fix: loading of images

fix: handling file being uploaded at 2 places
fix: image block uploading with preview images
2025-08-07 19:59:33 +00:00 · 2024-09-23 19:01:15 +05:30 · 2024-09-23 18:58:26 +05:30 · 2024-09-23 18:46:14 +05:30 · 2024-09-19 14:22:38 +05:30 · 2024-09-18 20:55:48 +05:30
1145 changed files with 31025 additions and 22911 deletions
--- a/.env.example
+++ b/.env.example
@@ -8,6 +8,13 @@ PGDATA="/var/lib/postgresql/data"
 REDIS_HOST="plane-redis"
 REDIS_PORT="6379"

+# RabbitMQ Settings
+RABBITMQ_HOST="plane-mq"
+RABBITMQ_PORT="5672"
+RABBITMQ_USER="plane"
+RABBITMQ_PASSWORD="plane"
+RABBITMQ_VHOST="plane"
+
 # AWS Settings
 AWS_REGION=""
 AWS_ACCESS_KEY_ID="access-key"
--- a/.gitattributes
+++ b/.gitattributes
@@ -0,0 +1 @@
+*.sh text eol=lf
--- a/.github/workflows/build-branch.yml
+++ b/.github/workflows/build-branch.yml
@@ -2,6 +2,12 @@ name: Branch Build

 on:
  workflow_dispatch:
+    inputs:
+      arm64:
+        description: "Build for ARM64 architecture"
+        required: false
+        default: false
+        type: boolean
  push:
    branches:
      - master
@@ -11,6 +17,8 @@ on:

 env:
  TARGET_BRANCH: ${{ github.ref_name || github.event.release.target_commitish }}
+  ARM64_BUILD: ${{ github.event.inputs.arm64 }}
+  IS_PRERELEASE: ${{ github.event.release.prerelease }}

 jobs:
  branch_build_setup:
@@ -27,12 +35,14 @@ jobs:
      build_admin: ${{ steps.changed_files.outputs.admin_any_changed }}
      build_space: ${{ steps.changed_files.outputs.space_any_changed }}
      build_web: ${{ steps.changed_files.outputs.web_any_changed }}
+      build_live: ${{ steps.changed_files.outputs.live_any_changed }}
+      flat_branch_name: ${{ steps.set_env_variables.outputs.FLAT_BRANCH_NAME }}

    steps:
      - id: set_env_variables
        name: Set Environment Variables
        run: |
-          if [ "${{ env.TARGET_BRANCH }}" == "master" ] || [ "${{ github.event_name }}" == "release" ]; then
+          if [ "${{ env.TARGET_BRANCH }}" == "master" ] || [ "${{ env.ARM64_BUILD }}" == "true" ] || ([ "${{ github.event_name }}" == "release" ] && [ "${{ env.IS_PRERELEASE }}" != "true" ]); then
            echo "BUILDX_DRIVER=cloud" >> $GITHUB_OUTPUT
            echo "BUILDX_VERSION=lab:latest" >> $GITHUB_OUTPUT
            echo "BUILDX_PLATFORMS=linux/amd64,linux/arm64" >> $GITHUB_OUTPUT
@@ -44,6 +54,8 @@ jobs:
            echo "BUILDX_ENDPOINT=" >> $GITHUB_OUTPUT
          fi
          echo "TARGET_BRANCH=${{ env.TARGET_BRANCH }}" >> $GITHUB_OUTPUT
+          flat_branch_name=$(echo ${{ env.TARGET_BRANCH }} | sed 's/[^a-zA-Z0-9\._]/-/g')
+          echo "FLAT_BRANCH_NAME=${flat_branch_name}" >> $GITHUB_OUTPUT

      - id: checkout_files
        name: Checkout Files
@@ -79,13 +91,21 @@ jobs:
              - 'yarn.lock'
              - 'tsconfig.json'
              - 'turbo.json'
+            live:
+              - live/**
+              - packages/**
+              - 'package.json'
+              - 'yarn.lock'
+              - 'tsconfig.json'
+              - 'turbo.json'

  branch_build_push_web:
    if: ${{ needs.branch_build_setup.outputs.build_web == 'true' || github.event_name == 'workflow_dispatch' || github.event_name == 'release' || needs.branch_build_setup.outputs.gh_branch_name == 'master' }}
+    name: Build-Push Web Docker Image
    runs-on: ubuntu-20.04
    needs: [branch_build_setup]
    env:
-      FRONTEND_TAG: makeplane/plane-frontend:${{ needs.branch_build_setup.outputs.gh_branch_name }}
+      FRONTEND_TAG: makeplane/plane-frontend:${{ needs.branch_build_setup.outputs.flat_branch_name }}
      TARGET_BRANCH: ${{ needs.branch_build_setup.outputs.gh_branch_name }}
      BUILDX_DRIVER: ${{ needs.branch_build_setup.outputs.gh_buildx_driver }}
      BUILDX_VERSION: ${{ needs.branch_build_setup.outputs.gh_buildx_version }}
@@ -95,7 +115,10 @@ jobs:
      - name: Set Frontend Docker Tag
        run: |
          if [ "${{ github.event_name }}" == "release" ]; then
-            TAG=makeplane/plane-frontend:stable,makeplane/plane-frontend:${{ github.event.release.tag_name }}
+            TAG=makeplane/plane-frontend:${{ github.event.release.tag_name }}
+            if [ "${{ env.IS_PRERELEASE }}" != "true" ]; then
+              TAG=${TAG},makeplane/plane-frontend:stable
+            fi
          elif [ "${{ env.TARGET_BRANCH }}" == "master" ]; then
            TAG=makeplane/plane-frontend:latest
          else
@@ -134,10 +157,11 @@ jobs:

  branch_build_push_admin:
    if: ${{ needs.branch_build_setup.outputs.build_admin== 'true' || github.event_name == 'workflow_dispatch' || github.event_name == 'release' || needs.branch_build_setup.outputs.gh_branch_name == 'master' }}
+    name: Build-Push Admin Docker Image
    runs-on: ubuntu-20.04
    needs: [branch_build_setup]
    env:
-      ADMIN_TAG: makeplane/plane-admin:${{ needs.branch_build_setup.outputs.gh_branch_name }}
+      ADMIN_TAG: makeplane/plane-admin:${{ needs.branch_build_setup.outputs.flat_branch_name }}
      TARGET_BRANCH: ${{ needs.branch_build_setup.outputs.gh_branch_name }}
      BUILDX_DRIVER: ${{ needs.branch_build_setup.outputs.gh_buildx_driver }}
      BUILDX_VERSION: ${{ needs.branch_build_setup.outputs.gh_buildx_version }}
@@ -147,7 +171,10 @@ jobs:
      - name: Set Admin Docker Tag
        run: |
          if [ "${{ github.event_name }}" == "release" ]; then
-            TAG=makeplane/plane-admin:stable,makeplane/plane-admin:${{ github.event.release.tag_name }}
+            TAG=makeplane/plane-admin:${{ github.event.release.tag_name }}
+            if [ "${{ env.IS_PRERELEASE }}" != "true" ]; then
+              TAG=${TAG},makeplane/plane-admin:stable
+            fi
          elif [ "${{ env.TARGET_BRANCH }}" == "master" ]; then
            TAG=makeplane/plane-admin:latest
          else
@@ -186,10 +213,11 @@ jobs:

  branch_build_push_space:
    if: ${{ needs.branch_build_setup.outputs.build_space == 'true' || github.event_name == 'workflow_dispatch' || github.event_name == 'release' || needs.branch_build_setup.outputs.gh_branch_name == 'master' }}
+    name: Build-Push Space Docker Image
    runs-on: ubuntu-20.04
    needs: [branch_build_setup]
    env:
-      SPACE_TAG: makeplane/plane-space:${{ needs.branch_build_setup.outputs.gh_branch_name }}
+      SPACE_TAG: makeplane/plane-space:${{ needs.branch_build_setup.outputs.flat_branch_name }}
      TARGET_BRANCH: ${{ needs.branch_build_setup.outputs.gh_branch_name }}
      BUILDX_DRIVER: ${{ needs.branch_build_setup.outputs.gh_buildx_driver }}
      BUILDX_VERSION: ${{ needs.branch_build_setup.outputs.gh_buildx_version }}
@@ -199,7 +227,10 @@ jobs:
      - name: Set Space Docker Tag
        run: |
          if [ "${{ github.event_name }}" == "release" ]; then
-            TAG=makeplane/plane-space:stable,makeplane/plane-space:${{ github.event.release.tag_name }}
+            TAG=makeplane/plane-space:${{ github.event.release.tag_name }}
+            if [ "${{ env.IS_PRERELEASE }}" != "true" ]; then
+              TAG=${TAG},makeplane/plane-space:stable
+            fi
          elif [ "${{ env.TARGET_BRANCH }}" == "master" ]; then
            TAG=makeplane/plane-space:latest
          else
@@ -238,10 +269,11 @@ jobs:

  branch_build_push_apiserver:
    if: ${{ needs.branch_build_setup.outputs.build_apiserver == 'true' || github.event_name == 'workflow_dispatch' || github.event_name == 'release' || needs.branch_build_setup.outputs.gh_branch_name == 'master' }}
+    name: Build-Push API Server Docker Image
    runs-on: ubuntu-20.04
    needs: [branch_build_setup]
    env:
-      BACKEND_TAG: makeplane/plane-backend:${{ needs.branch_build_setup.outputs.gh_branch_name }}
+      BACKEND_TAG: makeplane/plane-backend:${{ needs.branch_build_setup.outputs.flat_branch_name }}
      TARGET_BRANCH: ${{ needs.branch_build_setup.outputs.gh_branch_name }}
      BUILDX_DRIVER: ${{ needs.branch_build_setup.outputs.gh_buildx_driver }}
      BUILDX_VERSION: ${{ needs.branch_build_setup.outputs.gh_buildx_version }}
@@ -251,7 +283,10 @@ jobs:
      - name: Set Backend Docker Tag
        run: |
          if [ "${{ github.event_name }}" == "release" ]; then
-            TAG=makeplane/plane-backend:stable,makeplane/plane-backend:${{ github.event.release.tag_name }}
+            TAG=makeplane/plane-backend:${{ github.event.release.tag_name }}
+            if [ "${{ env.IS_PRERELEASE }}" != "true" ]; then
+              TAG=${TAG},makeplane/plane-backend:stable
+            fi
          elif [ "${{ env.TARGET_BRANCH }}" == "master" ]; then
            TAG=makeplane/plane-backend:latest
          else
@@ -288,12 +323,69 @@ jobs:
          DOCKER_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
          DOCKER_PASSWORD: ${{ secrets.DOCKERHUB_TOKEN }}

-  branch_build_push_proxy:
-    if: ${{ needs.branch_build_setup.outputs.build_proxy == 'true' || github.event_name == 'workflow_dispatch' || github.event_name == 'release' || needs.branch_build_setup.outputs.gh_branch_name == 'master' }}
+  branch_build_push_live:
+    if: ${{ needs.branch_build_setup.outputs.build_live == 'true' || github.event_name == 'workflow_dispatch' || github.event_name == 'release' || needs.branch_build_setup.outputs.gh_branch_name == 'master' }}
+    name: Build-Push Live Collaboration Docker Image
    runs-on: ubuntu-20.04
    needs: [branch_build_setup]
    env:
-      PROXY_TAG: makeplane/plane-proxy:${{ needs.branch_build_setup.outputs.gh_branch_name }}
+      LIVE_TAG: makeplane/plane-live:${{ needs.branch_build_setup.outputs.flat_branch_name }}
+      TARGET_BRANCH: ${{ needs.branch_build_setup.outputs.gh_branch_name }}
+      BUILDX_DRIVER: ${{ needs.branch_build_setup.outputs.gh_buildx_driver }}
+      BUILDX_VERSION: ${{ needs.branch_build_setup.outputs.gh_buildx_version }}
+      BUILDX_PLATFORMS: ${{ needs.branch_build_setup.outputs.gh_buildx_platforms }}
+      BUILDX_ENDPOINT: ${{ needs.branch_build_setup.outputs.gh_buildx_endpoint }}
+    steps:
+      - name: Set Live Docker Tag
+        run: |
+          if [ "${{ github.event_name }}" == "release" ]; then
+            TAG=makeplane/plane-live:${{ github.event.release.tag_name }}
+            if [ "${{ github.event.release.prerelease }}" != "true" ]; then
+              TAG=${TAG},makeplane/plane-live:stable
+            fi
+          elif [ "${{ env.TARGET_BRANCH }}" == "master" ]; then
+            TAG=makeplane/plane-live:latest
+          else
+            TAG=${{ env.LIVE_TAG }}
+          fi
+          echo "LIVE_TAG=${TAG}" >> $GITHUB_ENV
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          driver: ${{ env.BUILDX_DRIVER }}
+          version: ${{ env.BUILDX_VERSION }}
+          endpoint: ${{ env.BUILDX_ENDPOINT }}
+
+      - name: Check out the repo
+        uses: actions/checkout@v4
+
+      - name: Build and Push Live Server to Docker Hub
+        uses: docker/build-push-action@v5.1.0
+        with:
+          context: .
+          file: ./live/Dockerfile.live
+          platforms: ${{ env.BUILDX_PLATFORMS }}
+          tags: ${{ env.LIVE_TAG }}
+          push: true
+        env:
+          DOCKER_BUILDKIT: 1
+          DOCKER_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
+          DOCKER_PASSWORD: ${{ secrets.DOCKERHUB_TOKEN }}
+
+  branch_build_push_proxy:
+    if: ${{ needs.branch_build_setup.outputs.build_proxy == 'true' || github.event_name == 'workflow_dispatch' || github.event_name == 'release' || needs.branch_build_setup.outputs.gh_branch_name == 'master' }}
+    name: Build-Push Proxy Docker Image
+    runs-on: ubuntu-20.04
+    needs: [branch_build_setup]
+    env:
+      PROXY_TAG: makeplane/plane-proxy:${{ needs.branch_build_setup.outputs.flat_branch_name }}
      TARGET_BRANCH: ${{ needs.branch_build_setup.outputs.gh_branch_name }}
      BUILDX_DRIVER: ${{ needs.branch_build_setup.outputs.gh_buildx_driver }}
      BUILDX_VERSION: ${{ needs.branch_build_setup.outputs.gh_buildx_version }}
@@ -303,7 +395,10 @@ jobs:
      - name: Set Proxy Docker Tag
        run: |
          if [ "${{ github.event_name }}" == "release" ]; then
-            TAG=makeplane/plane-proxy:stable,makeplane/plane-proxy:${{ github.event.release.tag_name }}
+            TAG=makeplane/plane-proxy:${{ github.event.release.tag_name }}
+            if [ "${{ env.IS_PRERELEASE }}" != "true" ]; then
+              TAG=${TAG},makeplane/plane-proxy:stable
+            fi
          elif [ "${{ env.TARGET_BRANCH }}" == "master" ]; then
            TAG=makeplane/plane-proxy:latest
          else
--- a/.github/workflows/create-sync-pr.yml
+++ b/.github/workflows/create-sync-pr.yml
@@ -8,7 +8,6 @@ on:

