release: v0.25.2 (#6736)

Author: sriramveeraghanta

.env.example

@@ -38,3 +38,9 @@ USE_MINIO=1
 
 # Nginx Configuration
 NGINX_PORT=80
+
+# Force HTTPS for handling SSL Termination
+MINIO_ENDPOINT_SSL=0
+
+# API key rate limit
+API_KEY_RATE_LIMIT="60/minute"

admin/package.json

@@ -1,7 +1,7 @@
 {
   "name": "admin",
   "description": "Admin UI for Plane",
-  "version": "0.25.1",
+  "version": "0.25.2",
   "license": "AGPL-3.0",
   "private": true,
   "scripts": {

apiserver/.env.example

@@ -59,4 +59,10 @@ APP_BASE_URL=
 
 
 # Hard delete files after days
-HARD_DELETE_AFTER_DAYS=60
+HARD_DELETE_AFTER_DAYS=60
+
+# Force HTTPS for handling SSL Termination
+MINIO_ENDPOINT_SSL=0
+
+# API key rate limit
+API_KEY_RATE_LIMIT="60/minute"

apiserver/package.json

@@ -1,6 +1,6 @@
 {
   "name": "plane-api",
-  "version": "0.25.1",
+  "version": "0.25.2",
   "license": "AGPL-3.0",
   "private": true,
   "description": "API server powering Plane's backend"

apiserver/plane/api/rate_limit.py

@@ -1,9 +1,13 @@
+# python imports
+import os
+
+# Third party imports
 from rest_framework.throttling import SimpleRateThrottle
 
 
 class ApiKeyRateThrottle(SimpleRateThrottle):
     scope = "api_key"
-    rate = "60/minute"
+    rate = os.environ.get("API_KEY_RATE_LIMIT", "60/minute")
 
     def get_cache_key(self, request, view):
         # Retrieve the API key from the request header

apiserver/plane/app/serializers/issue.py

@@ -111,25 +111,23 @@ def to_representation(self, instance):
         data["label_ids"] = label_ids if label_ids else []
         return data
 
-    def validate(self, data):
+    def validate(self, attrs):
         if (
-            data.get("start_date", None) is not None
-            and data.get("target_date", None) is not None
-            and data.get("start_date", None) > data.get("target_date", None)
+            attrs.get("start_date", None) is not None
+            and attrs.get("target_date", None) is not None
+            and attrs.get("start_date", None) > attrs.get("target_date", None)
         ):
             raise serializers.ValidationError("Start date cannot exceed target date")
-        return data
 
-    def get_valid_assignees(self, assignees, project_id):
-        if not assignees:
-            return []
+        if attrs.get("assignee_ids", []):
+            attrs["assignee_ids"] = ProjectMember.objects.filter(
+                project_id=self.context["project_id"],
+                role__gte=15,
+                is_active=True,
+                member_id__in=attrs["assignee_ids"],
+            ).values_list("member_id", flat=True)
 
-        return ProjectMember.objects.filter(
-            project_id=project_id,
-            role__gte=15,
-            is_active=True,
-            member_id__in=assignees
-        ).values_list('member_id', flat=True)
+        return attrs
 
     def create(self, validated_data):
         assignees = validated_data.pop("assignee_ids", None)
@@ -146,33 +144,35 @@ def create(self, validated_data):
         created_by_id = issue.created_by_id
         updated_by_id = issue.updated_by_id
 
-        valid_assignee_ids = self.get_valid_assignees(assignees, project_id)
-        if valid_assignee_ids is not None and len(valid_assignee_ids):
+        if assignees is not None and len(assignees):
             try:
                 IssueAssignee.objects.bulk_create(
                     [
                         IssueAssignee(
-                            assignee_id=user_id,
+                            assignee_id=assignee_id,
                             issue=issue,
                             project_id=project_id,
                             workspace_id=workspace_id,
                             created_by_id=created_by_id,
                             updated_by_id=updated_by_id,
                         )
-                        for user_id in valid_assignee_ids
+                        for assignee_id in assignees
                     ],
                     batch_size=10,
                 )
             except IntegrityError:
                 pass
         else:
             # Then assign it to default assignee, if it is a valid assignee
-            if default_assignee_id is not None and ProjectMember.objects.filter(
-                member_id=default_assignee_id,
-                project_id=project_id,
-                role__gte=15,
-                is_active=True
-            ).exists():
+            if (
+                default_assignee_id is not None
+                and ProjectMember.objects.filter(
+                    member_id=default_assignee_id,
+                    project_id=project_id,
+                    role__gte=15,
+                    is_active=True,
+                ).exists()
+            ):
                 try:
                     IssueAssignee.objects.create(
                         assignee_id=default_assignee_id,
@@ -216,21 +216,20 @@ def update(self, instance, validated_data):
         created_by_id = instance.created_by_id
         updated_by_id = instance.updated_by_id
 
