Skip to content

Fix/group pomodoro creator controls#1006

Closed
Tamcodes4 wants to merge 2 commits into
durdana3105:mainfrom
Tamcodes4:fix/group-pomodoro-creator-controls
Closed

Fix/group pomodoro creator controls#1006
Tamcodes4 wants to merge 2 commits into
durdana3105:mainfrom
Tamcodes4:fix/group-pomodoro-creator-controls

Conversation

@Tamcodes4

@Tamcodes4 Tamcodes4 commented Jun 16, 2026
edited by coderabbitai Bot
Loading

Copy link
Copy Markdown
Contributor

Closes #934

Summary

Fixes an issue where any participant in a study room could start, stop, or reset the shared Group Pomodoro timer.

Changes

  • Added creatorId prop to GroupPomodoro
  • Restrict timer controls to the room creator
  • Prevent non-creators from triggering timer transitions when sessions complete
  • Clamp work and break durations before database writes
  • Reuse existing room.created_by value from Room.tsx instead of performing another query

Security

The existing study_rooms RLS policies continue to enforce creator-only updates at the database level.

Summary by CodeRabbit

  • New Features

    • Room creators now have exclusive control over timer settings and duration adjustments.

  • Improvements

    • Enhanced markdown rendering with better support for GitHub-flavored markdown and improved content security.

@vercel

vercel Bot commented Jun 16, 2026

Copy link
Copy Markdown

@Tamcodes4 is attempting to deploy a commit to the durdana3105's projects Team on Vercel.

A member of the Team first needs to authorize it.

@coderabbitai

coderabbitai Bot commented Jun 16, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Review Change Stack

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 6f3631d9-25d1-4cfb-b778-6d1a0ae406a9

📥 Commits

Reviewing files that changed from the base of the PR and between 7200d81 and b4e6383.

📒 Files selected for processing (4)
  • package.json
  • src/components/GroupPomodoro.tsx
  • src/components/MarkdownRenderer.tsx
  • src/components/Room.tsx
📝 Walkthrough

Walkthrough

GroupPomodoro gains a creatorId prop and uses useAuth() to derive isCreator, gating timer controls and duration inputs to the room creator. A clampDurations() helper and setGroupTimer refactor enforce duration bounds before Supabase writes. MarkdownRenderer replaces DOMPurify/useMemo with remark-gfm and rehype-sanitize plugins. Room.tsx passes room.created_by to GroupPomodoro.

Changes

GroupPomodoro Creator Authorization and Duration Clamping

Layer / File(s) Summary
creatorId prop and isCreator setup
src/components/GroupPomodoro.tsx, src/components/Room.tsx		 GroupPomodoroProps gains creatorId: string; component imports useAuth and computes isCreator = user.id === creatorId; Room.tsx passes room.created_by to satisfy the new prop.
clampDurations, setGroupTimer refactor, and handleTimerComplete
src/components/GroupPomodoro.tsx		 Adds WORK_MIN/WORK_MAX/BREAK_MIN/BREAK_MAX constants and clampDurations() helper; setGroupTimer now accepts only the next state and persists clamped durations plus computed timer_end_time; handleTimerComplete is gated on isCreator and advances work → break → idle; countdown effect cleanup and dependency array are tightened.
Creator-gated UI and conditional rendering
src/components/GroupPomodoro.tsx		 Timer header icon and title render conditionally per work/break/idle state; start/stop buttons and duration inputs are wrapped in isCreator guards; duration inputs appear only during idle state and are wired to clamped update calls.

MarkdownRenderer Sanitization Refactor

Layer / File(s) Summary
Plugin-based sanitization
package.json, src/components/MarkdownRenderer.tsx		 Adds rehype-sanitize and remark-gfm to dependencies; MarkdownRenderer removes DOMPurify/useMemo and passes module-level remarkPlugins/rehypePlugins arrays directly to ReactMarkdown.

Sequence Diagram(s)

sequenceDiagram
  participant Room
  participant GroupPomodoro
  participant useAuth
  participant Supabase

  Room->>GroupPomodoro: roomId, creatorId={room.created_by}
  GroupPomodoro->>useAuth: get current user
  useAuth-->>GroupPomodoro: user.id
  GroupPomodoro->>GroupPomodoro: isCreator = user.id === creatorId

  alt isCreator
    GroupPomodoro->>GroupPomodoro: clampDurations(workDuration, breakDuration)
    GroupPomodoro->>Supabase: update timer_state, timer_end_time, clamped durations
    Supabase-->>GroupPomodoro: broadcast UPDATE to all participants
  else not creator
    GroupPomodoro->>GroupPomodoro: render read-only timer view
  end
Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

  • durdana3105/peer-learning#958: Modifies GroupPomodoro.tsx's countdown useEffect and handleTimerComplete interval behavior, directly overlapping with the effect cleanup and dependency array changes in this PR.

Suggested labels

type:bug, quality:clean

🐇 A timer once ran wild and free,
Any paw could set it — oh dear me!
Now only the creator holds the key,
Clamped durations, safe as can be.
rehype-sanitize joined the crew,
Markdown rendered fresh and new! 🥕

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands and usage tips.

@Tamcodes4 Tamcodes4 closed this Jun 16, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Security / Bug: GroupPomodoro Timer Has No Authorization, Any Participant Can Disrupt the Shared Session

1 participant

@Tamcodes4