 env:
  CURRENT_BRANCH: ${{ github.ref_name }}
-  SOURCE_BRANCH: ${{ vars.SYNC_SOURCE_BRANCH_NAME }} # The sync branch such as "sync/ce"
  TARGET_BRANCH: ${{ vars.SYNC_TARGET_BRANCH_NAME }} # The target branch that you would like to merge changes like develop
  GITHUB_TOKEN: ${{ secrets.ACCESS_TOKEN }} # Personal access token required to modify contents and workflows
  REVIEWER: ${{ vars.SYNC_PR_REVIEWER }}
@@ -16,22 +15,7 @@ env:
  ACCOUNT_USER_EMAIL: ${{ vars.ACCOUNT_USER_EMAIL }}

 jobs:
-  Check_Branch:
-    runs-on: ubuntu-latest
-    outputs:
-      BRANCH_MATCH: ${{ steps.check-branch.outputs.MATCH }}
-    steps:
-      - name: Check if current branch matches the secret
-        id: check-branch
-        run: |
-          if [ "$CURRENT_BRANCH" = "$SOURCE_BRANCH" ]; then
-            echo "MATCH=true" >> $GITHUB_OUTPUT
-          else
-            echo "MATCH=false" >> $GITHUB_OUTPUT
-          fi
  Create_PR:
-    if: ${{ needs.Check_Branch.outputs.BRANCH_MATCH == 'true' }}
-    needs: [Check_Branch]
    runs-on: ubuntu-latest
    permissions:
      pull-requests: write
@@ -59,11 +43,11 @@ jobs:
      - name: Create PR to Target Branch
        run: |
          # get all pull requests and check if there is already a PR
-          PR_EXISTS=$(gh pr list --base $TARGET_BRANCH --head $SOURCE_BRANCH --state open --json number | jq '.[] | .number')
+          PR_EXISTS=$(gh pr list --base $TARGET_BRANCH --head $CURRENT_BRANCH --state open --json number | jq '.[] | .number')
          if [ -n "$PR_EXISTS" ]; then
            echo "Pull Request already exists: $PR_EXISTS"
          else
            echo "Creating new pull request"
-            PR_URL=$(gh pr create --base $TARGET_BRANCH --head $SOURCE_BRANCH --title "sync: community changes" --body "")
+            PR_URL=$(gh pr create --base $TARGET_BRANCH --head $CURRENT_BRANCH --title "sync: community changes" --body "")
            echo "Pull Request created: $PR_URL"
          fi
--- a/.github/workflows/repo-sync.yml
+++ b/.github/workflows/repo-sync.yml
@@ -35,8 +35,9 @@ jobs:
        env:
          GH_TOKEN: ${{ secrets.ACCESS_TOKEN }}
        run: |
+          RUN_ID="${{ github.run_id }}"
          TARGET_REPO="${{ vars.SYNC_TARGET_REPO }}"
-          TARGET_BRANCH="${{ vars.SYNC_TARGET_BRANCH_NAME }}"
+          TARGET_BRANCH="sync/${RUN_ID}"
          SOURCE_BRANCH="${{ env.SOURCE_BRANCH_NAME }}"

          git checkout $SOURCE_BRANCH
--- a/.idx/dev.nix
+++ b/.idx/dev.nix
@@ -0,0 +1,16 @@
+{ pkgs, ... }: {
+
+  # Which nixpkgs channel to use.
+  channel = "stable-23.11"; # or "unstable"
+
+  # Use https://search.nixos.org/packages to find packages
+  packages = [
+    pkgs.nodejs_20
+    pkgs.python3
+  ];
+
+  services.docker.enable = true;
+  services.postgres.enable = true;
+  services.redis.enable = true;
+
+}
--- a/admin/app/general/form.tsx
+++ b/admin/app/general/form.tsx
@@ -9,8 +9,9 @@ import { IInstance, IInstanceAdmin } from "@plane/types";
 import { Button, Input, TOAST_TYPE, ToggleSwitch, setToast } from "@plane/ui";
 // components
 import { ControllerInput } from "@/components/common";
-// hooks
 import { useInstance } from "@/hooks/store";
+import { IntercomConfig } from "./intercom";
+// hooks

 export interface IGeneralConfigurationForm {
  instance: IInstance;
@@ -20,11 +21,13 @@ export interface IGeneralConfigurationForm {
 export const GeneralConfigurationForm: FC<IGeneralConfigurationForm> = observer((props) => {
  const { instance, instanceAdmins } = props;
  // hooks
-  const { updateInstanceInfo } = useInstance();
+  const { instanceConfigurations, updateInstanceInfo, updateInstanceConfigurations } = useInstance();
+
  // form data
  const {
    handleSubmit,
    control,
+    watch,
    formState: { errors, isSubmitting },
  } = useForm<Partial<IInstance>>({
    defaultValues: {
@@ -36,7 +39,16 @@ export const GeneralConfigurationForm: FC<IGeneralConfigurationForm> = observer(
  const onSubmit = async (formData: Partial<IInstance>) => {
    const payload: Partial<IInstance> = { ...formData };

-    console.log("payload", payload);
+    // update the intercom configuration
+    const isIntercomEnabled =
+      instanceConfigurations?.find((config) => config.key === "IS_INTERCOM_ENABLED")?.value === "1";
+    if (!payload.is_telemetry_enabled && isIntercomEnabled) {
+      try {
+        await updateInstanceConfigurations({ IS_INTERCOM_ENABLED: "0" });
+      } catch (error) {
+        console.error(error);
+      }
+    }

    await updateInstanceInfo(payload)
      .then(() =>
@@ -74,6 +86,7 @@ export const GeneralConfigurationForm: FC<IGeneralConfigurationForm> = observer(
              value={instanceAdmins[0]?.user_detail?.email ?? ""}
              placeholder="Admin email"
              className="w-full cursor-not-allowed !text-custom-text-400"
+              autoComplete="on"
              disabled
            />
          </div>
@@ -93,7 +106,8 @@ export const GeneralConfigurationForm: FC<IGeneralConfigurationForm> = observer(
      </div>

      <div className="space-y-3">
-        <div className="text-lg font-medium">Telemetry</div>
+        <div className="text-lg font-medium">Chat + telemetry</div>
+        <IntercomConfig isTelemetryEnabled={watch("is_telemetry_enabled") ?? false} />
        <div className="flex items-center gap-14 px-4 py-3 border border-custom-border-200 rounded">
          <div className="grow flex items-center gap-4">
            <div className="shrink-0">
--- a/admin/app/general/intercom.tsx
+++ b/admin/app/general/intercom.tsx
@@ -0,0 +1,82 @@
+"use client";
+
+import { FC, useState } from "react";
+import { observer } from "mobx-react";
+import useSWR from "swr";
+import { MessageSquare } from "lucide-react";
+import { IFormattedInstanceConfiguration } from "@plane/types";
+import { ToggleSwitch } from "@plane/ui";
+// hooks
+import { useInstance } from "@/hooks/store";
+
+type TIntercomConfig = {
+  isTelemetryEnabled: boolean;
+};
+
+export const IntercomConfig: FC<TIntercomConfig> = observer((props) => {
+  const { isTelemetryEnabled } = props;
+  // hooks
+  const { instanceConfigurations, updateInstanceConfigurations, fetchInstanceConfigurations } = useInstance();
+  // states
+  const [isSubmitting, setIsSubmitting] = useState<boolean>(false);
+
+  // derived values
+  const isIntercomEnabled = isTelemetryEnabled
+    ? instanceConfigurations
+      ? instanceConfigurations?.find((config) => config.key === "IS_INTERCOM_ENABLED")?.value === "1"
+        ? true
+        : false
+      : undefined
+    : false;
+
+  const { isLoading } = useSWR(isTelemetryEnabled ? "INSTANCE_CONFIGURATIONS" : null, () =>
+    isTelemetryEnabled ? fetchInstanceConfigurations() : null
+  );
+
+  const initialLoader = isLoading && isIntercomEnabled === undefined;
+
+  const submitInstanceConfigurations = async (payload: Partial<IFormattedInstanceConfiguration>) => {
+    try {
+      await updateInstanceConfigurations(payload);
+    } catch (error) {
+      console.error(error);
+    } finally {
+      setIsSubmitting(false);
+    }
+  };
+
+  const enableIntercomConfig = () => {
+    submitInstanceConfigurations({ IS_INTERCOM_ENABLED: isIntercomEnabled ? "0" : "1" });
+  };
+
+  return (
+    <>
+      <div className="flex items-center gap-14 px-4 py-3 border border-custom-border-200 rounded">
+        <div className="grow flex items-center gap-4">
+          <div className="shrink-0">
+            <div className="flex items-center justify-center w-10 h-10 bg-custom-background-80 rounded-full">
+              <MessageSquare className="w-6 h-6 text-custom-text-300/80 p-0.5" />
+            </div>
+          </div>
+
+          <div className="grow">
+            <div className="text-sm font-medium text-custom-text-100 leading-5">Talk to Plane</div>
+            <div className="text-xs font-normal text-custom-text-300 leading-5">
+              Let your members chat with us via Intercom or another service. Toggling Telemetry off turns this off
+              automatically.
+            </div>
+          </div>
+
+          <div className="ml-auto">
+            <ToggleSwitch
+              value={isIntercomEnabled ? true : false}
+              onChange={enableIntercomConfig}
+              size="sm"
+              disabled={!isTelemetryEnabled || isSubmitting || initialLoader}
+            />
+          </div>
+        </div>
+      </div>
+    </>
+  );
+});
--- a/admin/app/general/page.tsx
+++ b/admin/app/general/page.tsx
@@ -7,7 +7,7 @@ import { GeneralConfigurationForm } from "./form";

 function GeneralPage() {
  const { instance, instanceAdmins } = useInstance();
-  console.log("instance", instance);
+
  return (
    <>
      <div className="relative container mx-auto w-full h-full p-4 py-4 space-y-6 flex flex-col">
--- a/admin/ce/components/authentication/authentication-modes.tsx
+++ b/admin/ce/components/authentication/authentication-modes.tsx
@@ -10,8 +10,9 @@ import {
 // components
 import { AuthenticationMethodCard } from "@/components/authentication";
 // helpers
-import { UpgradeButton } from "@/components/common/upgrade-button";
 import { getBaseAuthenticationModes } from "@/helpers/authentication.helper";
+// plane admin components
+import { UpgradeButton } from "@/plane-admin/components/common";
 // images
 import OIDCLogo from "@/public/logos/oidc-logo.svg";
 import SAMLLogo from "@/public/logos/saml-logo.svg";
@@ -27,24 +28,24 @@ export const getAuthenticationModes: (props: TGetBaseAuthenticationModeProps) =>
  updateConfig,
  resolvedTheme,
 }) => [
-    ...getBaseAuthenticationModes({ disabled, updateConfig, resolvedTheme }),
-    {
-      key: "oidc",
-      name: "OIDC",
-      description: "Authenticate your users via the OpenID Connect protocol.",
-      icon: <Image src={OIDCLogo} height={22} width={22} alt="OIDC Logo" />,
-      config: <UpgradeButton />,
-      unavailable: true,
-    },
-    {
-      key: "saml",
-      name: "SAML",
-      description: "Authenticate your users via the Security Assertion Markup Language protocol.",
-      icon: <Image src={SAMLLogo} height={22} width={22} alt="SAML Logo" className="pl-0.5" />,
-      config: <UpgradeButton />,
-      unavailable: true,
-    },
-  ];
+  ...getBaseAuthenticationModes({ disabled, updateConfig, resolvedTheme }),
+  {
+    key: "oidc",
+    name: "OIDC",
+    description: "Authenticate your users via the OpenID Connect protocol.",
+    icon: <Image src={OIDCLogo} height={22} width={22} alt="OIDC Logo" />,
+    config: <UpgradeButton />,
+    unavailable: true,
+  },
+  {
+    key: "saml",
+    name: "SAML",
+    description: "Authenticate your users via the Security Assertion Markup Language protocol.",
+    icon: <Image src={SAMLLogo} height={22} width={22} alt="SAML Logo" className="pl-0.5" />,
+    config: <UpgradeButton />,
+    unavailable: true,
+  },
+];

 export const AuthenticationModes: React.FC<TAuthenticationModeProps> = observer((props) => {
  const { disabled, updateConfig } = props;
--- a/admin/ce/components/common/index.ts
+++ b/admin/ce/components/common/index.ts
@@ -0,0 +1 @@
+export * from "./upgrade-button";
--- a/admin/core/components/common/upgrade-button.tsx
+++ b/admin/core/components/common/upgrade-button.tsx
--- a/admin/ce/store/root.store.ts
+++ b/admin/ce/store/root.store.ts
@@ -0,0 +1,19 @@
+import { enableStaticRendering } from "mobx-react";
+// stores
+import { CoreRootStore } from "@/store/root.store";
+
+enableStaticRendering(typeof window === "undefined");
+
+export class RootStore extends CoreRootStore {
+  constructor() {
+    super();
+  }
+
+  hydrate(initialData: any) {
+    super.hydrate(initialData);
+  }
+
+  resetOnSignOut() {
+    super.resetOnSignOut();
+  }
+}
--- a/admin/core/components/admin-sidebar/help-section.tsx
+++ b/admin/core/components/admin-sidebar/help-section.tsx
@@ -96,7 +96,7 @@ export const HelpSection: FC = observer(() => {
          leaveTo="transform opacity-0 scale-95"
        >
          <div
-            className={`absolute bottom-2 min-w-[10rem] ${
+            className={`absolute bottom-2 min-w-[10rem] z-[15] ${
              isSidebarCollapsed ? "left-full" : "-left-[75px]"
            } divide-y divide-custom-border-200 whitespace-nowrap rounded bg-custom-background-100 p-1 shadow-custom-shadow-xs`}
            ref={helpOptionsRef}
--- a/admin/core/components/admin-sidebar/root.tsx
+++ b/admin/core/components/admin-sidebar/root.tsx
@@ -2,11 +2,12 @@