-        valid_assignee_ids = self.get_valid_assignees(assignees, project_id)
-        if valid_assignee_ids is not None:
+        if assignees is not None:
             IssueAssignee.objects.filter(issue=instance).delete()
             try:
                 IssueAssignee.objects.bulk_create(
                     [
                         IssueAssignee(
-                            assignee_id=user_id,
+                            assignee_id=assignee_id,
                             issue=instance,
                             project_id=project_id,
                             workspace_id=workspace_id,
                             created_by_id=created_by_id,
                             updated_by_id=updated_by_id,
                         )
-                        for user_id in valid_assignee_ids
+                        for assignee_id in assignees
                     ],
                     batch_size=10,
                     ignore_conflicts=True,

apiserver/plane/app/views/intake/base.py

@@ -178,7 +178,9 @@ def list(self, request, slug, project_id):
             workspace__slug=slug, project_id=project_id
         ).first()
         if not intake:
-            return Response({"error": "Intake not found"}, status=status.HTTP_404_NOT_FOUND)
+            return Response(
+                {"error": "Intake not found"}, status=status.HTTP_404_NOT_FOUND
+            )
 
         project = Project.objects.get(pk=project_id)
         filters = issue_filters(request.GET, "GET", "issue__")
@@ -385,7 +387,7 @@ def partial_update(self, request, slug, project_id, pk):
                 }
 
             issue_serializer = IssueCreateSerializer(
-                issue, data=issue_data, partial=True
+                issue, data=issue_data, partial=True, context={"project_id": project_id}
             )
 
             if issue_serializer.is_valid():

apiserver/plane/app/views/issue/base.py

@@ -635,7 +635,9 @@ def partial_update(self, request, slug, project_id, pk=None):
         )
 
         requested_data = json.dumps(self.request.data, cls=DjangoJSONEncoder)
-        serializer = IssueCreateSerializer(issue, data=request.data, partial=True)
+        serializer = IssueCreateSerializer(
+            issue, data=request.data, partial=True, context={"project_id": project_id}
+        )
         if serializer.is_valid():
             serializer.save()
             issue_activity.delay(
@@ -1099,7 +1101,6 @@ def post(self, request, slug, project_id):
 
 
 class IssueMetaEndpoint(BaseAPIView):
-
     @allow_permission([ROLE.ADMIN, ROLE.MEMBER, ROLE.GUEST], level="PROJECT")
     def get(self, request, slug, project_id, issue_id):
         issue = Issue.issue_objects.only("sequence_id", "project__identifier").get(
@@ -1115,14 +1116,12 @@ def get(self, request, slug, project_id, issue_id):
 
 
 class IssueDetailIdentifierEndpoint(BaseAPIView):
-
     def strict_str_to_int(self, s):
-        if not s.isdigit() and not (s.startswith('-') and s[1:].isdigit()):
+        if not s.isdigit() and not (s.startswith("-") and s[1:].isdigit()):
             raise ValueError("Invalid integer string")
         return int(s)
 
     def get(self, request, slug, project_identifier, issue_identifier):
-
         # Check if the issue identifier is a valid integer
         try:
             issue_identifier = self.strict_str_to_int(issue_identifier)
@@ -1134,8 +1133,7 @@ def get(self, request, slug, project_identifier, issue_identifier):
 
         # Fetch the project
         project = Project.objects.get(
-            identifier__iexact=project_identifier,
-            workspace__slug=slug,
+            identifier__iexact=project_identifier, workspace__slug=slug
         )
 
