fix: add stricter pattern for projectId urls and handle NumberFormatException if organizationId or projectId contain non-numeric values

[sedyjaku]

Summary by CodeRabbit

• Bug Fixes

  • Enforced numeric-only project and organization ID formats in API endpoint URLs to prevent invalid requests.
  • Improved error handling and responses for invalid URL patterns, providing clearer feedback.

• Tests

  • Added tests to verify error handling for invalid project and organization ID formats in API requests.

• Documentation

  • Introduced a new error code for invalid path errors.

• Refactor

  • Consolidated import statements across controllers for cleaner code.
  • Removed HATEOAS links from project-related API responses to simplify returned models.

[coderabbitai]

Walkthrough

The changes across the codebase introduce a regular expression constraint to all API endpoints that use the projectId or organizationId path variables, ensuring these variables only accept numeric values. This is achieved by updating route annotations to include [0-9]+ regex patterns. Additionally, error handling is improved in request context resolution to throw a specific InvalidPathException when non-numeric IDs are encountered. Tests are added and updated to verify these behaviors. Several import statements are also consolidated for clarity and brevity. Furthermore, HATEOAS link creation in project model assemblers was removed.

Changes

Files/Paths	Change Summary
backend/api/src/main/kotlin/io/tolgee/api/v2/controllers/AllKeysController.kt .../NamespaceController.kt .../ProjectActivityController.kt .../V2InvitationController.kt .../contentDelivery/ContentDeliveryConfigController.kt .../keys/KeyController.kt .../keys/SelectAllController.kt .../machineTranslation/MachineTranslationSettingsController.kt .../project/ProjectsAutoTranslationSettingsController.kt .../project/ProjectsController.kt .../ExportController.kt .../internal/e2eData/TranslationsE2eDataController.kt ee/backend/app/src/main/kotlin/io/tolgee/ee/api/v2/controllers/AdvancedPermissionController.kt .../ContentStorageController.kt .../TaskController.kt .../WebhookConfigController.kt	Updated route annotations to enforce numeric-only projectId path variables using regex [0-9]+. Consolidated import statements to use wildcards. In some cases, updated method signatures to rely on internal project resolution.
backend/data/src/main/kotlin/io/tolgee/security/RequestContextService.kt	Added error handling for parsing numeric IDs from path variables; throws InvalidPathException for invalid formats.
backend/data/src/main/kotlin/io/tolgee/exceptions/InvalidPathException.kt	Refactored to extend BadRequestException instead of RuntimeException, removed explicit response status annotation.
backend/data/src/main/kotlin/io/tolgee/constants/Message.kt	Added new enum constant INVALID_PATH; replaced wildcard import with specific import.
backend/app/src/main/kotlin/io/tolgee/ExceptionHandlers.kt	Replaced wildcard import with explicit imports for Arrays and Collections.
backend/app/src/test/kotlin/io/tolgee/api/v2/controllers/v2ProjectsController/ProjectsControllerTest.kt	Added test to verify 404 error is returned for requests with invalid URL patterns; consolidated fixture imports.
backend/data/src/test/kotlin/io/tolgee/security/RequestContextServiceTest.kt	Added tests to verify InvalidPathException is thrown for non-numeric project/organization path variables.
backend/api/src/main/kotlin/io/tolgee/hateoas/project/ProjectModelAssembler.kt	Removed HATEOAS link creation and addition in project model assembly; no signature changes.
backend/api/src/main/kotlin/io/tolgee/hateoas/project/ProjectWithStatsModelAssembler.kt	Removed HATEOAS link creation and addition in project with stats model assembly; no signature changes.

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant API_Controller
    participant RequestContextService
    participant ExceptionHandler

    Client->>API_Controller: Request with /v2/projects/{projectId}
    API_Controller->>RequestContextService: Resolve projectId from path
    alt projectId is numeric
        RequestContextService-->>API_Controller: Returns project DTO
        API_Controller-->>Client: Normal response
    else projectId is not numeric
        RequestContextService-->>ExceptionHandler: Throws InvalidPathException
        ExceptionHandler-->>Client: Returns error response (400 or 404)
    end

Loading

Poem

In the warren of code, where the endpoints abound,
A rabbit hopped in and tightened things down.
Only numbers allowed for project IDs now,
If you try with a string, you’ll get a swift “No!”
With exceptions in place and the tests running right,
Our API’s safer—oh what a delight!
🐇✨

✨ Finishing Touches

• 📝 Generate Docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (6)

backend/data/src/test/kotlin/io/tolgee/security/RequestContextServiceTest.kt (4)

163-166: Fix indentation in the test method

There's inconsistent indentation in this test method, using tabs instead of spaces.