 import { FC, useEffect, useRef } from "react";
 import { observer } from "mobx-react";
-// hooks
-import { HelpSection, SidebarMenu, SidebarDropdown } from "@/components/admin-sidebar";
-import { useTheme } from "@/hooks/store";
-import useOutsideClickDetector from "@/hooks/use-outside-click-detector";
+// plane helpers
+import { useOutsideClickDetector } from "@plane/helpers";
 // components
+import { HelpSection, SidebarMenu, SidebarDropdown } from "@/components/admin-sidebar";
+// hooks
+import { useTheme } from "@/hooks/store";

 export interface IInstanceSidebar {}

--- a/admin/core/components/authentication/auth-banner.tsx
+++ b/admin/core/components/authentication/auth-banner.tsx
@@ -0,0 +1,29 @@
+import { FC } from "react";
+import { Info, X } from "lucide-react";
+// helpers
+import { TAuthErrorInfo } from "@/helpers/authentication.helper";
+
+type TAuthBanner = {
+  bannerData: TAuthErrorInfo | undefined;
+  handleBannerData?: (bannerData: TAuthErrorInfo | undefined) => void;
+};
+
+export const AuthBanner: FC<TAuthBanner> = (props) => {
+  const { bannerData, handleBannerData } = props;
+
+  if (!bannerData) return <></>;
+  return (
+    <div className="relative flex items-center p-2 rounded-md gap-2 border border-custom-primary-100/50 bg-custom-primary-100/10">
+      <div className="w-4 h-4 flex-shrink-0 relative flex justify-center items-center">
+        <Info size={16} className="text-custom-primary-100" />
+      </div>
+      <div className="w-full text-sm font-medium text-custom-primary-100">{bannerData?.message}</div>
+      <div
+        className="relative ml-auto w-6 h-6 rounded-sm flex justify-center items-center transition-all cursor-pointer hover:bg-custom-primary-100/20 text-custom-primary-100/80"
+        onClick={() => handleBannerData && handleBannerData(undefined)}
+      >
+        <X className="w-4 h-4 flex-shrink-0" />
+      </div>
+    </div>
+  );
+};
--- a/admin/core/components/authentication/index.ts
+++ b/admin/core/components/authentication/index.ts
@@ -1,3 +1,4 @@
+export * from "./auth-banner";
 export * from "./email-config-switch";
 export * from "./password-config-switch";
 export * from "./authentication-method-card";
--- a/admin/core/components/common/index.ts
+++ b/admin/core/components/common/index.ts
@@ -8,4 +8,3 @@ export * from "./empty-state";
 export * from "./logo-spinner";
 export * from "./page-header";
 export * from "./code-block";
-export * from "./upgrade-button";
--- a/admin/core/components/instance/setup-form.tsx
+++ b/admin/core/components/instance/setup-form.tsx
@@ -174,6 +174,7 @@ export const InstanceSetupForm: FC = (props) => {
                placeholder="Wilber"
                value={formData.first_name}
                onChange={(e) => handleFormChange("first_name", e.target.value)}
+                autoComplete="on"
                autoFocus
              />
            </div>
@@ -190,6 +191,7 @@ export const InstanceSetupForm: FC = (props) => {
                placeholder="Wright"
                value={formData.last_name}
                onChange={(e) => handleFormChange("last_name", e.target.value)}
+                autoComplete="on"
              />
            </div>
          </div>
@@ -208,6 +210,7 @@ export const InstanceSetupForm: FC = (props) => {
              value={formData.email}
              onChange={(e) => handleFormChange("email", e.target.value)}
              hasError={errorData.type && errorData.type === EErrorCodes.INVALID_EMAIL ? true : false}
+              autoComplete="on"
            />
            {errorData.type && errorData.type === EErrorCodes.INVALID_EMAIL && errorData.message && (
              <p className="px-1 text-xs text-red-500">{errorData.message}</p>
@@ -247,6 +250,7 @@ export const InstanceSetupForm: FC = (props) => {
                hasError={errorData.type && errorData.type === EErrorCodes.INVALID_PASSWORD ? true : false}
                onFocus={() => setIsPasswordInputFocused(true)}
                onBlur={() => setIsPasswordInputFocused(false)}
+                autoComplete="on"
              />
              {showPassword.password ? (
                <button
--- a/admin/core/components/login/sign-in-form.tsx
+++ b/admin/core/components/login/sign-in-form.tsx
@@ -8,8 +8,16 @@ import { Button, Input, Spinner } from "@plane/ui";
 // components
 import { Banner } from "@/components/common";
 // helpers
+import {
+  authErrorHandler,
+  EAuthenticationErrorCodes,
+  EErrorAlertType,
+  TAuthErrorInfo,
+} from "@/helpers/authentication.helper";
+
 import { API_BASE_URL } from "@/helpers/common.helper";
 import { AuthService } from "@/services/auth.service";
+import { AuthBanner } from "../authentication";
 // ui
 // icons

@@ -53,12 +61,11 @@ export const InstanceSignInForm: FC = (props) => {
  const [csrfToken, setCsrfToken] = useState<string | undefined>(undefined);
  const [formData, setFormData] = useState<TFormData>(defaultFromData);
  const [isSubmitting, setIsSubmitting] = useState(false);
+  const [errorInfo, setErrorInfo] = useState<TAuthErrorInfo | undefined>(undefined);

  const handleFormChange = (key: keyof TFormData, value: string | boolean) =>
    setFormData((prev) => ({ ...prev, [key]: value }));

-  console.log("csrfToken", csrfToken);
-
  useEffect(() => {
    if (csrfToken === undefined)
      authService.requestCSRFToken().then((data) => data?.csrf_token && setCsrfToken(data.csrf_token));
@@ -93,6 +100,15 @@ export const InstanceSignInForm: FC = (props) => {
    [formData.email, formData.password, isSubmitting]
  );

+  useEffect(() => {
+    if (errorCode) {
+      const errorDetail = authErrorHandler(errorCode?.toString() as EAuthenticationErrorCodes);
+      if (errorDetail) {
+        setErrorInfo(errorDetail);
+      }
+    }
+  }, [errorCode]);
+
  return (
    <div className="flex-grow container mx-auto max-w-lg px-10 lg:max-w-md lg:px-5 py-10 lg:pt-28 transition-all">
      <div className="relative flex flex-col space-y-6">
@@ -105,7 +121,11 @@ export const InstanceSignInForm: FC = (props) => {
          </p>
        </div>

-        {errorData.type && errorData?.message && <Banner type="error" message={errorData?.message} />}
+        {errorData.type && errorData?.message ? (
+          <Banner type="error" message={errorData?.message} />
+        ) : (
+          <>{errorInfo && <AuthBanner bannerData={errorInfo} handleBannerData={(value) => setErrorInfo(value)} />}</>
+        )}

        <form
          className="space-y-4"
@@ -129,6 +149,7 @@ export const InstanceSignInForm: FC = (props) => {
              placeholder="name@company.com"
              value={formData.email}
              onChange={(e) => handleFormChange("email", e.target.value)}
+              autoComplete="on"
              autoFocus
            />
          </div>
@@ -147,6 +168,7 @@ export const InstanceSignInForm: FC = (props) => {
                placeholder="Enter your password"
                value={formData.password}
                onChange={(e) => handleFormChange("password", e.target.value)}
+                autoComplete="on"
              />
              {showPassword ? (
                <button
--- a/admin/core/hooks/use-outside-click-detector.tsx
+++ b/admin/core/hooks/use-outside-click-detector.tsx
@@ -1,21 +0,0 @@
-"use client";
-
-import React, { useEffect } from "react";
-
-const useOutsideClickDetector = (ref: React.RefObject<HTMLElement>, callback: () => void) => {
-  const handleClick = (event: MouseEvent) => {
-    if (ref.current && !ref.current.contains(event.target as Node)) {
-      callback();
-    }
-  };
-
-  useEffect(() => {
-    document.addEventListener("mousedown", handleClick);
-
-    return () => {
-      document.removeEventListener("mousedown", handleClick);
-    };
-  });
-};
-
-export default useOutsideClickDetector;
--- a/admin/core/layouts/admin-layout.tsx
+++ b/admin/core/layouts/admin-layout.tsx
@@ -18,6 +18,7 @@ export const AdminLayout: FC<TAdminLayout> = observer((props) => {
  const { children } = props;
  // router
  const router = useRouter();
+  // store hooks
  const { isUserLoggedIn } = useUser();

  useEffect(() => {
--- a/admin/core/lib/store-provider.tsx
+++ b/admin/core/lib/store-provider.tsx
@@ -1,8 +1,8 @@
 "use client";

 import { ReactNode, createContext } from "react";
-// store
-import { RootStore } from "@/store/root.store";
+// plane admin store
+import { RootStore } from "@/plane-admin/store/root.store";

 let rootStore = new RootStore();

--- a/admin/core/store/instance.store.ts
+++ b/admin/core/store/instance.store.ts
@@ -13,7 +13,7 @@ import { EInstanceStatus, TInstanceStatus } from "@/helpers/instance.helper";
 // services
 import { InstanceService } from "@/services/instance.service";
 // root store
-import { RootStore } from "@/store/root.store";
+import { CoreRootStore } from "@/store/root.store";

 export interface IInstanceStore {
  // issues
@@ -46,7 +46,7 @@ export class InstanceStore implements IInstanceStore {
  // service
  instanceService;

-  constructor(private store: RootStore) {
+  constructor(private store: CoreRootStore) {
    makeObservable(this, {
      // observable
      isLoading: observable.ref,
--- a/admin/core/store/root.store.ts
+++ b/admin/core/store/root.store.ts
@@ -6,7 +6,7 @@ import { IUserStore, UserStore } from "./user.store";

 enableStaticRendering(typeof window === "undefined");

-export class RootStore {
+export abstract class CoreRootStore {
  theme: IThemeStore;
  instance: IInstanceStore;
  user: IUserStore;
--- a/admin/core/store/theme.store.ts
+++ b/admin/core/store/theme.store.ts
@@ -1,6 +1,6 @@
 import { action, observable, makeObservable } from "mobx";
 // root store
-import { RootStore } from "@/store/root.store";
+import { CoreRootStore } from "@/store/root.store";

 type TTheme = "dark" | "light";
 export interface IThemeStore {
@@ -21,7 +21,7 @@ export class ThemeStore implements IThemeStore {
  isSidebarCollapsed: boolean | undefined = undefined;
  theme: string | undefined = undefined;

-  constructor(private store: RootStore) {
+  constructor(private store: CoreRootStore) {
    makeObservable(this, {
      // observables
      isNewUserPopup: observable.ref,
--- a/admin/core/store/user.store.ts
+++ b/admin/core/store/user.store.ts
@@ -6,7 +6,7 @@ import { EUserStatus, TUserStatus } from "@/helpers/user.helper";
 import { AuthService } from "@/services/auth.service";
 import { UserService } from "@/services/user.service";
 // root store
-import { RootStore } from "@/store/root.store";
+import { CoreRootStore } from "@/store/root.store";

 export interface IUserStore {
  // observables
@@ -31,7 +31,7 @@ export class UserStore implements IUserStore {
  userService;
  authService;

-  constructor(private store: RootStore) {
+  constructor(private store: CoreRootStore) {
    makeObservable(this, {
      // observables
      isLoading: observable.ref,
--- a/admin/ee/components/common/index.ts
+++ b/admin/ee/components/common/index.ts
@@ -0,0 +1 @@
+export * from "ce/components/common";
--- a/admin/ee/store/root.store.ts
+++ b/admin/ee/store/root.store.ts
@@ -0,0 +1 @@
+export * from "ce/store/root.store";
--- a/admin/next-env.d.ts
+++ b/admin/next-env.d.ts
@@ -2,4 +2,4 @@
 /// <reference types="next/image-types/global" />

 // NOTE: This file should not be edited
-// see https://nextjs.org/docs/basic-features/typescript for more information.
+// see https://nextjs.org/docs/app/building-your-application/configuring/typescript for more information.
--- a/admin/package.json
+++ b/admin/package.json
@@ -12,13 +12,14 @@
  },
  "dependencies": {
    "@headlessui/react": "^1.7.19",
+    "@plane/constants": "*",
+    "@plane/helpers": "*",
    "@plane/types": "*",
    "@plane/ui": "*",
-    "@plane/constants": "*",
    "@tailwindcss/typography": "^0.5.9",
    "@types/lodash": "^4.17.0",
    "autoprefixer": "10.4.14",
-    "axios": "^1.6.7",
+    "axios": "^1.7.4",
    "js-cookie": "^3.0.5",
    "lodash": "^4.17.21",
    "lucide-react": "^0.356.0",
@@ -29,7 +30,7 @@
    "postcss": "^8.4.38",
    "react": "^18.3.1",
    "react-dom": "^18.3.1",
-    "react-hook-form": "^7.51.0",
+    "react-hook-form": "7.51.5",
    "swr": "^2.2.4",
    "tailwindcss": "3.3.2",
    "uuid": "^9.0.1",
@@ -45,6 +46,6 @@
    "eslint-config-custom": "*",
    "tailwind-config-custom": "*",
    "tsconfig": "*",
-    "typescript": "^5.4.2"
+    "typescript": "5.4.5"
  }
-}
+}
--- a/apiserver/.env.example
+++ b/apiserver/.env.example
@@ -15,12 +15,18 @@ POSTGRES_DB="plane"
 POSTGRES_PORT=5432
 DATABASE_URL=postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}

-
 # Redis Settings
 REDIS_HOST="plane-redis"
 REDIS_PORT="6379"
 REDIS_URL="redis://${REDIS_HOST}:6379/"

+# RabbitMQ Settings
+RABBITMQ_HOST="plane-mq"
+RABBITMQ_PORT="5672"
+RABBITMQ_USER="plane"
+RABBITMQ_PASSWORD="plane"
+RABBITMQ_VHOST="plane"
+
 # AWS Settings
 AWS_REGION=""
 AWS_ACCESS_KEY_ID="access-key"
@@ -50,3 +56,6 @@ GUNICORN_WORKERS=2
 ADMIN_BASE_URL=
 SPACE_BASE_URL=
 APP_BASE_URL=
+
+# Hard delete files after days
+HARD_DELETE_AFTER_DAYS=60
--- a/apiserver/Dockerfile.api
+++ b/apiserver/Dockerfile.api
@@ -1,4 +1,4 @@
-FROM python:3.11.1-alpine3.17 AS backend
+FROM python:3.12.5-alpine AS backend