         # Check if the user is a member of the project
@@ -1237,8 +1235,8 @@ def get(self, request, slug, project_identifier, issue_identifier):
             .annotate(
                 is_subscribed=Exists(
                     IssueSubscriber.objects.filter(
-                            workspace__slug=slug,
-                            project_id=project.id,
+                        workspace__slug=slug,
+                        project_id=project.id,
                         issue__sequence_id=issue_identifier,
                         subscriber=request.user,
                     )

apiserver/plane/settings/storage.py

@@ -32,14 +32,20 @@ def __init__(self, request=None):
         ) or os.environ.get("MINIO_ENDPOINT_URL")
 
         if os.environ.get("USE_MINIO") == "1":
+
+            # Determine protocol based on environment variable
+            if os.environ.get("MINIO_ENDPOINT_SSL") == "1":
+                endpoint_protocol = "https"
+            else:
+                endpoint_protocol = request.scheme if request else "http"
             # Create an S3 client for MinIO
             self.s3_client = boto3.client(
                 "s3",
                 aws_access_key_id=self.aws_access_key_id,
                 aws_secret_access_key=self.aws_secret_access_key,
                 region_name=self.aws_region,
                 endpoint_url=(
-                    f"{request.scheme}://{request.get_host()}"
+                    f"{endpoint_protocol}://{request.get_host()}"
                     if request
                     else self.aws_s3_endpoint_url
                 ),

apiserver/plane/space/views/intake.py

@@ -12,7 +12,7 @@
 
 # Module imports
 from .base import BaseViewSet
-from plane.db.models import IntakeIssue, Issue, State, IssueLink, FileAsset, DeployBoard
+from plane.db.models import IntakeIssue, Issue, IssueLink, FileAsset, DeployBoard
 from plane.app.serializers import (
     IssueSerializer,
     IntakeIssueSerializer,
@@ -202,7 +202,12 @@ def partial_update(self, request, anchor, intake_id, pk):
             "description": issue_data.get("description", issue.description),
         }
 
-        issue_serializer = IssueCreateSerializer(issue, data=issue_data, partial=True)
+        issue_serializer = IssueCreateSerializer(
+            issue,
+            data=issue_data,
+            partial=True,
+            context={"project_id": project_deploy_board.project_id},
+        )
 
         if issue_serializer.is_valid():
             current_instance = issue

apiserver/requirements/base.txt

@@ -1,7 +1,7 @@
 # base requirements
 
 # django
-Django==4.2.18
+Django==4.2.20
 # rest framework
 djangorestframework==3.15.2
 # postgres

deploy/selfhost/docker-compose.yml

@@ -50,6 +50,8 @@ x-app-env: &app-env
   DATABASE_URL: ${DATABASE_URL:-postgresql://plane:plane@plane-db/plane}
   SECRET_KEY: ${SECRET_KEY:-60gp0byfz2dvffa45cxl20p1scy9xbpf6d8c5y0geejgkyp1b5}
   AMQP_URL: ${AMQP_URL:-amqp://plane:plane@plane-mq:5672/plane}
+  API_KEY_RATE_LIMIT: ${API_KEY_RATE_LIMIT:-60/minute}
+  MINIO_ENDPOINT_SSL: ${MINIO_ENDPOINT_SSL:-0}
 
 services:
   web:

deploy/selfhost/variables.env

@@ -58,3 +58,8 @@ GUNICORN_WORKERS=1
 # UNCOMMENT `DOCKER_PLATFORM` IF YOU ARE ON `ARM64` AND DOCKER IMAGE IS NOT AVAILABLE FOR RESPECTIVE `APP_RELEASE`
 # DOCKER_PLATFORM=linux/amd64
 
+# Force HTTPS for handling SSL Termination
+MINIO_ENDPOINT_SSL=0
+
+# API key rate limit
+API_KEY_RATE_LIMIT="60/minute"

live/package.json

@@ -1,6 +1,6 @@
 {
   "name": "live",
-  "version": "0.25.1",
+  "version": "0.25.2",
   "license": "AGPL-3.0",
   "description": "A realtime collaborative server powers Plane's rich text editor",
   "main": "./src/server.ts",

package.json

@@ -2,7 +2,7 @@
   "name": "plane",
   "description": "Open-source project management that unlocks customer value",
   "repository": "https://github.com/makeplane/plane.git",
-  "version": "0.25.1",
+  "version": "0.25.2",
   "license": "AGPL-3.0",
   "private": true,
   "workspaces": [

packages/constants/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@plane/constants",
-  "version": "0.25.1",
+  "version": "0.25.2",
   "private": true,
   "main": "./src/index.ts",
   "license": "AGPL-3.0"