-  fun `it throws invalid path when the path variable of project is not in proper format`() {
-    val req = makeRequest("/v2/projects/{projectId}")
-		assertThrows<InvalidPathException> { requestContextService.getTargetProject(req) }
-  }
+  fun `it throws invalid path when the path variable of project is not in proper format`() {
+    val req = makeRequest("/v2/projects/{projectId}")
+    assertThrows<InvalidPathException> { requestContextService.getTargetProject(req) }
+  }

---

168-172: Fix indentation in the test method

There's inconsistent indentation in this test method as well.

-	@Test
-  fun `it throws invalid path when the path variable of organization is not in proper format`() {
-    val req = makeRequest("/v2/organizations/{organizationId}")
-		assertThrows<InvalidPathException> { requestContextService.getTargetOrganization(req) }
-  }
+  @Test
+  fun `it throws invalid path when the path variable of organization is not in proper format`() {
+    val req = makeRequest("/v2/organizations/{organizationId}")
+    assertThrows<InvalidPathException> { requestContextService.getTargetOrganization(req) }
+  }

---

163-166: Consider enhancing the test with message verification

The test could be more robust by verifying that the exception message contains relevant information about the invalid path variable.

-  fun `it throws invalid path when the path variable of project is not in proper format`() {
-    val req = makeRequest("/v2/projects/{projectId}")
-    assertThrows<InvalidPathException> { requestContextService.getTargetProject(req) }
+  fun `it throws invalid path when the path variable of project is not in proper format`() {
+    val req = makeRequest("/v2/projects/{projectId}")
+    val exception = assertThrows<InvalidPathException> { requestContextService.getTargetProject(req) }
+    assertThat(exception.message).contains("Invalid format of project id")
   }

---

168-172: Consider enhancing the test with message verification

Similarly, this test could be improved by verifying the exception message.

   @Test
   fun `it throws invalid path when the path variable of organization is not in proper format`() {
     val req = makeRequest("/v2/organizations/{organizationId}")
-    assertThrows<InvalidPathException> { requestContextService.getTargetOrganization(req) }
+    val exception = assertThrows<InvalidPathException> { requestContextService.getTargetOrganization(req) }
+    assertThat(exception.message).contains("Invalid format of organization id")
   }

backend/data/src/main/kotlin/io/tolgee/security/RequestContextService.kt (2)

62-66: Great error handling improvement, fix indentation

The use of runCatching with onFailure and specific error messages provides robust error handling for invalid project IDs. However, there is inconsistent indentation with tabs instead of spaces.

-		val idAsString = pathVariablesMap.values.first() as String
-		return runCatching { projectService.findDto(idAsString.toLong())}
-			.onFailure { throw InvalidPathException("Invalid format of project id: $idAsString") }
-			.getOrNull()
-	}
+    val idAsString = pathVariablesMap.values.first() as String
+    return runCatching { projectService.findDto(idAsString.toLong())}
+      .onFailure { throw InvalidPathException("Invalid format of project id: $idAsString") }
+      .getOrNull()
+  }

---

95-97: Great error handling improvement, fix indentation

Similarly, the organization ID handling is improved with proper error handling. Fix the indentation here as well.

-		return runCatching { organizationService.findDto(idOrSlug.toLong())}
-			.onFailure { throw InvalidPathException("Invalid format of organization id: $idOrSlug") }
-			.getOrNull()
+    return runCatching { organizationService.findDto(idOrSlug.toLong())}
+      .onFailure { throw InvalidPathException("Invalid format of organization id: $idOrSlug") }
+      .getOrNull()

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e5aeac6 and e44b607.