 # set environment variables
 ENV PYTHONDONTWRITEBYTECODE 1
@@ -7,23 +7,23 @@ ENV PIP_DISABLE_PIP_VERSION_CHECK=1

 WORKDIR /code

-RUN apk --no-cache add \
-    "libpq~=15" \
-    "libxslt~=1.1" \
-    "nodejs-current~=19" \
-    "xmlsec~=1.2"
+RUN apk add --no-cache \
+    "libpq" \
+    "libxslt" \
+    "nodejs-current" \
+    "xmlsec"

 COPY requirements.txt ./
 COPY requirements ./requirements
 RUN apk add --no-cache libffi-dev
 RUN apk add --no-cache --virtual .build-deps \
    "bash~=5.2" \
-    "g++~=12.2" \
-    "gcc~=12.2" \
-    "cargo~=1.64" \
-    "git~=2" \
-    "make~=4.3" \
-    "postgresql13-dev~=13" \
+    "g++" \
+    "gcc" \
+    "cargo" \
+    "git" \
+    "make" \
+    "postgresql-dev" \
    "libc-dev" \
    "linux-headers" \
    && \
--- a/apiserver/Dockerfile.dev
+++ b/apiserver/Dockerfile.dev
@@ -1,4 +1,4 @@
-FROM python:3.11.1-alpine3.17 AS backend
+FROM python:3.12.5-alpine AS backend

 # set environment variables
 ENV PYTHONDONTWRITEBYTECODE 1
@@ -7,18 +7,18 @@ ENV PIP_DISABLE_PIP_VERSION_CHECK=1

 RUN apk --no-cache add \
    "bash~=5.2" \
-    "libpq~=15" \
-    "libxslt~=1.1" \
-    "nodejs-current~=19" \
-    "xmlsec~=1.2" \
+    "libpq" \
+    "libxslt" \
+    "nodejs-current" \
+    "xmlsec" \
    "libffi-dev" \
    "bash~=5.2" \
-    "g++~=12.2" \
-    "gcc~=12.2" \
-    "cargo~=1.64" \
-    "git~=2" \
-    "make~=4.3" \
-    "postgresql13-dev~=13" \
+    "g++" \
+    "gcc" \
+    "cargo" \
+    "git" \
+    "make" \
+    "postgresql-dev" \
    "libc-dev" \
    "linux-headers"

--- a/apiserver/bin/docker-entrypoint-api-local.sh
+++ b/apiserver/bin/docker-entrypoint-api-local.sh
@@ -32,4 +32,3 @@ python manage.py create_bucket
 python manage.py clear_cache

 python manage.py runserver 0.0.0.0:8000 --settings=plane.settings.local
-
--- a/apiserver/plane/api/rate_limit.py
+++ b/apiserver/plane/api/rate_limit.py
@@ -40,3 +40,44 @@ class ApiKeyRateThrottle(SimpleRateThrottle):
            request.META["X-RateLimit-Reset"] = reset_time

        return allowed
+
+
+class ServiceTokenRateThrottle(SimpleRateThrottle):
+    scope = "service_token"
+    rate = "300/minute"
+
+    def get_cache_key(self, request, view):
+        # Retrieve the API key from the request header
+        api_key = request.headers.get("X-Api-Key")
+        if not api_key:
+            return None  # Allow the request if there's no API key
+
+        # Use the API key as part of the cache key
+        return f"{self.scope}:{api_key}"
+
+    def allow_request(self, request, view):
+        allowed = super().allow_request(request, view)
+
+        if allowed:
+            now = self.timer()
+            # Calculate the remaining limit and reset time
+            history = self.cache.get(self.key, [])
+
+            # Remove old histories
+            while history and history[-1] <= now - self.duration:
+                history.pop()
+
+            # Calculate the requests
+            num_requests = len(history)
+
+            # Check available requests
+            available = self.num_requests - num_requests
+
+            # Unix timestamp for when the rate limit will reset
+            reset_time = int(now + self.duration)
+
+            # Add headers
+            request.META["X-RateLimit-Remaining"] = max(0, available)
+            request.META["X-RateLimit-Reset"] = reset_time
+
+        return allowed
--- a/apiserver/plane/api/serializers/init.py
+++ b/apiserver/plane/api/serializers/init.py
@@ -10,6 +10,7 @@ from .issue import (
    IssueAttachmentSerializer,
    IssueActivitySerializer,
    IssueExpandSerializer,
+    IssueLiteSerializer,
 )
 from .state import StateLiteSerializer, StateSerializer
 from .cycle import CycleSerializer, CycleIssueSerializer, CycleLiteSerializer
--- a/apiserver/plane/api/serializers/base.py
+++ b/apiserver/plane/api/serializers/base.py
@@ -67,6 +67,7 @@ class BaseSerializer(serializers.ModelSerializer):
                    # Import all the expandable serializers
                    from . import (
                        IssueSerializer,
+                        IssueLiteSerializer,
                        ProjectLiteSerializer,
                        StateLiteSerializer,
                        UserLiteSerializer,
@@ -86,6 +87,7 @@ class BaseSerializer(serializers.ModelSerializer):
                        "actor": UserLiteSerializer,
                        "owned_by": UserLiteSerializer,
                        "members": UserLiteSerializer,
+                        "parent": IssueLiteSerializer,
                    }
                    # Check if field in expansion  then expand the field
                    if expand in expansion:
--- a/apiserver/plane/api/serializers/cycle.py
+++ b/apiserver/plane/api/serializers/cycle.py
@@ -40,6 +40,7 @@ class CycleSerializer(BaseSerializer):
            "workspace",
            "project",
            "owned_by",
+            "deleted_at",
        ]


--- a/apiserver/plane/api/serializers/issue.py
+++ b/apiserver/plane/api/serializers/issue.py
@@ -1,6 +1,3 @@
-from django.core.exceptions import ValidationError
-from django.core.validators import URLValidator
-
 # Django imports
 from django.utils import timezone
 from lxml import html
@@ -11,6 +8,7 @@ from rest_framework import serializers
 # Module imports
 from plane.db.models import (
    Issue,
+    IssueType,
    IssueActivity,
    IssueAssignee,
    IssueAttachment,
@@ -29,6 +27,9 @@ from .module import ModuleLiteSerializer, ModuleSerializer
 from .state import StateLiteSerializer
 from .user import UserLiteSerializer

+# Django imports
+from django.core.exceptions import ValidationError
+from django.core.validators import URLValidator

 class IssueSerializer(BaseSerializer):
    assignees = serializers.ListField(
@@ -46,6 +47,12 @@ class IssueSerializer(BaseSerializer):
        write_only=True,
        required=False,
    )
+    type_id = serializers.PrimaryKeyRelatedField(
+        source="type",
+        queryset=IssueType.objects.all(),
+        required=False,
+        allow_null=True,
+    )

    class Meta:
        model = Issue
@@ -53,7 +60,6 @@ class IssueSerializer(BaseSerializer):
            "id",
            "workspace",
            "project",
-            "created_by",
            "updated_by",
            "updated_at",
        ]
@@ -130,9 +136,19 @@ class IssueSerializer(BaseSerializer):
        workspace_id = self.context["workspace_id"]
        default_assignee_id = self.context["default_assignee_id"]

+        issue_type = validated_data.pop("type", None)
+
+        if not issue_type:
+            # Get default issue type
+            issue_type = IssueType.objects.filter(
+                project_issue_types__project_id=project_id, is_default=True
+            ).first()
+            issue_type = issue_type
+
        issue = Issue.objects.create(
            **validated_data,
            project_id=project_id,
+            type=issue_type,
        )

        # Issue Audit Users
@@ -258,6 +274,17 @@ class IssueSerializer(BaseSerializer):
        return data


+class IssueLiteSerializer(BaseSerializer):
+    class Meta:
+        model = Issue
+        fields = [
+            "id",
+            "sequence_id",
+            "project_id",
+        ]
+        read_only_fields = fields
+
+
 class LabelSerializer(BaseSerializer):
    class Meta:
        model = Label
@@ -270,6 +297,7 @@ class LabelSerializer(BaseSerializer):
            "updated_by",
            "created_at",
            "updated_at",
+            "deleted_at",
        ]


@@ -287,7 +315,7 @@ class IssueLinkSerializer(BaseSerializer):
            "created_at",
            "updated_at",
        ]
-
+    
    def validate_url(self, value):
        # Check URL format
        validate_url = URLValidator()
@@ -338,9 +366,7 @@ class IssueAttachmentSerializer(BaseSerializer):
            "workspace",
            "project",
            "issue",
-            "created_by",
            "updated_by",
-            "created_at",
            "updated_at",
        ]

--- a/apiserver/plane/api/serializers/module.py
+++ b/apiserver/plane/api/serializers/module.py
@@ -39,6 +39,7 @@ class ModuleSerializer(BaseSerializer):
            "updated_by",
            "created_at",
            "updated_at",
+            "deleted_at",
        ]

    def to_representation(self, instance):
@@ -70,6 +71,16 @@ class ModuleSerializer(BaseSerializer):
        project_id = self.context["project_id"]
        workspace_id = self.context["workspace_id"]

+        module_name = validated_data.get("name")
+        if module_name:
+            # Lookup for the module name in the module table for that project
+            if Module.objects.filter(
+                name=module_name, project_id=project_id
+            ).exists():
+                raise serializers.ValidationError(
+                    {"error": "Module with this name already exists"}
+                )
+
        module = Module.objects.create(**validated_data, project_id=project_id)
        if members is not None:
            ModuleMember.objects.bulk_create(
@@ -92,6 +103,19 @@ class ModuleSerializer(BaseSerializer):

    def update(self, instance, validated_data):
        members = validated_data.pop("members", None)
+        module_name = validated_data.get("name")
+        if module_name:
+            # Lookup for the module name in the module table for that project
+            if (
+                Module.objects.filter(
+                    name=module_name, project=instance.project
+                )
+                .exclude(id=instance.id)
+                .exists()
+            ):
+                raise serializers.ValidationError(
+                    {"error": "Module with this name already exists"}
+                )

        if members is not None:
            ModuleMember.objects.filter(module=instance).delete()
--- a/apiserver/plane/api/serializers/project.py
+++ b/apiserver/plane/api/serializers/project.py
@@ -31,6 +31,7 @@ class ProjectSerializer(BaseSerializer):
            "updated_at",
            "created_by",
            "updated_by",
+            "deleted_at",
        ]

    def validate(self, data):
--- a/apiserver/plane/api/serializers/state.py
+++ b/apiserver/plane/api/serializers/state.py
@@ -23,6 +23,7 @@ class StateSerializer(BaseSerializer):
            "updated_at",
            "workspace",
            "project",
+            "deleted_at",
        ]


--- a/apiserver/plane/api/urls/member.py
+++ b/apiserver/plane/api/urls/member.py
@@ -1,13 +1,13 @@
 from django.urls import path

 from plane.api.views import (
-    WorkspaceMemberAPIEndpoint,
+    ProjectMemberAPIEndpoint,
 )

 urlpatterns = [
    path(
-        "workspaces/<str:slug>/members/",
-        WorkspaceMemberAPIEndpoint.as_view(),
+        "workspaces/<str:slug>/projects/<str:project_id>/members/",
+        ProjectMemberAPIEndpoint.as_view(),
        name="users",
    ),
 ]
--- a/apiserver/plane/api/views/init.py
+++ b/apiserver/plane/api/views/init.py
@@ -25,6 +25,7 @@ from .module import (
    ModuleArchiveUnarchiveAPIEndpoint,
 )

-from .member import WorkspaceMemberAPIEndpoint
+from .member import ProjectMemberAPIEndpoint

 from .inbox import InboxIssueAPIEndpoint
+
--- a/apiserver/plane/api/views/base.py
+++ b/apiserver/plane/api/views/base.py
@@ -7,6 +7,7 @@ from django.core.exceptions import ObjectDoesNotExist, ValidationError
 from django.db import IntegrityError
 from django.urls import resolve
 from django.utils import timezone
+from plane.db.models.api import APIToken
 from rest_framework import status
 from rest_framework.permissions import IsAuthenticated
 from rest_framework.response import Response
@@ -16,7 +17,7 @@ from rest_framework.views import APIView

 # Module imports
 from plane.api.middleware.api_authentication import APIKeyAuthentication
-from plane.api.rate_limit import ApiKeyRateThrottle
+from plane.api.rate_limit import ApiKeyRateThrottle, ServiceTokenRateThrottle
 from plane.utils.exception_logger import log_exception
 from plane.utils.paginator import BasePaginator

@@ -44,15 +45,29 @@ class BaseAPIView(TimezoneMixin, APIView, BasePaginator):
        IsAuthenticated,
    ]

-    throttle_classes = [
-        ApiKeyRateThrottle,
-    ]
-
    def filter_queryset(self, queryset):
        for backend in list(self.filter_backends):
            queryset = backend().filter_queryset(self.request, queryset, self)
        return queryset

+    def get_throttles(self):
+        throttle_classes = []
+        api_key = self.request.headers.get("X-Api-Key")
+
+        if api_key:
+            service_token = APIToken.objects.filter(
+                token=api_key,
+                is_service=True,
+            ).first()
+
+            if service_token:
+                throttle_classes.append(ServiceTokenRateThrottle())
+                return throttle_classes
+
+        throttle_classes.append(ApiKeyRateThrottle())
+
+        return throttle_classes
+
    def handle_exception(self, exc):
        """
        Handle any exception that occurs, by returning an appropriate response,
@@ -152,4 +167,4 @@ class BaseAPIView(TimezoneMixin, APIView, BasePaginator):
            for expand in self.request.GET.get("expand", "").split(",")
            if expand
        ]
-        return expand if expand else None
+        return expand if expand else None
--- a/apiserver/plane/api/views/cycle.py
+++ b/apiserver/plane/api/views/cycle.py
@@ -26,7 +26,7 @@ from plane.api.serializers import (
    CycleSerializer,
 )
 from plane.app.permissions import ProjectEntityPermission
-from plane.bgtasks.issue_activites_task import issue_activity
+from plane.bgtasks.issue_activities_task import issue_activity
 from plane.db.models import (
    Cycle,
    CycleIssue,
@@ -35,6 +35,7 @@ from plane.db.models import (
    IssueAttachment,
    IssueLink,
    ProjectMember,
+    UserFavorite,
 )
 from plane.utils.analytics_plot import burndown_plot

