Skip to content

feat: granular permissions for Google Drive integration#921

Draft
jeremyeder wants to merge 2 commits intomainfrom
feat/granular-drive-permissions-918
Draft

feat: granular permissions for Google Drive integration#921
jeremyeder wants to merge 2 commits intomainfrom
feat/granular-drive-permissions-918

Conversation

@jeremyeder
Copy link
Contributor

@jeremyeder jeremyeder commented Mar 14, 2026

Summary

Implements file-level (drive.file) permissions for Google Drive integration (#918), replacing the default full-drive access scope. Users select specific files via the Google Picker instead of granting access to all Drive files.

  • Backend: OAuth scope defaults to drive.file, new handlers for integration lifecycle and file grant CRUD, K8s ConfigMap/Secret storage, Unleash feature flag gating
  • Frontend: Google Picker component, file selection summary, setup/settings pages, drive API client with React Query hooks
  • Specs: Full speckit artifacts (spec, plan, tasks, research, data-model, API contract, checklists)
  • Tests: 80 tests (40 backend + 40 frontend), all passing

Key changes

  • components/backend/models/drive.go — DriveIntegration and FileGrant models with state machines
  • components/backend/handlers/drive_*.go — integration, file grants, storage, routes
  • components/backend/handlers/oauth.go — scope constants and GetGoogleDriveScopes() helper
  • components/frontend/src/services/drive-api.ts — API client with React Query hooks
  • components/frontend/src/components/google-picker/ — Picker and file summary components
  • components/frontend/src/pages/integrations/google-drive/ — setup and settings pages
  • specs/001-granular-drive-permissions/ — speckit artifacts

Test plan

  • Backend model tests: state transitions, validation, field mapping (10 tests)
  • Backend storage tests: ConfigMap/Secret CRUD round-trips with fake k8s (14 tests)
  • Backend handler tests: HTTP handler responses, error cases (16 tests)
  • Frontend API tests: fetch calls, error handling, query keys (15 tests)
  • Frontend component tests: rendering, icons, badges, formatting (20 tests)
  • Frontend loader tests: script loading, caching (5 tests)
  • All pre-commit hooks pass (gofmt, go vet, golangci-lint, eslint)

Closes #918

🤖 Generated with Claude Code

@jeremyeder @claude
feat(backend,frontend): add granular Google Drive permissions (#918)
a6d64e8 
Add file-level (drive.file) permissions for Google Drive integration,
replacing the default full-drive access scope. Users select specific
files via the Google Picker instead of granting access to all Drive files.

Backend:
- Add DriveIntegration and FileGrant models with state machines
- Add K8s ConfigMap/Secret-backed storage for integrations and tokens
- Add OAuth scope constants and GetGoogleDriveScopes() helper
- Add drive integration handlers (setup, callback, picker-token, get, disconnect)
- Add file grant handlers (list, update with add/remove counting)
- Add route registration with Unleash feature flag gating
- Fix nil-pointer dereference in GetIntegration not-found path

Frontend:
- Add drive-api.ts service with React Query hooks for all endpoints
- Add GooglePicker component wrapping Google Picker API
- Add FileSelectionSummary component with mime-type icons
- Add google-picker-loader for async script loading
- Add alert-dialog Shadcn UI component
- Add setup and settings pages for Drive integration

Specs:
- Add speckit artifacts (spec, plan, tasks, research, data-model,
  contracts, checklists, quickstart)

Tests (80 total):
- Backend: 40 tests (models, storage, integration, file grants)
- Frontend: 35 tests (API client, components, loader) + 5 loader tests

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@coderabbitai
Copy link

coderabbitai bot commented Mar 14, 2026
edited
Loading

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 49c14f0d-454a-4614-9a9a-976782421fe1

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch feat/granular-drive-permissions-918
📝 Coding Plan
  • Generate coding plan for human review comments

Comment @coderabbitai help to get the list of available commands and usage tips.

Tip

You can validate your CodeRabbit configuration file in your editor.

If your editor has YAML language server, you can enable auto-completion and validation by adding # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json at the top of your CodeRabbit configuration file.

@jeremyeder @claude
feat(backend): wire drive integration routes into main router
a460cd0 
Register DriveIntegrationHandler and DriveFileGrantsHandler in the
backend's route setup via InitDriveIntegration(). Constructs handlers
from GOOGLE_OAUTH_CLIENT_ID/SECRET env vars, creates DriveStorage
backed by the backend's K8s client, and registers routes under
/api/projects/:projectName/integrations/google-drive/.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Feature: granular permissions for google drive integration

1 participant

@jeremyeder