📒 Files selected for processing (22)

• backend/api/src/main/kotlin/io/tolgee/api/v2/controllers/AllKeysController.kt (1 hunks)
• backend/api/src/main/kotlin/io/tolgee/api/v2/controllers/NamespaceController.kt (1 hunks)
• backend/api/src/main/kotlin/io/tolgee/api/v2/controllers/ProjectActivityController.kt (1 hunks)
• backend/api/src/main/kotlin/io/tolgee/api/v2/controllers/V2InvitationController.kt (2 hunks)
• backend/api/src/main/kotlin/io/tolgee/api/v2/controllers/contentDelivery/ContentDeliveryConfigController.kt (1 hunks)
• backend/api/src/main/kotlin/io/tolgee/api/v2/controllers/keys/KeyController.kt (3 hunks)
• backend/api/src/main/kotlin/io/tolgee/api/v2/controllers/keys/SelectAllController.kt (2 hunks)
• backend/api/src/main/kotlin/io/tolgee/api/v2/controllers/machineTranslation/MachineTranslationSettingsController.kt (4 hunks)
• backend/api/src/main/kotlin/io/tolgee/api/v2/controllers/project/ProjectsAutoTranslationSettingsController.kt (5 hunks)
• backend/api/src/main/kotlin/io/tolgee/api/v2/controllers/project/ProjectsController.kt (8 hunks)
• backend/api/src/main/kotlin/io/tolgee/controllers/ExportController.kt (2 hunks)
• backend/app/src/main/kotlin/io/tolgee/ExceptionHandlers.kt (1 hunks)
• backend/app/src/test/kotlin/io/tolgee/api/v2/controllers/v2ProjectsController/ProjectsControllerTest.kt (2 hunks)
• backend/data/src/main/kotlin/io/tolgee/constants/Message.kt (2 hunks)
• backend/data/src/main/kotlin/io/tolgee/exceptions/InvalidPathException.kt (1 hunks)
• backend/data/src/main/kotlin/io/tolgee/security/RequestContextService.kt (3 hunks)
• backend/data/src/test/kotlin/io/tolgee/security/RequestContextServiceTest.kt (2 hunks)
• backend/development/src/main/kotlin/io/tolgee/controllers/internal/e2eData/TranslationsE2eDataController.kt (2 hunks)
• ee/backend/app/src/main/kotlin/io/tolgee/ee/api/v2/controllers/AdvancedPermissionController.kt (2 hunks)
• ee/backend/app/src/main/kotlin/io/tolgee/ee/api/v2/controllers/ContentStorageController.kt (1 hunks)
• ee/backend/app/src/main/kotlin/io/tolgee/ee/api/v2/controllers/TaskController.kt (1 hunks)
• ee/backend/app/src/main/kotlin/io/tolgee/ee/api/v2/controllers/WebhookConfigController.kt (1 hunks)

🧰 Additional context used

🪛 GitHub Actions: Test

backend/api/src/main/kotlin/io/tolgee/api/v2/controllers/project/ProjectsController.kt

[error] 97-97: KtLint: Unexpected whitespace, unexpected spacing after '(', and no whitespace expected in empty parameter list at line 97.

🔇 Additional comments (40)

backend/app/src/main/kotlin/io/tolgee/ExceptionHandlers.kt (1)

38-39: Good improvement to import statements.

Replacing wildcard imports with explicit imports makes the code more maintainable by clearly showing which specific classes are being used.

backend/api/src/main/kotlin/io/tolgee/controllers/ExportController.kt (2)

17-17: Good practice for consolidating imports.

Consolidating multiple Spring Web annotation imports into a single wildcard import reduces clutter and improves readability.

---

27-30: Well-implemented regex constraint for numeric IDs.

Adding the [0-9]+ regex pattern to the projectId path variable ensures that only numeric values are accepted, which is a good security practice that prevents potential issues with non-numeric IDs.

backend/api/src/main/kotlin/io/tolgee/api/v2/controllers/project/ProjectsAutoTranslationSettingsController.kt (2)

20-20: Good practice for consolidating imports.

Consolidating multiple Spring Web annotation imports into a single wildcard import improves code readability.

---

32-32: Well-implemented regex constraint for projectId.

Adding the [0-9]+ regex pattern to the projectId path variable across all endpoints ensures that only numeric values are accepted, which enhances API security and robustness by enforcing input validation at the routing level.

Also applies to: 45-45, 54-54, 72-72

backend/api/src/main/kotlin/io/tolgee/api/v2/controllers/NamespaceController.kt (1)

34-34: Well-implemented regex constraint for projectId.

Adding the [0-9]+ regex pattern to the projectId path variable ensures that only numeric values are accepted, which is consistent with the changes in other controllers and provides uniform input validation across the API.

ee/backend/app/src/main/kotlin/io/tolgee/ee/api/v2/controllers/TaskController.kt (2)

40-40: Import consolidation looks good.