@@ -404,6 +405,16 @@ class CycleAPIEndpoint(BaseAPIView):
        )
        # Delete the cycle
        cycle.delete()
+        # Delete the cycle issues
+        CycleIssue.objects.filter(
+            cycle_id=self.kwargs.get("pk"),
+        ).delete()
+        # Delete the user favorite cycle
+        UserFavorite.objects.filter(
+            entity_type="cycle",
+            entity_identifier=pk,
+            project_id=project_id,
+        ).delete()
        return Response(status=status.HTTP_204_NO_CONTENT)


@@ -533,6 +544,12 @@ class CycleArchiveUnarchiveAPIEndpoint(BaseAPIView):
            )
        cycle.archived_at = timezone.now()
        cycle.save()
+        UserFavorite.objects.filter(
+            entity_type="cycle",
+            entity_identifier=cycle_id,
+            project_id=project_id,
+            workspace__slug=slug,
+        ).delete()
        return Response(status=status.HTTP_204_NO_CONTENT)

    def delete(self, request, slug, project_id, cycle_id):
@@ -661,61 +678,63 @@ class CycleIssueAPIEndpoint(BaseAPIView):
            workspace__slug=slug, project_id=project_id, pk=cycle_id
        )

-        issues = Issue.objects.filter(
-            pk__in=issues, workspace__slug=slug, project_id=project_id
-        ).values_list("id", flat=True)
-
        # Get all CycleIssues already created
-        cycle_issues = list(CycleIssue.objects.filter(issue_id__in=issues))
-        update_cycle_issue_activity = []
-        record_to_create = []
-        records_to_update = []
-
-        for issue in issues:
-            cycle_issue = [
-                cycle_issue
-                for cycle_issue in cycle_issues
-                if str(cycle_issue.issue_id) in issues
-            ]
-            # Update only when cycle changes
-            if len(cycle_issue):
-                if cycle_issue[0].cycle_id != cycle_id:
-                    update_cycle_issue_activity.append(
-                        {
-                            "old_cycle_id": str(cycle_issue[0].cycle_id),
-                            "new_cycle_id": str(cycle_id),
-                            "issue_id": str(cycle_issue[0].issue_id),
-                        }
-                    )
-                    cycle_issue[0].cycle_id = cycle_id
-                    records_to_update.append(cycle_issue[0])
-            else:
-                record_to_create.append(
-                    CycleIssue(
-                        project_id=project_id,
-                        workspace=cycle.workspace,
-                        created_by=request.user,
-                        updated_by=request.user,
-                        cycle=cycle,
-                        issue_id=issue,
-                    )
-                )
-
-        CycleIssue.objects.bulk_create(
-            record_to_create,
-            batch_size=10,
-            ignore_conflicts=True,
+        cycle_issues = list(
+            CycleIssue.objects.filter(
+                ~Q(cycle_id=cycle_id), issue_id__in=issues
+            )
        )
-        CycleIssue.objects.bulk_update(
-            records_to_update,
-            ["cycle"],
+
+        existing_issues = [
+            str(cycle_issue.issue_id)
+            for cycle_issue in cycle_issues
+            if str(cycle_issue.issue_id) in issues
+        ]
+        new_issues = list(set(issues) - set(existing_issues))
+
+        # New issues to create
+        created_records = CycleIssue.objects.bulk_create(
+            [
+                CycleIssue(
+                    project_id=project_id,
+                    workspace_id=cycle.workspace_id,
+                    cycle_id=cycle_id,
+                    issue_id=issue,
+                )
+                for issue in new_issues
+            ],
+            ignore_conflicts=True,
            batch_size=10,
        )

+        # Updated Issues
+        updated_records = []
+        update_cycle_issue_activity = []
+        # Iterate over each cycle_issue in cycle_issues
+        for cycle_issue in cycle_issues:
+            old_cycle_id = cycle_issue.cycle_id
+            # Update the cycle_issue's cycle_id
+            cycle_issue.cycle_id = cycle_id
+            # Add the modified cycle_issue to the records_to_update list
+            updated_records.append(cycle_issue)
+            # Record the update activity
+            update_cycle_issue_activity.append(
+                {
+                    "old_cycle_id": str(old_cycle_id),
+                    "new_cycle_id": str(cycle_id),
+                    "issue_id": str(cycle_issue.issue_id),
+                }
+            )
+
+        # Update the cycle issues
+        CycleIssue.objects.bulk_update(
+            updated_records, ["cycle_id"], batch_size=100
+        )
+
        # Capture Issue Activity
        issue_activity.delay(
            type="cycle.activity.created",
-            requested_data=json.dumps({"cycles_list": str(issues)}),
+            requested_data=json.dumps({"cycles_list": issues}),
            actor_id=str(self.request.user.id),
            issue_id=None,
            project_id=str(self.kwargs.get("project_id", None)),
@@ -723,13 +742,14 @@ class CycleIssueAPIEndpoint(BaseAPIView):
                {
                    "updated_cycle_issues": update_cycle_issue_activity,
                    "created_cycle_issues": serializers.serialize(
-                        "json", record_to_create
+                        "json", created_records
                    ),
                }
            ),
            epoch=int(timezone.now().timestamp()),
+            notification=True,
+            origin=request.META.get("HTTP_ORIGIN"),
        )
-
        # Return all Cycle Issues
        return Response(
            CycleIssueSerializer(self.get_queryset(), many=True).data,
--- a/apiserver/plane/api/views/inbox.py
+++ b/apiserver/plane/api/views/inbox.py
@@ -1,7 +1,7 @@
 # Python imports
 import json

-# Django improts
+# Django imports
 from django.core.serializers.json import DjangoJSONEncoder
 from django.utils import timezone
 from django.db.models import Q, Value, UUIDField
@@ -16,7 +16,7 @@ from rest_framework.response import Response
 # Module imports
 from plane.api.serializers import InboxIssueSerializer, IssueSerializer
 from plane.app.permissions import ProjectLitePermission
-from plane.bgtasks.issue_activites_task import issue_activity
+from plane.bgtasks.issue_activities_task import issue_activity
 from plane.db.models import (
    Inbox,
    InboxIssue,
@@ -184,13 +184,8 @@ class InboxIssueAPIEndpoint(BaseAPIView):
            workspace__slug=slug, project_id=project_id
        ).first()

-        project = Project.objects.get(
-            workspace__slug=slug,
-            pk=project_id,
-        )
-
        # Inbox view
-        if inbox is None and not project.inbox_view:
+        if inbox is None:
            return Response(
                {
                    "error": "Inbox is not enabled for this project enable it through the project's api"
@@ -215,7 +210,7 @@ class InboxIssueAPIEndpoint(BaseAPIView):
        )

        # Only project members admins and created_by users can access this endpoint
-        if project_member.role <= 10 and str(inbox_issue.created_by_id) != str(
+        if project_member.role <= 5 and str(inbox_issue.created_by_id) != str(
            request.user.id
        ):
            return Response(
@@ -249,9 +244,8 @@ class InboxIssueAPIEndpoint(BaseAPIView):
                workspace__slug=slug,
                project_id=project_id,
            )
-            # Only allow guests and viewers to edit name and description
-            if project_member.role <= 10:
-                # viewers and guests since only viewers and guests
+            # Only allow guests to edit name and description
+            if project_member.role <= 5:
                issue_data = {
                    "name": issue_data.get("name", issue.name),
                    "description_html": issue_data.get(
@@ -291,7 +285,7 @@ class InboxIssueAPIEndpoint(BaseAPIView):
                )

        # Only project admins and members can edit inbox issue attributes
-        if project_member.role > 10:
+        if project_member.role > 5:
            serializer = InboxIssueSerializer(
                inbox_issue, data=request.data, partial=True
            )
--- a/apiserver/plane/api/views/issue.py
+++ b/apiserver/plane/api/views/issue.py
@@ -38,7 +38,7 @@ from plane.app.permissions import (
    ProjectLitePermission,
    ProjectMemberPermission,
 )
-from plane.bgtasks.issue_activites_task import issue_activity
+from plane.bgtasks.issue_activities_task import issue_activity
 from plane.db.models import (
    Issue,
    IssueActivity,
@@ -151,6 +151,25 @@ class IssueAPIEndpoint(BaseAPIView):
        ).distinct()

    def get(self, request, slug, project_id, pk=None):
+        external_id = request.GET.get("external_id")
+        external_source = request.GET.get("external_source")
+
+        if external_id and external_source:
+            issue = Issue.objects.get(
+                external_id=external_id,
+                external_source=external_source,
+                workspace__slug=slug,
+                project_id=project_id,
+            )
+            return Response(
+                IssueSerializer(
+                    issue,
+                    fields=self.fields,
+                    expand=self.expand,
+                ).data,
+                status=status.HTTP_200_OK,
+            )
+
        if pk:
            issue = Issue.issue_objects.annotate(
                sub_issues_count=Issue.issue_objects.filter(
@@ -315,8 +334,11 @@ class IssueAPIEndpoint(BaseAPIView):
                project_id=project_id,
                pk=serializer.data["id"],
            ).first()
-            issue.created_at = request.data.get("created_at")
-            issue.save(update_fields=["created_at"])
+            issue.created_at = request.data.get("created_at", timezone.now())
+            issue.created_by_id = request.data.get(
+                "created_by", request.user.id
+            )
+            issue.save(update_fields=["created_at", "created_by"])

            # Track the issue
            issue_activity.delay(
@@ -333,6 +355,124 @@ class IssueAPIEndpoint(BaseAPIView):
            return Response(serializer.data, status=status.HTTP_201_CREATED)
        return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)

+    def put(self, request, slug, project_id):
+        # Get the entities required for putting the issue, external_id and
+        # external_source are must to identify the issue here
+        project = Project.objects.get(pk=project_id)
+        external_id = request.data.get("external_id")
+        external_source = request.data.get("external_source")
+
+        # If the external_id and source are present, we need to find the exact
+        # issue that needs to be updated with the provided external_id and
+        # external_source
+        if external_id and external_source:
+            try:
+                issue = Issue.objects.get(
+                    project_id=project_id,
+                    workspace__slug=slug,
+                    external_id=external_id,
+                    external_source=external_source,
+                )
+
+                # Get the current instance of the issue in order to track
+                # changes and dispatch the issue activity
+                current_instance = json.dumps(
+                    IssueSerializer(issue).data, cls=DjangoJSONEncoder
+                )
+
+                # Get the requested data, encode it as django object and pass it
+                # to serializer to validation
+                requested_data = json.dumps(
+                    self.request.data, cls=DjangoJSONEncoder
+                )
+                serializer = IssueSerializer(
+                    issue,
+                    data=request.data,
+                    context={
+                        "project_id": project_id,
+                        "workspace_id": project.workspace_id,
+                    },
+                    partial=True,
+                )
+                if serializer.is_valid():
+                    # If the serializer is valid, save the issue and dispatch
+                    # the update issue activity worker event.
+                    serializer.save()
+                    issue_activity.delay(
+                        type="issue.activity.updated",
+                        requested_data=requested_data,
+                        actor_id=str(request.user.id),
+                        issue_id=str(issue.id),
+                        project_id=str(project_id),
+                        current_instance=current_instance,
+                        epoch=int(timezone.now().timestamp()),
+                    )
+                    return Response(serializer.data, status=status.HTTP_200_OK)
+                return Response(
+                    # If the serializer is not valid, respond with 400 bad
+                    # request
+                    serializer.errors,
+                    status=status.HTTP_400_BAD_REQUEST,
+                )
+            except Issue.DoesNotExist:
+                # If the issue does not exist, a new record needs to be created
+                # for the requested data.
+                # Serialize the data with the context of the project and
+                # workspace
+                serializer = IssueSerializer(
+                    data=request.data,
+                    context={
+                        "project_id": project_id,
+                        "workspace_id": project.workspace_id,
+                        "default_assignee_id": project.default_assignee_id,
+                    },
+                )
+
+                # If the serializer is valid, save the issue and dispatch the
+                # issue activity worker event as created
+                if serializer.is_valid():
+                    serializer.save()
+                    # Refetch the issue
+                    issue = Issue.objects.filter(
+                        workspace__slug=slug,
+                        project_id=project_id,
+                        pk=serializer.data["id"],
+                    ).first()
+
+                    # If any of the created_at or created_by is present, update
+                    # the issue with the provided data, else return with the
+                    # default states given.
+                    issue.created_at = request.data.get(
+                        "created_at", timezone.now()
+                    )
+                    issue.created_by_id = request.data.get(
+                        "created_by", request.user.id
+                    )
+                    issue.save(update_fields=["created_at", "created_by"])
+
+                    issue_activity.delay(
+                        type="issue.activity.created",
+                        requested_data=json.dumps(
+                            self.request.data, cls=DjangoJSONEncoder
+                        ),
+                        actor_id=str(request.user.id),
+                        issue_id=str(serializer.data.get("id", None)),
+                        project_id=str(project_id),
+                        current_instance=None,
+                        epoch=int(timezone.now().timestamp()),
+                    )
+                    return Response(
+                        serializer.data, status=status.HTTP_201_CREATED
+                    )
+                return Response(
+                    serializer.errors, status=status.HTTP_400_BAD_REQUEST
+                )
+        else:
+            return Response(
+                {"error": "external_id and external_source are required"},
+                status=status.HTTP_400_BAD_REQUEST,
+            )
+
    def patch(self, request, slug, project_id, pk=None):
        issue = Issue.objects.get(
            workspace__slug=slug, project_id=project_id, pk=pk
@@ -610,14 +750,20 @@ class IssueLinkAPIEndpoint(BaseAPIView):
                project_id=project_id,
                issue_id=issue_id,
            )
+
+            link = IssueLink.objects.get(pk=serializer.data["id"])
+            link.created_by_id = request.data.get(
+                "created_by", request.user.id
+            )
+            link.save(update_fields=["created_by"])
            issue_activity.delay(
                type="link.activity.created",
                requested_data=json.dumps(
                    serializer.data, cls=DjangoJSONEncoder
                ),
-                actor_id=str(self.request.user.id),
                issue_id=str(self.kwargs.get("issue_id")),
                project_id=str(self.kwargs.get("project_id")),
+                actor_id=str(link.created_by_id),
                current_instance=None,
                epoch=int(timezone.now().timestamp()),
            )
@@ -771,12 +917,24 @@ class IssueCommentAPIEndpoint(BaseAPIView):
                issue_id=issue_id,
                actor=request.user,
            )
+            issue_comment = IssueComment.objects.get(
+                pk=serializer.data.get("id")
+            )
+            # Update the created_at and the created_by and save the comment
+            issue_comment.created_at = request.data.get(
+                "created_at", timezone.now()
+            )
+            issue_comment.created_by_id = request.data.get(
+                "created_by", request.user.id
+            )
+            issue_comment.save(update_fields=["created_at", "created_by"])
+
            issue_activity.delay(
                type="comment.activity.created",
                requested_data=json.dumps(
                    serializer.data, cls=DjangoJSONEncoder
                ),
-                actor_id=str(self.request.user.id),
+                actor_id=str(issue_comment.created_by_id),
                issue_id=str(self.kwargs.get("issue_id")),
                project_id=str(self.kwargs.get("project_id")),
                current_instance=None,
--- a/apiserver/plane/api/views/member.py
+++ b/apiserver/plane/api/views/member.py
@@ -21,11 +21,19 @@ from plane.db.models import (
    ProjectMember,
 )

