feat(frontier): add AddOrganizationMembers RPC#469
feat(frontier): add AddOrganizationMembers RPC#469whoAbhishekSah wants to merge 2 commits intomainfrom
Conversation
…xplicit roles
AddOrganizationUsers lacks a role parameter and hardcodes the default
viewer role. AddOrganizationMembers accepts a list of {user_id, role_id}
pairs so callers can specify the role at add time. Returns per-member
success/error results for partial failure handling.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
The latest Buf updates on your PR. Results from workflow Validate / validate (pull_request).
|
|
Warning Rate limit exceeded
Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 12 minutes and 16 seconds. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
📝 WalkthroughWalkthroughThe pull request adds a new RPC method Suggested reviewers
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@raystack/frontier/v1beta1/frontier.proto`:
- Around line 1616-1620: OrgMemberResult is ambiguous because requests are keyed
by {user_id, role_id} but the response only returns user_id; update the response
shape to include the role identifier so results can be correlated to the
original request entries. Modify the OrgMemberResult message (e.g., add a string
role_id field or an index field) and ensure any code that constructs
OrgMemberResult (handlers that populate OrgMemberResult) sets this new field so
clients can reliably map success/error back to the specific {user_id, role_id}
pair.
- Around line 1602-1605: The AddOrganizationMembersRequest message's members
field currently allows empty and unbounded lists—add Buf validation constraints
to enforce a minimum of 1 item and a bounded maximum; update the members field
(in the AddOrganizationMembersRequest message) to include
(buf.validate.field).repeated.min_items = 1 and set
(buf.validate.field).repeated.max_items = 10 (or change to 20 if the team agrees
on a larger batch size) so it matches other bulk operation patterns—confirm the
final max_items with the team and apply that value.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 8e72736a-3b52-49de-ba1f-b774f5f06c1b
📒 Files selected for processing (1)
raystack/frontier/v1beta1/frontier.proto
| message AddOrganizationMembersRequest { | ||
| string org_id = 1 [(buf.validate.field).string.uuid = true]; | ||
| repeated OrgMemberEntry members = 2; | ||
| } |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
rg -n --type=proto '\(buf\.validate\.field\)\.repeated\s*=\s*\{' raystack/frontier/v1beta1/frontier.proto -C2Repository: raystack/proton
Length of output: 88
🏁 Script executed:
# Read the actual code at the specified lines
cat -n raystack/frontier/v1beta1/frontier.proto | sed -n '1600,1615p'Repository: raystack/proton
Length of output: 601
🏁 Script executed:
# Search for repeated field validation patterns in proto files (no -t filter)
rg -n 'repeated.*\(buf\.validate\.field\)' raystack/frontier/v1beta1/frontier.proto -A2Repository: raystack/proton
Length of output: 750
🏁 Script executed:
# Search for max_items and min_items patterns in the proto file
rg -n '(min_items|max_items)' raystack/frontier/v1beta1/frontier.proto -B2 -A2Repository: raystack/proton
Length of output: 1923
🏁 Script executed:
# Look for similar bulk operation patterns (e.g., AddOrganization* or *MembersRequest)
rg -n 'repeated.*Entry|repeated.*Request' raystack/frontier/v1beta1/frontier.proto | head -30Repository: raystack/proton
Length of output: 582
Add cardinality constraints to members field.
Line 1604 currently allows empty and unbounded member lists. The codebase enforces min_items: 1 on all similar bulk operations (e.g., BatchCheckPermissionRequest, PreferenceRequestBody patterns). Add the same constraint here.
For max_items, existing patterns show 20 (permission checks) or 10 (other operations). Confirm the appropriate max batch size with the team, then apply the constraint.
Proposed contract update
message AddOrganizationMembersRequest {
string org_id = 1 [(buf.validate.field).string.uuid = true];
- repeated OrgMemberEntry members = 2;
+ repeated OrgMemberEntry members = 2 [(buf.validate.field).repeated = {
+ min_items: 1
+ max_items: <confirm with team>
+ }];
}🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@raystack/frontier/v1beta1/frontier.proto` around lines 1602 - 1605, The
AddOrganizationMembersRequest message's members field currently allows empty and
unbounded lists—add Buf validation constraints to enforce a minimum of 1 item
and a bounded maximum; update the members field (in the
AddOrganizationMembersRequest message) to include
(buf.validate.field).repeated.min_items = 1 and set
(buf.validate.field).repeated.max_items = 10 (or change to 20 if the team agrees
on a larger batch size) so it matches other bulk operation patterns—confirm the
final max_items with the team and apply that value.
whoAbhishekSah
changed the title
This is a superadmin-only operation. Move from FrontierService to AdminService where authorization checks IsSuperUser. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
1 participant
Summary
AddOrganizationMembersRPC that accepts a list of{user_id, role_id}pairs with UUID validation{user_id, success, error}results for partial failure handlingAddOrganizationUserswhich lacks a role parameter and hardcodes the default viewer roleExample
Request
{ "org_id": "a9a62b93-ae6f-4aba-9c32-73281c49da73", "members": [ { "user_id": "998d7ebe-cd2c-4f0c-a560-7dd2a7d1a62c", "role_id": "e57e1ba4-21fd-43a4-8aca-aa560afb32cf" }, { "user_id": "6a51c542-7ca9-4b23-8709-74145013d919", "role_id": "afe94f10-1508-4379-88b1-2c328cb2b769" } ] }Response
{ "results": [ { "user_id": "998d7ebe-cd2c-4f0c-a560-7dd2a7d1a62c", "success": true, "error": "" }, { "user_id": "6a51c542-7ca9-4b23-8709-74145013d919", "success": false, "error": "principal is already a member of this resource" } ] }🤖 Generated with Claude Code