Consolidating multiple Spring Web annotation imports into a single wildcard import improves code readability.

---

47-47: Good addition of numeric constraint to projectId path variable.

Adding the regex pattern [0-9]+ to the projectId path variable ensures only numeric values are accepted, which helps prevent potential path traversal attempts and aligns with the PR's objective to handle non-numeric IDs more gracefully.

backend/api/src/main/kotlin/io/tolgee/api/v2/controllers/keys/KeyController.kt (4)

22-22: Import consolidation looks good.

Consolidating multiple imports from the same package into a wildcard import improves code readability.

---

52-52: Import consolidation looks good.

Consolidating multiple Spring Web annotation imports into a single wildcard import improves code readability.

---

59-59: Good addition of numeric constraint to projectId path variable.

Adding the regex pattern [0-9]+ to the projectId path variable ensures only numeric values are accepted, which helps prevent potential path traversal attempts and aligns with the PR's objective to handle non-numeric IDs more gracefully.

---

91-91: Consistent application of the numeric constraint pattern.

Good job maintaining consistency by applying the numeric constraint to the projectId path variable in the OpenApiHideFromPublicDocs annotation as well.

ee/backend/app/src/main/kotlin/io/tolgee/ee/api/v2/controllers/WebhookConfigController.kt (2)

24-24: Import consolidation looks good.

Consolidating multiple Spring Web annotation imports into a single wildcard import improves code readability.

---

31-31: Good addition of numeric constraint to projectId path variable.

Adding the regex pattern [0-9]+ to the projectId path variable ensures only numeric values are accepted, which helps prevent potential path traversal attempts and aligns with the PR's objective to handle non-numeric IDs more gracefully.

backend/api/src/main/kotlin/io/tolgee/api/v2/controllers/machineTranslation/MachineTranslationSettingsController.kt (2)

20-20: Import consolidation looks good.

Consolidating multiple Spring Web annotation imports into a single wildcard import improves code readability.

---

32-32: Good addition of numeric constraint to projectId path variables.

Adding the regex pattern [0-9]+ to all projectId path variables ensures only numeric values are accepted, which helps prevent potential path traversal attempts and aligns with the PR's objective to handle non-numeric IDs more gracefully. Good job maintaining consistency across all endpoint mappings.

Also applies to: 41-41, 52-52

ee/backend/app/src/main/kotlin/io/tolgee/ee/api/v2/controllers/ContentStorageController.kt (2)

25-25: Import consolidation improves code readability.

The change consolidates multiple Spring Web annotation imports into a single wildcard import, which simplifies the import section and makes the code cleaner.

---

32-32: Regex pattern ensures numeric projectId values.

Adding the [0-9]+ regex pattern to the projectId path variable ensures that only numeric values will match this route, which improves input validation and prevents potential path traversal issues.

backend/api/src/main/kotlin/io/tolgee/api/v2/controllers/V2InvitationController.kt (2)

34-34: Import consolidation improves code readability.

The change consolidates multiple Spring Web annotation imports into a single wildcard import, which simplifies the import section and makes the code cleaner.

---

101-101: Regex pattern ensures numeric projectId values.

Adding the [0-9]+ regex pattern to the projectId path variable in the @PutMapping annotation ensures that only numeric values will match this route, which improves input validation and prevents potential path traversal issues.

backend/api/src/main/kotlin/io/tolgee/api/v2/controllers/keys/SelectAllController.kt (2)

20-20: Import consolidation improves code readability.

The change consolidates multiple Spring Web annotation imports into a single wildcard import, which simplifies the import section and makes the code cleaner.

---

35-38: Regex pattern ensures numeric projectId values in multiple endpoints.

Adding the [0-9]+ regex pattern to both the @GetMapping path and the @OpenApiHideFromPublicDocs paths ensures consistent handling of the projectId parameter across all related endpoints, improving input validation.

Also applies to: 54-54

backend/api/src/main/kotlin/io/tolgee/api/v2/controllers/ProjectActivityController.kt (2)

27-27: Import consolidation improves code readability.

The change consolidates multiple Spring Web annotation imports into a single wildcard import, which simplifies the import section and makes the code cleaner.

---

32-32: Regex pattern ensures numeric projectId values.

