Stop auto-reload if room guest access is denied

[samuelwei]

• Bugfix
• Feature
• Documentation
• Refactoring (e.g. Style updates, Test implementation, etc.)
• Other (please describe):

Checklist

• Code updated to current develop branch head
• Passes CI checks
• Is a part of an issue
• Tests added for the bugfix or newly implemented feature, describe below why if not
• Changelog is updated
• Documentation of code and features exists

Changes

• Changed: Auto-reload of rooms now disabled for guests without access

Other information

The old behaviour didn't offer much of an advantage, as reloading probably won't make a difference. It would only have an effect if the room settings were changed. The major disadvantage of the old approach was the high number of failed requests, which spammed the logs and increased the error count metrics.

Summary by CodeRabbit

• Changed

  • Auto-reload of rooms is disabled for guests who lack access.

• Bug Fixes

  • Prevented multiple concurrent auto-refresh cycles; auto-refresh is paused on access errors and properly resumes after successful data updates.

• Tests

  • Added end-to-end tests validating auto-reload behavior and that reload is disabled when guests are blocked.

[coderabbitai]

Walkthrough

Prevent duplicate auto-refresh timers in RoomsView, stop auto-reload when guests lack access, resume auto-reload after successful reloads, add changelog entry documenting disabled auto-reload for guests, and add two e2e tests covering auto-reload behavior and error handling.

Changes

Cohort / File(s)	Change Summary
Documentation CHANGELOG.md	Added Unreleased → Changed entry noting auto-reload is disabled for guests without access and added reference link for #2588.
Room Auto-Refresh Logic resources/js/views/RoomsView.vue	Prevents creating duplicate intervals by checking reloadInterval.value before initializing; clears and nulls the interval on guests_not_allowed and on invalid token; removed immediate auto-restart on guests-not-allowed path; reinstates auto-refresh after successful reload.
End-to-end Tests tests/Frontend/e2e/RoomsViewGeneral.cy.js	Added two tests: auto-reload (verifies periodic reload triggers) and auto-reload disabled on error (verifies no reload after guests_not_allowed 403). Both use clock/tick and intercepts to assert request counts and UI error state.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

• Check the null-check logic in startAutoRefresh and ensure no race conditions with interval clearing.
• Verify handleGuestsNotAllowed and handleInvalidToken consistently clear and reset interval state.
• Review reload re-enablement timing to ensure it only restarts after successful data load.
• Run the new e2e tests locally to confirm flakeless behavior and correct intercept/time mocking.

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically describes the main change: disabling auto-reload when guest access to rooms is denied, which directly aligns with the changeset.
Description check	✅ Passed	The description follows the template with a clear type selection, completed checklist items, specific changes listed, and detailed rationale provided. All major sections are addressed.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch disable-room-reload-on-guest-access-forbidden

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 96.24%. Comparing base (1e933f4) to head (947aff6).

Additional details and impacted files

@@              Coverage Diff              @@
##             develop    #2588      +/-   ##
=============================================
- Coverage      96.75%   96.24%   -0.51%     
  Complexity      1816     1816              
=============================================
  Files            434      257     -177     
  Lines          12483     6213    -6270     
  Branches        2078        0    -2078     
=============================================
- Hits           12078     5980    -6098     
+ Misses           405      233     -172     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[cypress]

PILOS    Run #2684

Run Properties:   Passed #2684  •  a4efe7b8e1: Stop auto-reload if room guest access is denied

Project	PILOS
Branch Review	disable-room-reload-on-guest-access-forbidden
Run status	Passed #2684
Run duration	07m 40s
Commit	a4efe7b8e1: Stop auto-reload if room guest access is denied
Committer	Samuel Weirich
View all properties for this run ↗︎

---

Test results
Failures	0
Flaky	0
Pending	0
Skipped	0
Passing	610
View all changes introduced in this branch ↗︎

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d93a847 and e004803.

📒 Files selected for processing (2)

• CHANGELOG.md (2 hunks)
• resources/js/views/RoomsView.vue (3 hunks)

🔇 Additional comments (3)

CHANGELOG.md (1)

10-13: LGTM!

The changelog entry accurately documents the change and follows the established format conventions.

Also applies to: 592-592

resources/js/views/RoomsView.vue (2)

311-318: Good guard to prevent duplicate intervals, but needs companion fix.