+from plane.app.permissions import (
+    ProjectMemberPermission,
+)
+

 # API endpoint to get and insert users inside the workspace
-class WorkspaceMemberAPIEndpoint(BaseAPIView):
+class ProjectMemberAPIEndpoint(BaseAPIView):
+    permission_classes = [
+        ProjectMemberPermission,
+    ]
+
    # Get all the users that are present inside the workspace
-    def get(self, request, slug):
+    def get(self, request, slug, project_id):
        # Check if the workspace exists
        if not Workspace.objects.filter(slug=slug).exists():
            return Response(
@@ -34,14 +42,14 @@ class WorkspaceMemberAPIEndpoint(BaseAPIView):
            )

        # Get the workspace members that are present inside the workspace
-        workspace_members = WorkspaceMember.objects.filter(
-            workspace__slug=slug
-        )
+        project_members = ProjectMember.objects.filter(
+            project_id=project_id, workspace__slug=slug
+        ).values_list("member_id", flat=True)

        # Get all the users that are present inside the workspace
        users = UserLiteSerializer(
            User.objects.filter(
-                id__in=workspace_members.values_list("member_id", flat=True)
+                id__in=project_members,
            ),
            many=True,
        ).data
@@ -49,14 +57,13 @@ class WorkspaceMemberAPIEndpoint(BaseAPIView):
        return Response(users, status=status.HTTP_200_OK)

    # Insert a new user inside the workspace, and assign the user to the project
-    def post(self, request, slug):
+    def post(self, request, slug, project_id):
        # Check if user with email already exists, and send bad request if it's
        # not present, check for workspace and valid project mandat
        # ------------------- Validation -------------------
        if (
            request.data.get("email") is None
            or request.data.get("display_name") is None
-            or request.data.get("project_id") is None
        ):
            return Response(
                {
@@ -76,9 +83,7 @@ class WorkspaceMemberAPIEndpoint(BaseAPIView):
            )

        workspace = Workspace.objects.filter(slug=slug).first()
-        project = Project.objects.filter(
-            pk=request.data.get("project_id")
-        ).first()
+        project = Project.objects.filter(pk=project_id).first()

        if not all([workspace, project]):
            return Response(
@@ -128,7 +133,7 @@ class WorkspaceMemberAPIEndpoint(BaseAPIView):
            workspace_member = WorkspaceMember.objects.create(
                workspace=workspace,
                member=user,
-                role=request.data.get("role", 10),
+                role=request.data.get("role", 5),
            )
            workspace_member.save()

@@ -137,7 +142,7 @@ class WorkspaceMemberAPIEndpoint(BaseAPIView):
            project_member = ProjectMember.objects.create(
                project=project,
                member=user,
-                role=request.data.get("role", 10),
+                role=request.data.get("role", 5),
            )
            project_member.save()

@@ -145,3 +150,4 @@ class WorkspaceMemberAPIEndpoint(BaseAPIView):
        user_data = UserLiteSerializer(user).data

        return Response(user_data, status=status.HTTP_201_CREATED)
+
--- a/apiserver/plane/api/views/module.py
+++ b/apiserver/plane/api/views/module.py
@@ -18,7 +18,7 @@ from plane.api.serializers import (
    ModuleSerializer,
 )
 from plane.app.permissions import ProjectEntityPermission
-from plane.bgtasks.issue_activites_task import issue_activity
+from plane.bgtasks.issue_activities_task import issue_activity
 from plane.db.models import (
    Issue,
    IssueAttachment,
@@ -28,6 +28,7 @@ from plane.db.models import (
    ModuleLink,
    Project,
    ProjectMember,
+    UserFavorite,
 )

 from .base import BaseAPIView
@@ -297,10 +298,25 @@ class ModuleAPIEndpoint(BaseAPIView):
            actor_id=str(request.user.id),
            issue_id=None,
            project_id=str(project_id),
-            current_instance=None,
+            current_instance=json.dumps(
+                {
+                    "module_name": str(module.name),
+                }
+            ),
            epoch=int(timezone.now().timestamp()),
        )
        module.delete()
+        # Delete the module issues
+        ModuleIssue.objects.filter(
+            module=pk,
+            project_id=project_id,
+        ).delete()
+        # Delete the user favorite module
+        UserFavorite.objects.filter(
+            entity_type="module",
+            entity_identifier=pk,
+            project_id=project_id,
+        ).delete()
        return Response(status=status.HTTP_204_NO_CONTENT)


@@ -508,7 +524,6 @@ class ModuleIssueAPIEndpoint(BaseAPIView):


 class ModuleArchiveUnarchiveAPIEndpoint(BaseAPIView):
-
    permission_classes = [
        ProjectEntityPermission,
    ]
@@ -623,6 +638,12 @@ class ModuleArchiveUnarchiveAPIEndpoint(BaseAPIView):
            )
        module.archived_at = timezone.now()
        module.save()
+        UserFavorite.objects.filter(
+            entity_type="module",
+            entity_identifier=pk,
+            project_id=project_id,
+            workspace__slug=slug,
+        ).delete()
        return Response(status=status.HTTP_204_NO_CONTENT)

    def delete(self, request, slug, project_id, pk):
--- a/apiserver/plane/api/views/project.py
+++ b/apiserver/plane/api/views/project.py
@@ -26,6 +26,7 @@ from plane.db.models import (
    ProjectMember,
    State,
    Workspace,
+    UserFavorite,
 )
 from plane.bgtasks.webhook_task import model_activity
 from .base import BaseAPIView
@@ -356,6 +357,12 @@ class ProjectAPIEndpoint(BaseAPIView):

    def delete(self, request, slug, pk):
        project = Project.objects.get(pk=pk, workspace__slug=slug)
+        # Delete the user favorite cycle
+        UserFavorite.objects.filter(
+            entity_type="project",
+            entity_identifier=pk,
+            project_id=pk,
+        ).delete()
        project.delete()
        return Response(status=status.HTTP_204_NO_CONTENT)

@@ -370,6 +377,10 @@ class ProjectArchiveUnarchiveAPIEndpoint(BaseAPIView):
        project = Project.objects.get(pk=project_id, workspace__slug=slug)
        project.archived_at = timezone.now()
        project.save()
+        UserFavorite.objects.filter(
+            workspace__slug=slug,
+            project=project_id,
+        ).delete()
        return Response(status=status.HTTP_204_NO_CONTENT)

    def delete(self, request, slug, project_id):
--- a/apiserver/plane/app/permissions/init.py
+++ b/apiserver/plane/app/permissions/init.py
@@ -12,3 +12,4 @@ from .project import (
    ProjectMemberPermission,
    ProjectLitePermission,
 )
+from .base import allow_permission, ROLE
--- a/apiserver/plane/app/permissions/base.py
+++ b/apiserver/plane/app/permissions/base.py
@@ -0,0 +1,60 @@
+from plane.db.models import WorkspaceMember, ProjectMember
+from functools import wraps
+from rest_framework.response import Response
+from rest_framework import status
+
+from enum import Enum
+
+class ROLE(Enum):
+    ADMIN = 20
+    MEMBER = 15
+    GUEST = 5
+
+
+def allow_permission(allowed_roles, level="PROJECT", creator=False, model=None):
+    def decorator(view_func):
+        @wraps(view_func)
+        def _wrapped_view(instance, request, *args, **kwargs):
+
+            # Check for creator if required
+            if creator and model:
+                obj = model.objects.filter(
+                    id=kwargs["pk"], created_by=request.user
+                ).exists()
+                if obj:
+                    return view_func(instance, request, *args, **kwargs)
+
+            # Convert allowed_roles to their values if they are enum members
+            allowed_role_values = [
+                role.value if isinstance(role, ROLE) else role
+                for role in allowed_roles
+            ]
+
+            # Check role permissions
+            if level == "WORKSPACE":
+                if WorkspaceMember.objects.filter(
+                    member=request.user,
+                    workspace__slug=kwargs["slug"],
+                    role__in=allowed_role_values,
+                    is_active=True,
+                ).exists():
+                    return view_func(instance, request, *args, **kwargs)
+            else:
+                if ProjectMember.objects.filter(
+                    member=request.user,
+                    workspace__slug=kwargs["slug"],
+                    project_id=kwargs["project_id"],
+                    role__in=allowed_role_values,
+                    is_active=True,
+                ).exists():
+                    return view_func(instance, request, *args, **kwargs)
+
+            # Return permission denied if no conditions are met
+            return Response(
+                {"error": "You don't have the required permissions."},
+                status=status.HTTP_403_FORBIDDEN,
+            )
+
+        return _wrapped_view
+
+    return decorator
--- a/apiserver/plane/app/permissions/project.py
+++ b/apiserver/plane/app/permissions/project.py
@@ -7,7 +7,6 @@ from plane.db.models import ProjectMember, WorkspaceMember
 # Permission Mappings
 Admin = 20
 Member = 15
-Viewer = 10
 Guest = 5


--- a/apiserver/plane/app/permissions/workspace.py
+++ b/apiserver/plane/app/permissions/workspace.py
@@ -6,9 +6,8 @@ from plane.db.models import WorkspaceMember


 # Permission Mappings
-Owner = 20
-Admin = 15
-Member = 10
+Admin = 20
+Member = 15
 Guest = 5


@@ -31,7 +30,7 @@ class WorkSpaceBasePermission(BasePermission):
            return WorkspaceMember.objects.filter(
                member=request.user,
                workspace__slug=view.workspace_slug,
-                role__in=[Owner, Admin],
+                role__in=[Admin, Member],
                is_active=True,
            ).exists()

@@ -40,7 +39,7 @@ class WorkSpaceBasePermission(BasePermission):
            return WorkspaceMember.objects.filter(
                member=request.user,
                workspace__slug=view.workspace_slug,
-                role=Owner,
+                role=Admin,
                is_active=True,
            ).exists()

@@ -53,7 +52,7 @@ class WorkspaceOwnerPermission(BasePermission):
        return WorkspaceMember.objects.filter(
            workspace__slug=view.workspace_slug,
            member=request.user,
-            role=Owner,
+            role=Admin,
        ).exists()


@@ -65,7 +64,7 @@ class WorkSpaceAdminPermission(BasePermission):
        return WorkspaceMember.objects.filter(
            member=request.user,
            workspace__slug=view.workspace_slug,
-            role__in=[Owner, Admin],
+            role__in=[Admin, Member],
            is_active=True,
        ).exists()

@@ -86,7 +85,7 @@ class WorkspaceEntityPermission(BasePermission):
        return WorkspaceMember.objects.filter(
            member=request.user,
            workspace__slug=view.workspace_slug,
-            role__in=[Owner, Admin],
+            role__in=[Admin, Member],
            is_active=True,
        ).exists()

--- a/apiserver/plane/app/serializers/init.py
+++ b/apiserver/plane/app/serializers/init.py
@@ -92,6 +92,7 @@ from .page import (
    SubPageSerializer,
    PageDetailSerializer,
    PageVersionSerializer,
+    PageVersionDetailSerializer,
 )

 from .estimate import (
@@ -121,3 +122,5 @@ from .exporter import ExporterHistorySerializer
 from .webhook import WebhookSerializer, WebhookLogSerializer

 from .dashboard import DashboardSerializer, WidgetSerializer
+
+from .favorite import UserFavoriteSerializer
--- a/apiserver/plane/app/serializers/favorite.py
+++ b/apiserver/plane/app/serializers/favorite.py
@@ -0,0 +1,101 @@
+from rest_framework import serializers
+
+from plane.db.models import (
+    UserFavorite,
+    Cycle,
+    Module,
+    Issue,
+    IssueView,
+    Page,
+    Project,
+)
+
+
+class ProjectFavoriteLiteSerializer(serializers.ModelSerializer):
+
+    class Meta:
+        model = Project
+        fields = ["id", "name", "logo_props"]
+
+
+class PageFavoriteLiteSerializer(serializers.ModelSerializer):
+    project_id = serializers.SerializerMethodField()
+
+    class Meta:
+        model = Page
+        fields = ["id", "name", "logo_props", "project_id"]
+
+    def get_project_id(self, obj):
+        project = (
+            obj.projects.first()
+        )  # This gets the first project related to the Page
+        return project.id if project else None
+
+
+class CycleFavoriteLiteSerializer(serializers.ModelSerializer):
+
+    class Meta:
+        model = Cycle
+        fields = ["id", "name", "logo_props", "project_id"]
+
+
+class ModuleFavoriteLiteSerializer(serializers.ModelSerializer):
+
+    class Meta:
+        model = Module
+        fields = ["id", "name", "logo_props", "project_id"]
+
+
+class ViewFavoriteSerializer(serializers.ModelSerializer):
+
+    class Meta:
+        model = IssueView
+        fields = ["id", "name", "logo_props", "project_id"]
+
+
+def get_entity_model_and_serializer(entity_type):
+    entity_map = {
+        "cycle": (Cycle, CycleFavoriteLiteSerializer),
+        "issue": (Issue, None),
+        "module": (Module, ModuleFavoriteLiteSerializer),
+        "view": (IssueView, ViewFavoriteSerializer),
+        "page": (Page, PageFavoriteLiteSerializer),
+        "project": (Project, ProjectFavoriteLiteSerializer),
+        "folder": (None, None),
+    }
+    return entity_map.get(entity_type, (None, None))
+
+
+class UserFavoriteSerializer(serializers.ModelSerializer):
+    entity_data = serializers.SerializerMethodField()
+
+    class Meta:
+        model = UserFavorite
+        fields = [
+            "id",
+            "entity_type",
+            "entity_identifier",
+            "entity_data",
+            "name",
+            "is_folder",
+            "sequence",
+            "parent",
+            "workspace_id",
+            "project_id",
+        ]
+        read_only_fields = ["workspace", "created_by", "updated_by"]
+
+    def get_entity_data(self, obj):
+        entity_type = obj.entity_type
+        entity_identifier = obj.entity_identifier
+
+        entity_model, entity_serializer = get_entity_model_and_serializer(
+            entity_type
+        )
+        if entity_model and entity_serializer:
+            try:
+                entity = entity_model.objects.get(pk=entity_identifier)
+                return entity_serializer(entity).data
+            except entity_model.DoesNotExist:
+                return None
+        return None
--- a/apiserver/plane/app/serializers/issue.py
+++ b/apiserver/plane/app/serializers/issue.py
@@ -437,17 +437,21 @@ class IssueLinkSerializer(BaseSerializer):
            "issue",
        ]

