ldraney/pal-e-app
Archived
1
0
Fork 0
Code Issues 17 Pull requests 4 Projects Releases Packages Wiki Activity Actions

Scoped sidebar — only show projects user has permission for #100

New issue
Open
opened 2026-03-30 22:10:11 +00:00 by forgejo_admin · 0 comments
forgejo_admin commented 2026-03-30 22:10:11 +00:00
Contributor
Copy link

Type

Feature

Lineage

Depends on API permission filtering (pal-e-api issue).

Repo

forgejo_admin/pal-e-production

User Story

As a stakeholder
I want to see only the projects and boards assigned to me in the sidebar
So that I'm not overwhelmed

Context

The pal-e-app sidebar currently shows all projects from the API. Once the API filters by UserProjectPermission, the sidebar will naturally show only permitted projects. However, the frontend may need adjustments to handle the reduced project list gracefully and ensure navigation works for scoped users.

File Targets

Files to modify:

  • src/routes/+layout.svelte — sidebar project list (already filters by API response)
  • src/lib/api-client.ts — ensure Bearer token is sent on all project/board requests

Files NOT to touch:

  • Block renderer components — unrelated to permissions

Acceptance Criteria

  • Sidebar shows only projects the user has permission for
  • Board list page shows only boards from permitted projects
  • Notes list shows only notes from permitted projects + public notes
  • No errors when user has zero project permissions (empty state)

Test Expectations

  • E2E test: login as scoped user, verify sidebar content
  • Run command: npm run test:e2e

Constraints

  • No client-side permission logic — trust the API response
  • Existing unauthenticated view must still work

Checklist

  • PR opened
  • Tests pass
  • No unrelated changes

Related

  • project-pal-e-app
  • arch-dataflow-pal-e-app
### Type Feature ### Lineage Depends on API permission filtering (pal-e-api issue). ### Repo `forgejo_admin/pal-e-production` ### User Story As a stakeholder I want to see only the projects and boards assigned to me in the sidebar So that I'm not overwhelmed ### Context The pal-e-app sidebar currently shows all projects from the API. Once the API filters by UserProjectPermission, the sidebar will naturally show only permitted projects. However, the frontend may need adjustments to handle the reduced project list gracefully and ensure navigation works for scoped users. ### File Targets Files to modify: - `src/routes/+layout.svelte` — sidebar project list (already filters by API response) - `src/lib/api-client.ts` — ensure Bearer token is sent on all project/board requests Files NOT to touch: - Block renderer components — unrelated to permissions ### Acceptance Criteria - [ ] Sidebar shows only projects the user has permission for - [ ] Board list page shows only boards from permitted projects - [ ] Notes list shows only notes from permitted projects + public notes - [ ] No errors when user has zero project permissions (empty state) ### Test Expectations - [ ] E2E test: login as scoped user, verify sidebar content - Run command: `npm run test:e2e` ### Constraints - No client-side permission logic — trust the API response - Existing unauthenticated view must still work ### Checklist - [ ] PR opened - [ ] Tests pass - [ ] No unrelated changes ### Related - `project-pal-e-app` - `arch-dataflow-pal-e-app`
Commenting is not possible because the repository is archived.
No Branch/Tag specified
Branches Tags
main
110-revert-rename
107-feat-extractboardcontext-slug-extraction
104-board-html-content
226-fix-wget-auth
No results found.
Labels
Clear labels   
domain:backend

   
domain:devops

   
domain:frontend
No labels
domain:backend
domain:devops
domain:frontend
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
ldraney/pal-e-app#100
No description provided.