Harvester-role Review Entries with project setting

[Copilot]

Allows Harvesters limited access to Review Entries when enabled by an Administrator via a new project setting (off by default). Harvesters can update pronunciations and flags but cannot edit or delete entries.

Backend

• Added HarvesterReviewEntriesEnabled (OffOnSetting, default Off) to Project model (constructor + Clone())

Frontend — Types & API

• Added harvesterReviewEntriesEnabled: OffOnSetting to the generated Project interface and newProject() factory

Feature Behavior

• Nav bar: Data Cleanup button shown to Harvesters when harvesterReviewEntriesEnabled === On (detected by having WordEntry but not MergeAndReviewEntries permission)
• Goal Timeline: Harvesters with the setting enabled see only the Review Entries goal option
• Review Entries table: Edit and Delete columns conditionally excluded for Harvesters; Pronunciations and Flag columns remain fully functional

Project Settings

• New ProjectHarvesterReviewEntries component (On/Off select with tooltip) added to the Basic Settings tab, visible only to Administrators
• Setting.HarvesterReviewEntries added to the settings enum and test helper maps

Documentation

• project.md: Updated Harvester role description; added Harvester Review Entries setting section
• goals.md: Added note on Harvester-limited Review Entries access

---

This change is 

Summary by CodeRabbit

• New Features

  • Added "Harvester Review Entries" project setting toggle to control conditional access for Harvesters to Review Entries functionality.
  • Harvesters can now update pronunciations and flags in Review Entries when the setting is enabled, with Edit and Delete columns restricted.

• Documentation

  • Updated user guide to explain the new "Harvester Review Entries" setting and its impact on Harvester role capabilities.

• Tests

  • Enhanced test coverage for new project setting and permission-based feature access.

[github-actions]

⚠️ Commit Message Format Issues ⚠️
commit 4309ebc10e:
3: B1 Line exceeds max length (100>80): "Agent-Logs-Url: https://github.com/sillsdev/TheCombine/sessions/d3a2f77a-33cf-42be-a1b3-7f658daa7f95"

[imnasnainaec]

Claude's analysis of the permissions for this pr:

Backend Controller Permission Changes Needed

Root cause

The branch allows Harvesters (who have only WordEntry) to access the ReviewEntries goal. When a Harvester starts that goal, the frontend calls three UserEditController endpoints that currently gate on MergeAndReviewEntries — which Harvesters don't have. This causes 403s.

What doesn't need changing

Controller	Permission	Status
WordController (all endpoints)	WordEntry	✓ Harvesters already allowed
SpeakerController getAllSpeakers	WordEntry	✓ Already allowed
ProjectController GetProject	WordEntry	✓ Already allowed
MergeController (all)	MergeAndReviewEntries	✓ Correct — ReviewEntries doesn't use merge ops

Three changes needed in UserEditController.cs

Endpoint	Line	Current	Proposed
CreateUserEdit (POST)	82	MergeAndReviewEntries	WordEntry
UpdateUserEditGoal (POST /{id})	125	MergeAndReviewEntries	WordEntry
UpdateUserEditStep (PUT /{id})	159	MergeAndReviewEntries	WordEntry

These three are used by the goal-tracking machinery any time a user starts or saves progress on a goal. Harvesters need them to track their ReviewEntries sessions.

Project-setting enforcement

The HarvesterReviewEntriesEnabled setting is currently enforced frontend-only (NavigationButtons hides the Data Cleanup button from Harvesters when it's Off). That's the existing pattern for other project settings (e.g., AutocompleteSetting, DefinitionsEnabled) — they're not enforced in controllers either. Staying consistent with that pattern is fine here.

Open question

The HasProjectPermission check in PermissionService is role-based only. If you ever want backend enforcement of HarvesterReviewEntriesEnabled, UserEditController would need IProjectRepository injected to load and check the project setting. Worth deciding whether that level of defense-in-depth is in scope for this branch before implementing.

[codecov]

Codecov Report

❌ Patch coverage is 93.93939% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 75.95%. Comparing base (ebb4232) to head (2e925d3).

