[dev] [Marfuen] mariano/people-settings-bg-check-toggle#2748
Merged
Conversation
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Add getExemptMemberIds helper and update computePeopleScore to skip the background check requirement for members with backgroundCheckExempt=true. Both the BG-check query and exempt query are gated behind backgroundCheckStepEnabled. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add backgroundCheckExempt field to UpdatePeopleDto with @IsOptional + @isboolean decorators - Add backgroundCheckExempt: true to MemberQueries.MEMBER_SELECT so the field flows to responses - Add @db mock and backgroundCheckExempt controller test; fix transitive enum mocks so the suite runs Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Replace manual role-string parsing with resolveBuiltInPermissions + hasPermission for the canManageOrgSettings server-side gate, and add usePermissions self-defense inside PeopleSettings to disable the Switch when the user lacks organization:update. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Add memberBackgroundCheckExempt prop to EmployeeBackgroundCheck with an ExemptToggleCard that PATCHes /v1/people/:id on change; gate on member:update permission. Also fix @trycompai/billing vitest alias and backgroundCheckExempt default in createMockMember. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…ull guard Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
2 issues found across 24 files
Confidence score: 3/5
- There is a concrete user-impacting permission regression in
apps/app/src/app/(app)/[orgId]/people/page.tsx: the check ignores custom role permissions, so users with customorganization:updatecan be incorrectly blocked from the new Settings tab. apps/app/src/app/(app)/[orgId]/people/[employeeId]/components/Employee.tsxhas a state-sync issue where the verified badge can remain stale after exemption toggles, which can mislead users even if backend state is correct.- Given the high confidence and user-facing behavior impact, this sits at moderate merge risk rather than a low-risk cleanup.
- Pay close attention to
apps/app/src/app/(app)/[orgId]/people/page.tsxandapps/app/src/app/(app)/[orgId]/people/[employeeId]/components/Employee.tsx- permission gating and UI state synchronization need validation.
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="apps/app/src/app/(app)/[orgId]/people/page.tsx">
<violation number="1" location="apps/app/src/app/(app)/[orgId]/people/page.tsx:39">
P2: This check ignores custom role permissions, so users with custom `organization:update` access can be incorrectly blocked from the new Settings tab.</violation>
</file>
<file name="apps/app/src/app/(app)/[orgId]/people/[employeeId]/components/Employee.tsx">
<violation number="1" location="apps/app/src/app/(app)/[orgId]/people/[employeeId]/components/Employee.tsx:87">
P2: Keep the exemption state in sync with the header; right now the verified badge can stay stale after toggling exemption.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review, or fix all with cubic.
…h header Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Contributor
There was a problem hiding this comment.
1 issue found across 4 files (changes from recent commits).
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="apps/app/src/app/(app)/[orgId]/people/[employeeId]/components/Employee.tsx">
<violation number="1" location="apps/app/src/app/(app)/[orgId]/people/[employeeId]/components/Employee.tsx:72">
P2: State derived from `memberBackgroundCheckExempt` is not kept in sync with prop updates, which can leave exemption UI stale when upstream data changes.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review, or fix all with cubic.
Apply the React render-time-adjust pattern in Employee.tsx and EmployeeBackgroundCheck.tsx so that lifted exempt state stays in sync with the prop after router.refresh() or upstream SWR revalidation. Add regression test covering the uncontrolled-mode resync path. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Contributor
|
@cubic-dev-ai review this again |
Contributor
@Marfuen I have started the AI code review. It will take a few minutes to complete. |
Contributor
|
🎉 This PR is included in version 3.43.0 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is an automated pull request to merge mariano/people-settings-bg-check-toggle into dev.
It was created by the [Auto Pull Request] action.
Summary by cubic
Add org-level and per-member background check controls, with permission-gated People Settings and an employee-level exempt toggle. Exempt members count as complete, UI stays in sync across header/list/toggles, and org-level off overrides per-member settings.
New Features
PATCH /v1/organizationwithbackgroundCheckStepEnabled), shown only if the user hasorganization:update(custom roles supported).PATCH /v1/people/:idwithbackgroundCheckExempt), gated bymember:update; shows an exempt info card; hides the BG-check counter and verified tick; respects org-level off.backgroundCheckExempt; tests added for controllers, people score, header/list UI, settings, and exempt state resync.Migration
Member.backgroundCheckExempt BOOLEAN DEFAULT false. Run database migrations; no data changes needed.Written for commit 3cb8b44. Summary will update on new commits.