upgrades * fix: minimatch package vulnerabilities * fix: ajv package vulnerabilities * fix: lint * fix: format * [SILO-1028] feat: Project Summary external API (makeplane#8661) * add project summary endpoint * update response structure * [WIKI-852] chore: update page version save logic (makeplane#8440) * chore: updated the logic for page version task * chore: updated the html variable * chore: handled the exception * chore: changed the function name * chore: added a custom variable * [WEB-5225] feat: enhance authentication logging with detailed error and info message (makeplane#7998) * feat: enhance authentication logging with detailed error and info messages - Added logging for various authentication events in the Adapter and its subclasses, including email validation, user existence checks, and password strength validation. - Implemented error handling for GitHub OAuth email retrieval, ensuring proper logging of unexpected responses and missing primary emails. - Updated logging configuration in local and production settings to include a dedicated logger for authentication events. * chore: address copilot comments * chore: addressed some additional comments * chore: update log * fix: lint * [WEB-6420] chore: migrate community references from Discord to Forum (makeplane#8657) * chore: replace Discord references with Forum links * chore: migrate help and community CTAs from Discord to Forum * refactor: replace Discord icons with lucide MessageSquare * chore: rename Discord labels and keys to Forum * chore: remove obsolete Discord icon component * chore: update Discord references to Forum in templates * chore: code refactoring * fix: dependabot and codeql CI * fix: disable react-in-jsx-scope rule in oxlint config (makeplane#8682) After makeplane#8677 replaced ESLint with OxLint, the react-in-jsx-scope rule was not disabled. This causes all commits touching JSX files to fail the pre-commit hook (oxlint --deny-warnings). React 17+ uses automatic JSX runtime so explicit React imports are not required. Fixes makeplane#8681 * chore: space folders (makeplane#8707) * chore: change the space folders structure * fix: format * chore(deps): django version upgrade * [GIT-40]fix: apply sub-issue display filter when adding work items makeplane#8534 * [WEB-5606] fix: work item preview word break makeplane#8537 * [WIKI-892] fix: description input component re-render makeplane#8600 * [WIKI-785] refactor: editor markdown handler makeplane#8546 * [WEB-5911] fix: error outline button text color makeplane#8531 * [SECUR-116] fix: ssrf webhook url for ip address makeplane#8716 * [WEB-6420] chore: self-host social icons in project invitation email (makeplane#8718) * chore: add self-hosted social icon assets for email templates * chore: pass current_site to project invitation email context * chore: replace mailinblue CDN icons with self-hosted static assets * feat: Complete Agent and Worktrees modules - Add Agent CRUD API and frontend - Add Worktrees page with CRUD - Add extended routes for /agents and /worktrees - Add custom sidebar navigation --------- Signed-off-by: majiayu000 <1835304752@qq.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: pratapalakshmi <137189067+pratapalakshmi@users.noreply.github.com> Co-authored-by: b-saikrishnakanth <130811169+b-saikrishnakanth@users.noreply.github.com> Co-authored-by: Nikhil <118773738+pablohashescobar@users.noreply.github.com> Co-authored-by: Vamsi Krishna <46787868+vamsikrishnamathala@users.noreply.github.com> Co-authored-by: Vipin Chaudhary <VipinChaudhary1809@gmail.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: sriram veeraghanta <veeraghanta.sriram@gmail.com> Co-authored-by: Dheeraj Kumar Ketireddy <dheeraj.ketireddy@plane.so> Co-authored-by: Anmol Singh Bhatia <121005188+anmolsinghbhatia@users.noreply.github.com> Co-authored-by: Aaron <lifeiscontent@users.noreply.github.com> Co-authored-by: M. Palanikannan <73993394+Palanikannan1437@users.noreply.github.com> Co-authored-by: pushya22 <130810100+pushya22@users.noreply.github.com> Co-authored-by: Pushya Mitra Thiruvooru <pushya@Pushyas-MacBook-Pro.local> Co-authored-by: Aaryan Khandelwal <65252264+aaryan610@users.noreply.github.com> Co-authored-by: Jayash Tripathy <76092296+JayashTripathy@users.noreply.github.com> Co-authored-by: gakshita <akshitagoyal1516@gmail.com> Co-authored-by: Palanikannan M <akashmalinimurugu@gmail.com> Co-authored-by: Prateek Shourya <prateekshourya29@gmail.com> Co-authored-by: b-saikrishnakanth <bsaikrishnakanth97@gmail.com> Co-authored-by: Henit Chobisa <chobisa.henit@gmail.com> Co-authored-by: Sangeetha <sangeethailango21@gmail.com> Co-authored-by: Anmol Singh Bhatia <anmolsinghbhatia@plane.so> Co-authored-by: Bavisetti Narayan <72156168+NarayanBavisetti@users.noreply.github.com> Co-authored-by: Shaikh Naasir <yoursdeveloper@protonmail.com> Co-authored-by: lif <1835304752@qq.com> Co-authored-by: NarayanBavisetti <narayan3119@gmail.com> Co-authored-by: vamsikrishnamathala <matalav55@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Aaryan Khandelwal <aaryankhandu123@gmail.com> Co-authored-by: yy <yhymmt37@gmail.com> Co-authored-by: punto <119956578+AshrithSathu@users.noreply.github.com> Co-authored-by: Ship it <161483884+vcscroll@users.noreply.github.com> Co-authored-by: Akshat Jain <akshatjain9782@gmail.com> Co-authored-by: stelmsk <151884118+stelmsk@users.noreply.github.com> Co-authored-by: Cornelius <70640137+conny3496@users.noreply.github.com> Co-authored-by: Vihar Kurama <vihar.kurama@gmail.com> Co-authored-by: Saurabh Kumar <70131915+Saurabhkmr98@users.noreply.github.com> Co-authored-by: darkingtail <51188676+darkingtail@users.noreply.github.com> Co-authored-by: Claude Code <claude@anthropic.com>
Description
This PR update the image handling and clipboard functionality in the editor, as well as a minor fix to remove workspace specific check in the backend asset lookup logic for duplication.
Type of Change
Screenshots and Media (if applicable)
Test Scenarios
References
Summary by CodeRabbit
New Features
Bug Fixes
Chores
✏️ Tip: You can customize this high-level summary in your review settings.