-    def validate_url(self, value):
-        # Check URL format
-        validate_url = URLValidator()
-        try:
-            validate_url(value)
-        except ValidationError:
-            raise serializers.ValidationError("Invalid URL format.")
+    def to_internal_value(self, data):
+        # Modify the URL before validation by appending http:// if missing
+        url = data.get("url", "")
+        if url and not url.startswith(("http://", "https://")):
+            data["url"] = "http://" + url

-        # Check URL scheme
-        if not value.startswith(("http://", "https://")):
-            raise serializers.ValidationError("Invalid URL scheme.")
+        return super().to_internal_value(data)
+
+    def validate_url(self, value):
+        # Use Django's built-in URLValidator for validation
+        url_validator = URLValidator()
+        try:
+            url_validator(value)
+        except ValidationError:
+            raise serializers.ValidationError({"error": "Invalid URL format."})

        return value

@@ -533,6 +537,7 @@ class IssueReactionSerializer(BaseSerializer):
            "project",
            "issue",
            "actor",
+            "deleted_at",
        ]


@@ -551,7 +556,13 @@ class CommentReactionSerializer(BaseSerializer):
    class Meta:
        model = CommentReaction
        fields = "__all__"
-        read_only_fields = ["workspace", "project", "comment", "actor"]
+        read_only_fields = [
+            "workspace",
+            "project",
+            "comment",
+            "actor",
+            "deleted_at",
+        ]


 class IssueVoteSerializer(BaseSerializer):
--- a/apiserver/plane/app/serializers/module.py
+++ b/apiserver/plane/app/serializers/module.py
@@ -5,6 +5,10 @@ from rest_framework import serializers
 from .base import BaseSerializer, DynamicBaseSerializer
 from .project import ProjectLiteSerializer

+# Django imports
+from django.core.validators import URLValidator
+from django.core.exceptions import ValidationError
+
 from plane.db.models import (
    User,
    Module,
@@ -39,6 +43,7 @@ class ModuleWriteSerializer(BaseSerializer):
            "created_at",
            "updated_at",
            "archived_at",
+            "deleted_at",
        ]

    def to_representation(self, instance):
@@ -63,6 +68,16 @@ class ModuleWriteSerializer(BaseSerializer):
        members = validated_data.pop("member_ids", None)
        project = self.context["project"]

+        module_name = validated_data.get("name")
+        if module_name:
+            # Lookup for the module name in the module table for that project
+            if Module.objects.filter(
+                name=module_name, project=project
+            ).exists():
+                raise serializers.ValidationError(
+                    {"error": "Module with this name already exists"}
+                )
+
        module = Module.objects.create(**validated_data, project=project)
        if members is not None:
            ModuleMember.objects.bulk_create(
@@ -85,6 +100,19 @@ class ModuleWriteSerializer(BaseSerializer):

    def update(self, instance, validated_data):
        members = validated_data.pop("member_ids", None)
+        module_name = validated_data.get("name")
+        if module_name:
+            # Lookup for the module name in the module table for that project
+            if (
+                Module.objects.filter(
+                    name=module_name, project=instance.project
+                )
+                .exclude(id=instance.id)
+                .exists()
+            ):
+                raise serializers.ValidationError(
+                    {"error": "Module with this name already exists"}
+                )

        if members is not None:
            ModuleMember.objects.filter(module=instance).delete()
@@ -154,16 +182,48 @@ class ModuleLinkSerializer(BaseSerializer):
            "module",
        ]

-    # Validation if url already exists
+    def to_internal_value(self, data):
+        # Modify the URL before validation by appending http:// if missing
+        url = data.get("url", "")
+        if url and not url.startswith(("http://", "https://")):
+            data["url"] = "http://" + url
+
+        return super().to_internal_value(data)
+
+    def validate_url(self, value):
+        # Use Django's built-in URLValidator for validation
+        url_validator = URLValidator()
+        try:
+            url_validator(value)
+        except ValidationError:
+            raise serializers.ValidationError({"error": "Invalid URL format."})
+
+        return value
+
    def create(self, validated_data):
+        validated_data["url"] = self.validate_url(validated_data.get("url"))
        if ModuleLink.objects.filter(
            url=validated_data.get("url"),
            module_id=validated_data.get("module_id"),
        ).exists():
+            raise serializers.ValidationError({"error": "URL already exists."})
+        return super().create(validated_data)
+
+    def update(self, instance, validated_data):
+        validated_data["url"] = self.validate_url(validated_data.get("url"))
+        if (
+            ModuleLink.objects.filter(
+                url=validated_data.get("url"),
+                module_id=instance.module_id,
+            )
+            .exclude(pk=instance.id)
+            .exists()
+        ):
            raise serializers.ValidationError(
                {"error": "URL already exists for this Issue"}
            )
-        return ModuleLink.objects.create(**validated_data)
+
+        return super().update(instance, validated_data)


 class ModuleSerializer(DynamicBaseSerializer):
@@ -228,7 +288,14 @@ class ModuleDetailSerializer(ModuleSerializer):
    cancelled_estimate_points = serializers.FloatField(read_only=True)

    class Meta(ModuleSerializer.Meta):
-        fields = ModuleSerializer.Meta.fields + ["link_module", "sub_issues", "backlog_estimate_points", "unstarted_estimate_points", "started_estimate_points", "cancelled_estimate_points"]
+        fields = ModuleSerializer.Meta.fields + [
+            "link_module",
+            "sub_issues",
+            "backlog_estimate_points",
+            "unstarted_estimate_points",
+            "started_estimate_points",
+            "cancelled_estimate_points",
+        ]


 class ModuleUserPropertiesSerializer(BaseSerializer):
--- a/apiserver/plane/app/serializers/page.py
+++ b/apiserver/plane/app/serializers/page.py
@@ -167,7 +167,40 @@ class PageLogSerializer(BaseSerializer):
 class PageVersionSerializer(BaseSerializer):
    class Meta:
        model = PageVersion
-        fields = "__all__"
+        fields = [
+            "id",
+            "workspace",
+            "page",
+            "last_saved_at",
+            "owned_by",
+            "created_at",
+            "updated_at",
+            "created_by",
+            "updated_by",
+        ]
+        read_only_fields = [
+            "workspace",
+            "page",
+        ]
+
+
+class PageVersionDetailSerializer(BaseSerializer):
+    class Meta:
+        model = PageVersion
+        fields = [
+            "id",
+            "workspace",
+            "page",
+            "last_saved_at",
+            "description_binary",
+            "description_html",
+            "description_json",
+            "owned_by",
+            "created_at",
+            "updated_at",
+            "created_by",
+            "updated_by",
+        ]
        read_only_fields = [
            "workspace",
            "page",
--- a/apiserver/plane/app/serializers/project.py
+++ b/apiserver/plane/app/serializers/project.py
@@ -28,6 +28,7 @@ class ProjectSerializer(BaseSerializer):
        fields = "__all__"
        read_only_fields = [
            "workspace",
+            "deleted_at",
        ]

    def create(self, validated_data):
--- a/apiserver/plane/app/serializers/user.py
+++ b/apiserver/plane/app/serializers/user.py
@@ -16,26 +16,39 @@ from .base import BaseSerializer
 class UserSerializer(BaseSerializer):
    class Meta:
        model = User
-        fields = "__all__"
+        # Exclude password field from the serializer
+        fields = [
+            field.name
+            for field in User._meta.fields
+            if field.name != "password"
+        ]
+        # Make all system fields and email read only
        read_only_fields = [
            "id",
+            "username",
+            "mobile_number",
+            "email",
+            "token",
            "created_at",
            "updated_at",
            "is_superuser",
            "is_staff",
+            "is_managed",
            "last_active",
            "last_login_time",
            "last_logout_time",
            "last_login_ip",
            "last_logout_ip",
            "last_login_uagent",
-            "token_updated_at",
+            "last_location",
+            "last_login_medium",
+            "created_location",
            "is_bot",
            "is_password_autoset",
            "is_email_verified",
            "is_active",
+            "token_updated_at",
        ]
-        extra_kwargs = {"password": {"write_only": True}}

        # If the user has already filled first name or last name then he is onboarded
        def get_is_onboarded(self, obj):
@@ -163,6 +176,7 @@ class UserAdminLiteSerializer(BaseSerializer):
            "is_bot",
            "display_name",
            "email",
+            "last_login_medium",
        ]
        read_only_fields = [
            "id",
@@ -208,9 +222,15 @@ class ProfileSerializer(BaseSerializer):
    class Meta:
        model = Profile
        fields = "__all__"
+        read_only_fields = [
+            "user",
+        ]


 class AccountSerializer(BaseSerializer):
    class Meta:
        model = Account
        fields = "__all__"
+        read_only_fields = [
+            "user",
+        ]
--- a/apiserver/plane/app/serializers/webhook.py
+++ b/apiserver/plane/app/serializers/webhook.py
@@ -40,7 +40,7 @@ class WebhookSerializer(DynamicBaseSerializer):

        for addr in ip_addresses:
            ip = ipaddress.ip_address(addr[4][0])
-            if ip.is_private or ip.is_loopback:
+            if ip.is_loopback:
                raise serializers.ValidationError(
                    {"url": "URL resolves to a blocked IP address."}
                )
@@ -92,7 +92,7 @@ class WebhookSerializer(DynamicBaseSerializer):

            for addr in ip_addresses:
                ip = ipaddress.ip_address(addr[4][0])
-                if ip.is_private or ip.is_loopback:
+                if ip.is_loopback:
                    raise serializers.ValidationError(
                        {"url": "URL resolves to a blocked IP address."}
                    )
--- a/apiserver/plane/app/urls/api.py
+++ b/apiserver/plane/app/urls/api.py
@@ -1,5 +1,5 @@
 from django.urls import path
-from plane.app.views import ApiTokenEndpoint
+from plane.app.views import ApiTokenEndpoint, ServiceApiTokenEndpoint

 urlpatterns = [
    # API Tokens
@@ -13,5 +13,10 @@ urlpatterns = [
        ApiTokenEndpoint.as_view(),
        name="api-tokens",
    ),
+    path(
+        "workspaces/<str:slug>/service-api-tokens/",
+        ServiceApiTokenEndpoint.as_view(),
+        name="service-api-tokens",
+    ),
    ## End API Tokens
 ]
--- a/apiserver/plane/app/urls/cycle.py
+++ b/apiserver/plane/app/urls/cycle.py
@@ -6,6 +6,8 @@ from plane.app.views import (
    CycleIssueViewSet,
    CycleDateCheckEndpoint,
    CycleFavoriteViewSet,
+    CycleProgressEndpoint,
+    CycleAnalyticsEndpoint,
    TransferCycleIssueEndpoint,
    CycleUserPropertiesEndpoint,
    CycleArchiveUnarchiveEndpoint,
@@ -106,4 +108,14 @@ urlpatterns = [
        CycleArchiveUnarchiveEndpoint.as_view(),
        name="cycle-archive-unarchive",
    ),
+    path(
+        "workspaces/<str:slug>/projects/<uuid:project_id>/cycles/<uuid:cycle_id>/progress/",
+        CycleProgressEndpoint.as_view(),
+        name="project-cycle",
+    ),
+    path(
+        "workspaces/<str:slug>/projects/<uuid:project_id>/cycles/<uuid:cycle_id>/analytics/",
+        CycleAnalyticsEndpoint.as_view(),
+        name="project-cycle",
+    ),
 ]
--- a/apiserver/plane/app/urls/inbox.py
+++ b/apiserver/plane/app/urls/inbox.py
@@ -40,7 +40,7 @@ urlpatterns = [
        name="inbox-issue",
    ),
    path(
-        "workspaces/<str:slug>/projects/<uuid:project_id>/inbox-issues/<uuid:issue_id>/",
+        "workspaces/<str:slug>/projects/<uuid:project_id>/inbox-issues/<uuid:pk>/",
        InboxIssueViewSet.as_view(
            {
                "get": "retrieve",
--- a/apiserver/plane/app/urls/issue.py
+++ b/apiserver/plane/app/urls/issue.py
@@ -19,8 +19,8 @@ from plane.app.views import (
    IssueUserDisplayPropertyEndpoint,
    IssueViewSet,
    LabelViewSet,
-    BulkIssueOperationsEndpoint,
    BulkArchiveIssuesEndpoint,
+    IssuePaginatedViewSet,
 )

 urlpatterns = [
@@ -39,6 +39,12 @@ urlpatterns = [
        ),
        name="project-issue",
    ),
+    # updated v1 paginated issues
+    path(
+        "workspaces/<str:slug>/projects/<uuid:project_id>/v2/issues/",
+        IssuePaginatedViewSet.as_view({"get": "list"}),
+        name="project-issues-paginated",
+    ),
    path(
        "workspaces/<str:slug>/projects/<uuid:project_id>/issues/<uuid:pk>/",
        IssueViewSet.as_view(
@@ -305,9 +311,4 @@ urlpatterns = [
        ),
        name="project-issue-draft",
    ),
-    path(
-        "workspaces/<str:slug>/projects/<uuid:project_id>/bulk-operation-issues/",
-        BulkIssueOperationsEndpoint.as_view(),
-        name="bulk-operations-issues",
-    ),
 ]
--- a/apiserver/plane/app/urls/workspace.py
+++ b/apiserver/plane/app/urls/workspace.py
@@ -25,6 +25,8 @@ from plane.app.views import (
    ExportWorkspaceUserActivityEndpoint,
    WorkspaceModulesEndpoint,
    WorkspaceCyclesEndpoint,
+    WorkspaceFavoriteEndpoint,
+    WorkspaceFavoriteGroupEndpoint,
 )