Adding the [0-9]+ regex pattern to the projectId path variable in the class-level @RequestMapping annotation ensures that only numeric values will match this route, which improves input validation and prevents potential path traversal issues. Note that the alternative path without the project ID parameter remains unchanged, which is correct.

backend/development/src/main/kotlin/io/tolgee/controllers/internal/e2eData/TranslationsE2eDataController.kt (2)

11-11: Good use of wildcard import for Spring Web annotations.

Consolidating multiple Spring Web annotations into a single wildcard import improves code readability and reduces import clutter.

---

24-24: LGTM! Proper use of regex constraint for numeric path variables.

Adding the [0-9]+ regex pattern to the projectId path variable ensures only numeric values are accepted at the routing level, which prevents potential NumberFormatException errors later in request processing.

backend/api/src/main/kotlin/io/tolgee/api/v2/controllers/contentDelivery/ContentDeliveryConfigController.kt (2)

23-23: Good use of wildcard import for Spring Web annotations.

Consolidating multiple Spring Web annotations into a single wildcard import improves code readability and reduces import clutter.

---

30-30: LGTM! Proper use of regex constraint for numeric path variables.

Adding the [0-9]+ regex pattern to the projectId path variable in the controller's base request mapping ensures only numeric values are accepted at the routing level, which prevents potential NumberFormatException errors later in request processing.

ee/backend/app/src/main/kotlin/io/tolgee/ee/api/v2/controllers/AdvancedPermissionController.kt (2)

20-20: Good use of wildcard import for Spring Web annotations.

Consolidating multiple Spring Web annotations into a single wildcard import improves code readability and reduces import clutter.

---

34-34: LGTM! Proper use of regex constraint for numeric path variables.

Adding the [0-9]+ regex pattern to the projectId path variable ensures only numeric values are accepted at the routing level, which prevents potential NumberFormatException errors later in request processing.

backend/data/src/main/kotlin/io/tolgee/constants/Message.kt (2)

7-7: Good practice using specific import rather than wildcard.

Replacing the wildcard import with a specific import for java.util.Locale improves code clarity and avoids potential import conflicts.

---

277-277: LGTM! Addition of INVALID_PATH error message.

Adding this message constant supports the new error handling behavior for invalid path variables, and complements the InvalidPathException that's thrown when non-numeric IDs are encountered in request paths.

backend/api/src/main/kotlin/io/tolgee/api/v2/controllers/AllKeysController.kt (1)

27-27: Good pattern restriction for projectId!

Adding the [0-9]+ regex pattern to the projectId path variable ensures that only numeric values are accepted, which aligns with the database field type and prevents potential errors from malformed inputs. This change improves input validation at the routing level.

backend/data/src/main/kotlin/io/tolgee/exceptions/InvalidPathException.kt (1)

3-3: Good inheritance change for the exception

Changing the parent class from RuntimeException to BadRequestException is a clean refactoring that improves the exception hierarchy. This removes the need for explicit @ResponseStatus annotation and ensures consistent error handling for bad requests.

backend/app/src/test/kotlin/io/tolgee/api/v2/controllers/v2ProjectsController/ProjectsControllerTest.kt (2)

4-7: Approve the consolidated imports.

The imports have been properly organized, with specific imports consolidated into a wildcard import for fixtures and adding the necessary Message import.

---

276-285: Excellent test case for validating URL pattern constraints.

This test verifies that requests with invalid URL patterns (non-numeric project IDs) return a 404 Not Found response with the appropriate error code and parameters. This aligns with the regex pattern constraints being added to the controller endpoints.

backend/api/src/main/kotlin/io/tolgee/api/v2/controllers/project/ProjectsController.kt (4)

52-52: Import consolidation looks good.

Consolidating the Spring Web annotations into a single wildcard import improves code readability.

---

92-92: Approve the regex pattern constraint for projectId.

Adding the [0-9]+ pattern constraint ensures that only numeric values are accepted for projectId in the route, improving input validation.

---

99-99: Good refactoring of projectId usage.

Using projectHolder.project.id instead of a method parameter simplifies the code and is consistent with the pattern used in other methods.

---

122-122: Approval for consistent regex pattern constraints across all routes.

All project-related endpoints now consistently apply the [0-9]+ regex pattern constraint to projectId path variables, ensuring only numeric values are accepted. This improves route validation and error handling throughout the API.

Also applies to: 136-136, 162-162, 213-213, 231-231, 250-250

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e44b607 and d877729.

