Include unlisted communities only for superusers

[Roffenlund]

Update the CommunityListAPIView to include unlisted communities only for superusers if the include_unlisted query parameter is "true". Fallback to not include unlisted communities in all other cases.

Refs. TS-2740

[coderabbitai]

Walkthrough

The changes update the community listing API to properly gate access to unlisted communities. The view now extracts the include_unlisted query parameter and only returns all communities when the user is both authenticated and a superuser; otherwise it returns only listed communities. The test suite is expanded with parametrized tests covering superuser authentication scenarios, unauthenticated access, and the base case with no query parameters, with a new UserType import added for type annotation.

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The title "Include unlisted communities only for superusers" directly and concisely summarizes the main change in this pull request. It clearly communicates the core functionality being implemented—restricting unlisted community visibility to superusers based on the include_unlisted query parameter. The phrasing is specific and avoids vague or generic language.
Description Check	✅ Passed	The description is directly related to the changeset and provides meaningful context about the intended behavior. It clearly explains that unlisted communities should only be included for superusers when the include_unlisted query parameter is true, with a fallback to excluding unlisted communities otherwise. The reference to TS-2740 provides additional context tracking.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch community-list-unlisted-permissions

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5f7c539 and 2b94368.

📒 Files selected for processing (2)

• django/thunderstore/api/cyberstorm/tests/test_community_list.py (2 hunks)
• django/thunderstore/api/cyberstorm/views/community_list.py (1 hunks)

🧰 Additional context used

🧬 Code graph analysis (2)

django/thunderstore/api/cyberstorm/views/community_list.py (1)

django/thunderstore/community/models/community.py (2)

• Community (42-321)
• listed (34-35)

django/thunderstore/api/cyberstorm/tests/test_community_list.py (3)

django/thunderstore/core/types.py (1)

• UserType (13-16)

django/conftest.py (2)

• api_client (442-443)
• user (116-121)

django/thunderstore/community/factories.py (1)

• CommunityFactory (18-23)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: Build docker image
• GitHub Check: Analyze (javascript)
• GitHub Check: Analyze (python)
• GitHub Check: Build docker image

🔇 Additional comments (5)

django/thunderstore/api/cyberstorm/views/community_list.py (1)

38-47: LGTM! Secure implementation of access control.

The logic correctly gates access to unlisted communities behind three conditions: authentication, superuser status, and the include_unlisted query parameter. The fallback to listed() ensures unlisted communities remain hidden for all other cases.

django/thunderstore/api/cyberstorm/tests/test_community_list.py (4)

13-13: Good addition of type hint.

Importing UserType improves type safety for the test function signatures.

---

207-237: Excellent test coverage of permission scenarios.

The parametrized test comprehensively covers all four combinations of is_superuser and include_unlisted, verifying both the count and presence of unlisted communities. The assertions correctly validate that unlisted communities only appear when both conditions are met.

---

239-254: Good coverage of unauthenticated access.

Testing both True and False values of include_unlisted for unauthenticated users ensures the query parameter is properly ignored when authentication is missing.

---

256-264: Solid baseline test.

This test verifies the default behavior when no query parameters are provided, ensuring unlisted communities remain hidden without explicit opt-in.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 92.81%. Comparing base (5f7c539) to head (2b94368).
⚠️ Report is 173 commits behind head on master.

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #1193   +/-   ##
=======================================
  Coverage   92.81%   92.81%           
=======================================
  Files         337      337           
  Lines       10355    10357    +2     
  Branches      937      937           
=======================================
+ Hits         9611     9613    +2     
  Misses        617      617           
  Partials      127      127           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.