Files with missing lines	Patch %	Lines
.../ProjectSettings/ProjectHarvesterReviewEntries.tsx	66.66%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #4260      +/-   ##
==========================================
+ Coverage   75.93%   75.95%   +0.02%     
==========================================
  Files         303      304       +1     
  Lines       11352    11372      +20     
  Branches     1404     1405       +1     
==========================================
+ Hits         8620     8638      +18     
- Misses       2330     2332       +2     
  Partials      402      402              

Flag	Coverage Δ
backend	87.22% <100.00%> (+<0.01%)	⬆️
frontend	66.85% <92.59%> (+0.05%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[imnasnainaec]

@coderabbitai full review

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 045fde26-ced4-49bc-a70c-92735cb9eef7

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• ✅ Review completed - (🔄 Check again to review again)

📝 Walkthrough

Walkthrough

This PR implements a new "Harvester Review Entries" feature that allows project administrators to conditionally grant Harvesters limited access to Review Entries functionality. The implementation spans backend model changes, frontend UI controls, permission gating logic, and documentation updates.

Changes

Harvester Review Entries Feature

Layer / File(s)	Summary
Backend Project Model and Persistence Backend/Models/Project.cs, Backend/Repositories/ProjectRepository.cs, Backend.Tests/Models/ProjectTests.cs	HarvesterReviewEntriesEnabled property is added to Project with BSON mapping, initialized to Off in the constructor, copied in Clone(), and persisted in MongoDB update operations. Test includes the property in clone equality checks.
Frontend API Model and Factory src/api/models/project.ts, src/types/project.ts	TypeScript Project interface mirrors the backend harvesterReviewEntriesEnabled: OffOnSetting property, and newProject factory initializes it to OffOnSetting.Off.
Project Settings UI Component src/components/ProjectSettings/ProjectHarvesterReviewEntries.tsx, src/components/ProjectSettings/index.tsx, src/components/ProjectSettings/tests/SettingsTabTypes.ts, public/locales/en/translation.json	New ProjectHarvesterReviewEntries dropdown component with RTL/LTR-aware tooltip is integrated into the Basic settings tab behind Permission.DeleteEditSettingsAndUsers, with test fixtures and English localization added.
Backend User-Edit Permission Changes Backend/Controllers/UserEditController.cs	Three endpoints (CreateUserEdit, UpdateUserEditGoal, UpdateUserEditStep) now require Permission.WordEntry instead of Permission.MergeAndReviewEntries for authorization.
Navigation Cleanup Tab Permission Gating src/components/AppBar/NavigationButtons.tsx	Redux state now includes harvesterReviewEntriesEnabled, and permission logic conditionally allows Permission.WordEntry to activate the cleanup tab when the setting is enabled.
Goal Timeline Permission-Based Filtering src/components/GoalTimeline/index.tsx, src/components/GoalTimeline/tests/index.test.tsx	Refactors goal visibility from a requiredPermission() array check to explicit boolean flags for CharacterInventory, MergeAndReviewEntries, and graylist state, with a new test covering the WordEntry-only permission case.
Review Entries Table Column Visibility Gating src/goals/ReviewEntries/ReviewEntriesTable/index.tsx, src/goals/ReviewEntries/ReviewEntriesTable/tests/index.test.tsx	Edit and Delete columns are gated by Permission.MergeAndReviewEntries via a hasFullPermission state fetched on mount; test mock adds getCurrentPermissions() stub.
User Documentation docs/user_guide/docs/project.md, docs/user_guide/docs/goals.md	Project settings documentation introduces the new "Harvester Review Entries" toggle and its limitations; Harvester role description clarifies conditional access; goals documentation explains entry editing with a note on Harvester restrictions.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Suggested labels

enhancement, 🟨Medium

Suggested reviewers

• imnasnainaec
• jasonleenaylor

Poem

🐰 A harvester's gate now stands with care,
Where admins choose what tools to share—
Flags and audio may flow their way,
But edit and delete must stay at bay,
New permissions bloom throughout the day! 🌿

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 61.54% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: adding a project setting that enables Harvesters to access Review Entries functionality with limitations.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch copilot/update-harvester-role-review-entries

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[jasonleenaylor]

@jasonleenaylor reviewed 17 files and all commit messages.
Reviewable status: all files reviewed, 2 unresolved discussions (waiting on imnasnainaec).

[jasonleenaylor]

@jasonleenaylor reviewed 5 files and all commit messages, and made 1 comment.
Reviewable status: all files reviewed, 1 unresolved discussion (waiting on imnasnainaec).

[imnasnainaec]

@imnasnainaec reviewed all commit messages.
Reviewable status: all files reviewed, 1 unresolved discussion (waiting on copilot[bot]).

[jasonleenaylor]

@jasonleenaylor made 1 comment.
Reviewable status: all files reviewed, 1 unresolved discussion (waiting on copilot[bot]).

[imnasnainaec]

@imnasnainaec resolved 1 discussion and dismissed @coderabbitai[bot] from a discussion.
Reviewable status: complete! all files reviewed, all discussions resolved (waiting on copilot[bot]).