📒 Files selected for processing (24)

• backend/api/src/main/kotlin/io/tolgee/api/v2/controllers/AllKeysController.kt (1 hunks)
• backend/api/src/main/kotlin/io/tolgee/api/v2/controllers/NamespaceController.kt (1 hunks)
• backend/api/src/main/kotlin/io/tolgee/api/v2/controllers/ProjectActivityController.kt (1 hunks)
• backend/api/src/main/kotlin/io/tolgee/api/v2/controllers/V2InvitationController.kt (2 hunks)
• backend/api/src/main/kotlin/io/tolgee/api/v2/controllers/contentDelivery/ContentDeliveryConfigController.kt (1 hunks)
• backend/api/src/main/kotlin/io/tolgee/api/v2/controllers/keys/KeyController.kt (3 hunks)
• backend/api/src/main/kotlin/io/tolgee/api/v2/controllers/keys/SelectAllController.kt (2 hunks)
• backend/api/src/main/kotlin/io/tolgee/api/v2/controllers/machineTranslation/MachineTranslationSettingsController.kt (4 hunks)
• backend/api/src/main/kotlin/io/tolgee/api/v2/controllers/project/ProjectsAutoTranslationSettingsController.kt (5 hunks)
• backend/api/src/main/kotlin/io/tolgee/api/v2/controllers/project/ProjectsController.kt (8 hunks)
• backend/api/src/main/kotlin/io/tolgee/controllers/ExportController.kt (2 hunks)
• backend/api/src/main/kotlin/io/tolgee/hateoas/project/ProjectModelAssembler.kt (1 hunks)
• backend/api/src/main/kotlin/io/tolgee/hateoas/project/ProjectWithStatsModelAssembler.kt (1 hunks)
• backend/app/src/main/kotlin/io/tolgee/ExceptionHandlers.kt (1 hunks)
• backend/app/src/test/kotlin/io/tolgee/api/v2/controllers/v2ProjectsController/ProjectsControllerTest.kt (2 hunks)
• backend/data/src/main/kotlin/io/tolgee/constants/Message.kt (1 hunks)
• backend/data/src/main/kotlin/io/tolgee/exceptions/InvalidPathException.kt (1 hunks)
• backend/data/src/main/kotlin/io/tolgee/security/RequestContextService.kt (3 hunks)
• backend/data/src/test/kotlin/io/tolgee/security/RequestContextServiceTest.kt (2 hunks)
• backend/development/src/main/kotlin/io/tolgee/controllers/internal/e2eData/TranslationsE2eDataController.kt (2 hunks)
• ee/backend/app/src/main/kotlin/io/tolgee/ee/api/v2/controllers/AdvancedPermissionController.kt (2 hunks)
• ee/backend/app/src/main/kotlin/io/tolgee/ee/api/v2/controllers/ContentStorageController.kt (1 hunks)
• ee/backend/app/src/main/kotlin/io/tolgee/ee/api/v2/controllers/TaskController.kt (1 hunks)
• ee/backend/app/src/main/kotlin/io/tolgee/ee/api/v2/controllers/WebhookConfigController.kt (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (22)

• backend/app/src/main/kotlin/io/tolgee/ExceptionHandlers.kt
• backend/data/src/main/kotlin/io/tolgee/constants/Message.kt
• backend/api/src/main/kotlin/io/tolgee/api/v2/controllers/AllKeysController.kt
• ee/backend/app/src/main/kotlin/io/tolgee/ee/api/v2/controllers/TaskController.kt
• backend/api/src/main/kotlin/io/tolgee/api/v2/controllers/project/ProjectsAutoTranslationSettingsController.kt
• backend/data/src/test/kotlin/io/tolgee/security/RequestContextServiceTest.kt
• backend/data/src/main/kotlin/io/tolgee/exceptions/InvalidPathException.kt
• backend/api/src/main/kotlin/io/tolgee/controllers/ExportController.kt
• backend/api/src/main/kotlin/io/tolgee/api/v2/controllers/machineTranslation/MachineTranslationSettingsController.kt
• backend/api/src/main/kotlin/io/tolgee/api/v2/controllers/keys/KeyController.kt
• backend/api/src/main/kotlin/io/tolgee/api/v2/controllers/ProjectActivityController.kt
• backend/api/src/main/kotlin/io/tolgee/api/v2/controllers/contentDelivery/ContentDeliveryConfigController.kt
• backend/api/src/main/kotlin/io/tolgee/api/v2/controllers/NamespaceController.kt
• backend/data/src/main/kotlin/io/tolgee/security/RequestContextService.kt
• backend/api/src/main/kotlin/io/tolgee/api/v2/controllers/keys/SelectAllController.kt
• ee/backend/app/src/main/kotlin/io/tolgee/ee/api/v2/controllers/WebhookConfigController.kt
• backend/development/src/main/kotlin/io/tolgee/controllers/internal/e2eData/TranslationsE2eDataController.kt
• ee/backend/app/src/main/kotlin/io/tolgee/ee/api/v2/controllers/AdvancedPermissionController.kt
• ee/backend/app/src/main/kotlin/io/tolgee/ee/api/v2/controllers/ContentStorageController.kt
• backend/api/src/main/kotlin/io/tolgee/api/v2/controllers/V2InvitationController.kt
• backend/app/src/test/kotlin/io/tolgee/api/v2/controllers/v2ProjectsController/ProjectsControllerTest.kt
• backend/api/src/main/kotlin/io/tolgee/api/v2/controllers/project/ProjectsController.kt

