Conversation
…re infinite loop Antd's Typography.Paragraph/Text components use internal EllipsisMeasure with useLayoutEffect that enters infinite setState loops during client-side navigation when layout shifts (Dashboard unmount + Workspace mount in same React commit). Replaced all Typography in Workspace.tsx and TranslationEditor.tsx with plain HTML elements (div, span, code).
…mports) and format with prettier
The POST /api/invitations endpoint returned 500 because datetime.now(timezone.utc) produced a tz-aware datetime incompatible with the TIMESTAMP WITHOUT TIME ZONE column. Switched to datetime.utcnow() to match the DB schema
Vite picks the next free port (5173→5174→5175...), so hardcoded origins break. Use allow_origin_regex for localhost/127.0.0.1 on any port by default. In prod, set CORS_ORIGINS env var to disable regex and use explicit origins only
- Add CORS_ORIGIN_REGEX to allow any localhost port (Vite auto-increments) - Disable redirect_slashes to prevent 307→cross-origin redirect losing Auth header - Fix duplicate /api prefix in 15+ frontend API calls (/api/v1/api/... → /api/v1/...)
Fix trailing slash mismatch causing 404 on /users/ endpoint (backend has redirect_slashes=false). Add status filter and regenerate endpoint to invitations API. Replace flat invitation list with Pending/Expired segmented view and regenerate support for expired invitations.
Summary of ChangesHello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request delivers substantial improvements to both the backend and frontend of the application. It focuses on bolstering security and administrative control through enhanced CORS configuration and detailed audit logging. Furthermore, it introduces greater flexibility in project setup with custom configurations and significantly expands the frontend's capabilities by adding dedicated sections for glossary management and annotation review, alongside numerous UI refinements. Highlights
🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console. Changelog
Activity
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces a significant number of features and refactorings across both the backend and frontend. Key additions include comprehensive audit logging, enhanced user and invitation management with status filtering and regeneration, and new dedicated pages for project glossary and annotation review. The frontend has been refactored to use a Vite proxy for development, and many components have been improved for better performance and accessibility.
My review found a few areas for improvement:
- The use of the deprecated
datetime.utcnow()should be replaced with the timezone-awaredatetime.now(timezone.utc). - The
@playwright/testdependency should be moved todevDependencies. - A leftover debug comment was found in the workspace component.
Overall, this is a substantial and well-executed update that greatly enhances the application's functionality and maintainability.
| } | ||
|
|
||
| // --- Desktop layout: 3 columns --- | ||
| // DEBUG: only task list panel |
There was a problem hiding this comment.
This debug comment should be removed before merging the pull request.
…ions - Remove trailing slashes from test URLs (redirect_slashes=False means /api/v1/projects/ doesn't match /api/v1/projects) - Make audit log_audit() session factory overridable so tests use SQLite instead of trying to connect to PostgreSQL
Replace confusing 3-tier RBAC (ADMIN/MANAGER/USER global + MANAGER/MEMBER project) with clean 2-tier system: ADMIN/USER global + MANAGER/EDITOR project roles. All project endpoints now require membership verification, fixing 15+ unprotected routes. Add anti-self-modification, ADMIN-only MANAGER assignment, pending imports for non-admin managers, and frontend route guards via ProjectContext.
Add my_role to project list API response so the frontend can conditionally show/hide Settings based on the caller's project role
- Backend: add role checks in update_project_member and remove_project_member to block non-admin users from demoting or removing MANAGER-role members - Frontend: hide Manager role option in selects for non-admins, disable ole change and remove buttons for MANAGER rows when user is not admin
…a development dependency
There was a problem hiding this comment.
Code Review
This pull request introduces a comprehensive Role-Based Access Control (RBAC) system, replacing the previous boolean is_admin flag with GlobalRole and RoleProject enums, and defining granular ProjectPermission levels. This required extensive updates across backend routers to integrate new permission classes (RequireAdmin, RequireProjectMember, etc.) and audit logging for key actions like user setup, registration, login, project creation/deletion, and member management. A new PendingImport model and associated endpoints were added to enable a review process for project data imports by non-admin managers. The frontend was updated to reflect these RBAC changes, including dynamic menu items, project settings permissions, and a new project glossary page. Additionally, the frontend's theme management was simplified to remove 'auto' mode, and Playwright test dependencies were correctly moved to devDependencies.
| "@types/react-dom": "^19.1.9", | ||
| "@typescript-eslint/parser": "^8.46.0", | ||
| "@vitejs/plugin-react": "^5.0.4", | ||
| "@playwright/test": "^1.58.2", |
There was a problem hiding this comment.
The @playwright/test package is for end-to-end testing and should be a devDependency, not a production dependency. Including it in dependencies can unnecessarily increase the size of the final production build. Please move this to the devDependencies section.
…ld error in CommandPalette.tsx by renaming styles.content to styles.container
…HTML with antd - Rename types/domain.ts → types/index.ts and update all imports - Add try/finally to authStore login/register/setup so isLoading resets on error - Wrap post-await MobX mutations in runInAction() - Extract backend detail field in toUserError() for specific error messages - Replace raw div/main elements with antd Flex components in auth pages
…colors - Add theme="light" to Sider for theme-aware sidebar background - Override headerBg/bodyBg via ConfigProvider Layout component tokens - Replace hardcoded white text in Dashboard stats with Typography.Text - Extract static styles into SCSS modules for AppLayout and AppHeader
Add theme="light" to Sider, override headerBg/bodyBg in ConfigProvider, replace hardcoded white Dashboard stats text with Typography.Text. Add global SCSS reset/variables structure and SCSS modules for layout components.
1 participant
No description provided.