The null check prevents multiple intervals from being created simultaneously. However, this guard relies on reloadInterval.value being explicitly set to null after clearInterval() is called elsewhere in the code, since clearInterval() only stops the interval but doesn't reset the variable.

See the critical issue flagged below in handleGuestsNotAllowed() and handleInvalidToken().

---

475-475: Correct logic to resume auto-refresh after successful reload.

Calling startAutoRefresh() here ensures that auto-refresh resumes when a previously denied guest gains access (e.g., after room settings change or user logs in). This completes the intended flow of disabling auto-refresh on denial and re-enabling on recovery.

Note: This logic depends on the critical fix above—reloadInterval.value must be set to null after clearInterval() for this to work correctly.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

tests/Frontend/e2e/RoomsViewGeneral.cy.js (1)

1826-1852: LGTM! Test correctly validates disabled auto-reload on error.

The test properly verifies that auto-reload does not occur after a guests_not_allowed error by asserting only one room request is made despite ticking past the refresh interval.

Consider adding a test case that verifies auto-reload resumes after a successful manual reload following a guests_not_allowed error. This would validate the complete lifecycle:

it("auto-reload resumes after error recovery", function () {
  cy.intercept("GET", "api/v1/currentUser", {});
  cy.fixture("config.json").then((config) => {
    config.data.room.refresh_rate = 60;
    cy.intercept("GET", "api/v1/config", {
      statusCode: 200,
      body: config,
    });
  });
  
  // Initial request returns 403
  cy.intercept("GET", "api/v1/rooms/abc-def-123", {
    statusCode: 403,
    body: { message: "guests_not_allowed" },
  }).as("roomRequest");

  cy.clock();
  cy.visit("/rooms/abc-def-123");
  cy.wait("@roomRequest");
  
  // Tick forward - no auto-reload should occur
  cy.tick(100000);
  cy.get("@roomRequest.all").should("have.length", 1);
  
  // Now return success for subsequent requests
  cy.fixture("room.json").then((room) => {
    cy.intercept("GET", "api/v1/rooms/abc-def-123", {
      statusCode: 200,
      body: room,
    }).as("roomRequest");
  });
  
  // Manual reload
  cy.get('[data-test="reload-room-button"]').click();
  cy.wait("@roomRequest");
  
  // Verify auto-reload resumes
  cy.tick(100000);
  cy.get("@roomRequest.all").should("have.length", 3); // initial 403 + manual + auto
});

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e004803 and a4efe7b.

📒 Files selected for processing (2)

• resources/js/views/RoomsView.vue (4 hunks)
• tests/Frontend/e2e/RoomsViewGeneral.cy.js (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: Docker Build
• GitHub Check: Backend

🔇 Additional comments (5)

tests/Frontend/e2e/RoomsViewGeneral.cy.js (1)

1797-1824: LGTM! Auto-reload test validates expected behavior.

The test correctly configures a 60-second refresh rate and uses cy.clock() to verify that auto-reload triggers after the interval. The 100-second tick provides sufficient margin to account for the ±15% randomness in the refresh interval.

resources/js/views/RoomsView.vue (4)

311-318: LGTM! Guard prevents duplicate auto-refresh intervals.

The guard if (reloadInterval.value === null) ensures that multiple calls to startAutoRefresh() won't create duplicate intervals. This works correctly with the cleanup in error handlers and allows auto-refresh to resume after the interval is cleared and nulled.

---

345-350: Excellent! Past review comment addressed.

The addition of reloadInterval.value = null after clearInterval() correctly resets the interval state. This ensures:

1. The guard in startAutoRefresh() (line 312) will allow a new interval when access is restored
2. Auto-refresh remains disabled until an explicit successful reload occurs

---

368-375: Excellent! Past review comment addressed for token errors.

The addition of reloadInterval.value = null after clearInterval() in handleInvalidToken() ensures consistent cleanup behavior with handleGuestsNotAllowed(). Since invalid token errors are permanent (the token cannot be restored), disabling auto-refresh is the correct behavior.

---

451-484: LGTM! Auto-refresh correctly resumes after successful reload.

Calling startAutoRefresh() on line 477 after a successful reload ensures that:

1. Auto-refresh resumes after room access is restored (e.g., settings changed, user logged in)
2. The guard on line 312 prevents duplicate intervals if auto-refresh is already running
3. The reload cycle continues for normal operation

This completes the intended behavior: auto-refresh is disabled when guests are denied access and resumes when access is restored.