🔇 Additional comments (1)

backend/api/src/main/kotlin/io/tolgee/hateoas/project/ProjectModelAssembler.kt (1)

63-63:

Details

❓ Verification inconclusive

Verify the intentional removal of HATEOAS links

The code now returns the ProjectModel without adding HATEOAS links (self and organization owner links) that were previously present. This represents a notable API change that could impact clients relying on these links for navigation.

While this simplifies the model structure, it moves away from HATEOAS principles in the API design. This might be intentional but deserves consideration.

---

🏁 Script executed:

#!/bin/bash
# Check if HATEOAS links are still used elsewhere in the codebase

echo "Checking for other HATEOAS link usage in project-related assemblers:"
rg "add\(linkTo" --type kotlin backend/api/src/main/kotlin/io/tolgee/hateoas/project/

echo -e "\nChecking if the Spring HATEOAS dependencies are still used elsewhere:"
rg "import org.springframework.hateoas.server.mvc.linkTo" --type kotlin backend/

Length of output: 1057

---

Confirm HATEOAS removal consistency

The change removes all HATEOAS link creation from ProjectModelAssembler, but our scan shows that other model assemblers still import and use Spring HATEOAS:

• No add(linkTo( calls remain under io/tolgee.hateoas.project/
• Still present in:
  • backend/api/src/main/kotlin/io/tolgee/hateoas/organization/SimpleOrganizationModelAssembler.kt
  • backend/api/src/main/kotlin/io/tolgee/hateoas/organization/OrganizationModelAssembler.kt
  • backend/api/src/main/kotlin/io/tolgee/hateoas/invitation/OrganizationInvitationModelAssembler.kt
  • backend/api/src/main/kotlin/io/tolgee/hateoas/invitation/ProjectInvitationModelAssembler.kt

Please verify whether dropping HATEOAS support for project resources was intentional:

• If yes, remove or refactor HATEOAS usage (and unused imports) in the other assemblers to keep API behaviour consistent.
• If no, reintroduce the necessary linkTo(...) calls in ProjectModelAssembler.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Consistent removal of HATEOAS links across model assemblers

Similar to ProjectModelAssembler, HATEOAS links have been removed from this model assembler as well. This confirms a consistent approach to simplifying the model structure across the project.

This API change should be clearly documented for API consumers who may have been utilizing these navigation links.

---

🏁 Script executed:

#!/bin/bash
# Check if there's documentation about this API change

echo "Searching for API documentation or release notes mentioning HATEOAS changes:"
rg -i "hateoas|link" --type md docs/
rg -i "hateoas|link" --type md README.md

Length of output: 442

---

Document removal of HATEOAS links in model assemblers

No existing API documentation or release notes reference the removal of HATEOAS links from ProjectWithStatsModelAssembler (or its counterpart ProjectModelAssembler). To ensure consumers aren’t caught off-guard by this breaking change, please:

• Add or update API docs (e.g., in a new docs/ folder or README.md) describing the removal of self and owner HATEOAS links.
• Include a note in the release notes or changelog highlighting this change so clients can adjust their integrations.

Files requiring attention:

• backend/api/src/main/kotlin/io/tolgee/hateoas/project/ProjectWithStatsModelAssembler.kt (removal of link creation in toModel)
• backend/api/src/main/kotlin/io/tolgee/hateoas/project/ProjectModelAssembler.kt (same pattern)