@@ -237,4 +239,19 @@ urlpatterns = [
        WorkspaceCyclesEndpoint.as_view(),
        name="workspace-cycles",
    ),
+    path(
+        "workspaces/<str:slug>/user-favorites/",
+        WorkspaceFavoriteEndpoint.as_view(),
+        name="workspace-user-favorites",
+    ),
+    path(
+        "workspaces/<str:slug>/user-favorites/<uuid:favorite_id>/",
+        WorkspaceFavoriteEndpoint.as_view(),
+        name="workspace-user-favorites",
+    ),
+    path(
+        "workspaces/<str:slug>/user-favorites/<uuid:favorite_id>/group/",
+        WorkspaceFavoriteGroupEndpoint.as_view(),
+        name="workspace-user-favorites-groups",
+    ),
 ]
--- a/apiserver/plane/app/views/init.py
+++ b/apiserver/plane/app/views/init.py
@@ -40,6 +40,11 @@ from .workspace.base import (
    ExportWorkspaceUserActivityEndpoint,
 )

+from .workspace.favorite import (
+    WorkspaceFavoriteEndpoint,
+    WorkspaceFavoriteGroupEndpoint,
+)
+
 from .workspace.member import (
    WorkSpaceMemberViewSet,
    TeamMemberViewSet,
@@ -93,6 +98,8 @@ from .cycle.base import (
    CycleUserPropertiesEndpoint,
    CycleViewSet,
    TransferCycleIssueEndpoint,
+    CycleAnalyticsEndpoint,
+    CycleProgressEndpoint,
 )
 from .cycle.issue import (
    CycleIssueViewSet,
@@ -107,6 +114,7 @@ from .issue.base import (
    IssueViewSet,
    IssueUserDisplayPropertyEndpoint,
    BulkDeleteIssuesEndpoint,
+    IssuePaginatedViewSet,
 )

 from .issue.activity import (
@@ -151,9 +159,6 @@ from .issue.subscriber import (
    IssueSubscriberViewSet,
 )

-
-from .issue.bulk_operations import BulkIssueOperationsEndpoint
-
 from .module.base import (
    ModuleViewSet,
    ModuleLinkViewSet,
@@ -169,8 +174,10 @@ from .module.archive import (
    ModuleArchiveUnarchiveEndpoint,
 )

-from .api import ApiTokenEndpoint
-
+from .api import (
+    ApiTokenEndpoint,
+    ServiceApiTokenEndpoint,
+)

 from .page.base import (
    PageViewSet,
--- a/apiserver/plane/app/views/analytic/base.py
+++ b/apiserver/plane/app/views/analytic/base.py
@@ -7,22 +7,26 @@ from django.utils import timezone
 from rest_framework import status
 from rest_framework.response import Response

+# Module imports
 from plane.app.permissions import WorkSpaceAdminPermission
 from plane.app.serializers import AnalyticViewSerializer
-
-# Module imports
 from plane.app.views.base import BaseAPIView, BaseViewSet
 from plane.bgtasks.analytic_plot_export import analytic_export_task
 from plane.db.models import AnalyticView, Issue, Workspace
 from plane.utils.analytics_plot import build_graph_plot
 from plane.utils.issue_filters import issue_filters
+from plane.app.permissions import allow_permission, ROLE


 class AnalyticsEndpoint(BaseAPIView):
-    permission_classes = [
-        WorkSpaceAdminPermission,
-    ]

+    @allow_permission(
+        [
+            ROLE.ADMIN,
+            ROLE.MEMBER,
+        ],
+        level="WORKSPACE",
+    )
    def get(self, request, slug):
        x_axis = request.GET.get("x_axis", False)
        y_axis = request.GET.get("y_axis", False)
@@ -201,10 +205,14 @@ class AnalyticViewViewset(BaseViewSet):


 class SavedAnalyticEndpoint(BaseAPIView):
-    permission_classes = [
-        WorkSpaceAdminPermission,
-    ]

+    @allow_permission(
+        [
+            ROLE.ADMIN,
+            ROLE.MEMBER,
+        ],
+        level="WORKSPACE",
+    )
    def get(self, request, slug, analytic_id):
        analytic_view = AnalyticView.objects.get(
            pk=analytic_id, workspace__slug=slug
@@ -234,10 +242,14 @@ class SavedAnalyticEndpoint(BaseAPIView):


 class ExportAnalyticsEndpoint(BaseAPIView):
-    permission_classes = [
-        WorkSpaceAdminPermission,
-    ]

+    @allow_permission(
+        [
+            ROLE.ADMIN,
+            ROLE.MEMBER,
+        ],
+        level="WORKSPACE",
+    )
    def post(self, request, slug):
        x_axis = request.data.get("x_axis", False)
        y_axis = request.data.get("y_axis", False)
@@ -301,10 +313,8 @@ class ExportAnalyticsEndpoint(BaseAPIView):


 class DefaultAnalyticsEndpoint(BaseAPIView):
-    permission_classes = [
-        WorkSpaceAdminPermission,
-    ]

+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER, ROLE.GUEST], level="WORKSPACE")
    def get(self, request, slug):
        filters = issue_filters(request.GET, "GET")
        base_issues = Issue.issue_objects.filter(
@@ -380,12 +390,10 @@ class DefaultAnalyticsEndpoint(BaseAPIView):
            .order_by("-count")
        )

-        open_estimate_sum = open_issues_queryset.aggregate(
-            sum=Sum("point")
-        )["sum"]
-        total_estimate_sum = base_issues.aggregate(sum=Sum("point"))[
+        open_estimate_sum = open_issues_queryset.aggregate(sum=Sum("point"))[
            "sum"
        ]
+        total_estimate_sum = base_issues.aggregate(sum=Sum("point"))["sum"]

        return Response(
            {
--- a/apiserver/plane/app/views/api.py
+++ b/apiserver/plane/app/views/api.py
@@ -45,7 +45,7 @@ class ApiTokenEndpoint(BaseAPIView):
    def get(self, request, slug, pk=None):
        if pk is None:
            api_tokens = APIToken.objects.filter(
-                user=request.user, workspace__slug=slug
+                user=request.user, workspace__slug=slug, is_service=False
            )
            serializer = APITokenReadSerializer(api_tokens, many=True)
            return Response(serializer.data, status=status.HTTP_200_OK)
@@ -61,6 +61,7 @@ class ApiTokenEndpoint(BaseAPIView):
            workspace__slug=slug,
            user=request.user,
            pk=pk,
+            is_service=False,
        )
        api_token.delete()
        return Response(status=status.HTTP_204_NO_CONTENT)
@@ -78,3 +79,44 @@ class ApiTokenEndpoint(BaseAPIView):
            serializer.save()
            return Response(serializer.data, status=status.HTTP_200_OK)
        return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
+
+
+class ServiceApiTokenEndpoint(BaseAPIView):
+    permission_classes = [
+        WorkspaceOwnerPermission,
+    ]
+
+    def post(self, request, slug):
+        workspace = Workspace.objects.get(slug=slug)
+
+        api_token = APIToken.objects.filter(
+            workspace=workspace,
+            is_service=True,
+        ).first()
+
+        if api_token:
+            return Response(
+                {
+                    "token": str(api_token.token),
+                },
+                status=status.HTTP_200_OK,
+            )
+        else:
+            # Check the user type
+            user_type = 1 if request.user.is_bot else 0
+
+            api_token = APIToken.objects.create(
+                label=str(uuid4().hex),
+                description="Service Token",
+                user=request.user,
+                workspace=workspace,
+                user_type=user_type,
+                is_service=True,
+            )
+            return Response(
+                {
+                    "token": str(api_token.token),
+                },
+                status=status.HTTP_201_CREATED,
+            )
+
--- a/apiserver/plane/app/views/cycle/archive.py
+++ b/apiserver/plane/app/views/cycle/archive.py
@@ -14,21 +14,18 @@ from django.db.models import (
    UUIDField,
    Value,
    When,
+    Subquery,
+    Sum,
+    FloatField,
 )
-from django.db.models.functions import Coalesce
+from django.db.models.functions import Coalesce, Cast
 from django.utils import timezone

 # Third party imports
 from rest_framework import status
 from rest_framework.response import Response
-from plane.app.permissions import ProjectEntityPermission
-from plane.db.models import (
-    Cycle,
-    UserFavorite,
-    Issue,
-    Label,
-    User,
-)
+from plane.app.permissions import allow_permission, ROLE
+from plane.db.models import Cycle, UserFavorite, Issue, Label, User, Project
 from plane.utils.analytics_plot import burndown_plot

 # Module imports
@@ -37,10 +34,6 @@ from .. import BaseAPIView

 class CycleArchiveUnarchiveEndpoint(BaseAPIView):

-    permission_classes = [
-        ProjectEntityPermission,
-    ]
-
    def get_queryset(self):
        favorite_subquery = UserFavorite.objects.filter(
            user=self.request.user,
@@ -49,6 +42,89 @@ class CycleArchiveUnarchiveEndpoint(BaseAPIView):
            project_id=self.kwargs.get("project_id"),
            workspace__slug=self.kwargs.get("slug"),
        )
+        backlog_estimate_point = (
+            Issue.issue_objects.filter(
+                estimate_point__estimate__type="points",
+                state__group="backlog",
+                issue_cycle__cycle_id=OuterRef("pk"),
+            )
+            .values("issue_cycle__cycle_id")
+            .annotate(
+                backlog_estimate_point=Sum(
+                    Cast("estimate_point__value", FloatField())
+                )
+            )
+            .values("backlog_estimate_point")[:1]
+        )
+        unstarted_estimate_point = (
+            Issue.issue_objects.filter(
+                estimate_point__estimate__type="points",
+                state__group="unstarted",
+                issue_cycle__cycle_id=OuterRef("pk"),
+            )
+            .values("issue_cycle__cycle_id")
+            .annotate(
+                unstarted_estimate_point=Sum(
+                    Cast("estimate_point__value", FloatField())
+                )
+            )
+            .values("unstarted_estimate_point")[:1]
+        )
+        started_estimate_point = (
+            Issue.issue_objects.filter(
+                estimate_point__estimate__type="points",
+                state__group="started",
+                issue_cycle__cycle_id=OuterRef("pk"),
+            )
+            .values("issue_cycle__cycle_id")
+            .annotate(
+                started_estimate_point=Sum(
+                    Cast("estimate_point__value", FloatField())
+                )
+            )
+            .values("started_estimate_point")[:1]
+        )
+        cancelled_estimate_point = (
+            Issue.issue_objects.filter(
+                estimate_point__estimate__type="points",
+                state__group="cancelled",
+                issue_cycle__cycle_id=OuterRef("pk"),
+            )
+            .values("issue_cycle__cycle_id")
+            .annotate(
+                cancelled_estimate_point=Sum(
+                    Cast("estimate_point__value", FloatField())
+                )
+            )
+            .values("cancelled_estimate_point")[:1]
+        )
+        completed_estimate_point = (
+            Issue.issue_objects.filter(
+                estimate_point__estimate__type="points",
+                state__group="completed",
+                issue_cycle__cycle_id=OuterRef("pk"),
+            )
+            .values("issue_cycle__cycle_id")
+            .annotate(
+                completed_estimate_points=Sum(
+                    Cast("estimate_point__value", FloatField())
+                )
+            )
+            .values("completed_estimate_points")[:1]
+        )
+        total_estimate_point = (
+            Issue.issue_objects.filter(
+                estimate_point__estimate__type="points",
+                issue_cycle__cycle_id=OuterRef("pk"),
+            )
+            .values("issue_cycle__cycle_id")
+            .annotate(
+                total_estimate_points=Sum(
+                    Cast("estimate_point__value", FloatField())
+                )
+            )
+            .values("total_estimate_points")[:1]
+        )
        return (
            Cycle.objects.filter(workspace__slug=self.kwargs.get("slug"))
            .filter(project_id=self.kwargs.get("project_id"))
@@ -172,24 +248,56 @@ class CycleArchiveUnarchiveEndpoint(BaseAPIView):
                    Value([], output_field=ArrayField(UUIDField())),
                )
            )
+            .annotate(
+                backlog_estimate_points=Coalesce(
+                    Subquery(backlog_estimate_point),
+                    Value(0, output_field=FloatField()),
+                ),
+            )
+            .annotate(
+                unstarted_estimate_points=Coalesce(
+                    Subquery(unstarted_estimate_point),
+                    Value(0, output_field=FloatField()),
+                ),
+            )
+            .annotate(
+                started_estimate_points=Coalesce(
+                    Subquery(started_estimate_point),
+                    Value(0, output_field=FloatField()),
+                ),
+            )
+            .annotate(
+                cancelled_estimate_points=Coalesce(
+                    Subquery(cancelled_estimate_point),
+                    Value(0, output_field=FloatField()),
+                ),
+            )
+            .annotate(
+                completed_estimate_points=Coalesce(
+                    Subquery(completed_estimate_point),
+                    Value(0, output_field=FloatField()),
+                ),
+            )
+            .annotate(
+                total_estimate_points=Coalesce(
+                    Subquery(total_estimate_point),
+                    Value(0, output_field=FloatField()),
+                ),
+            )
            .order_by("-is_favorite", "name")
            .distinct()
        )

+    @allow_permission(
+        [
+            ROLE.ADMIN,
+            ROLE.MEMBER,
+        ]
+    )
    def get(self, request, slug, project_id, pk=None):
        if pk is None:
            queryset = (
-                self.get_queryset()
-                .annotate(
-                    total_issues=Count(
-                        "issue_cycle",
-                        filter=Q(
-                            issue_cycle__issue__archived_at__isnull=True,
-                            issue_cycle__issue__is_draft=False,
-                        ),
-                    )
-                )
-                .values(
+                self.get_queryset().values(
                    # necessary fields
                    "id",
                    "workspace_id",
@@ -255,7 +363,10 @@ class CycleArchiveUnarchiveEndpoint(BaseAPIView):
                    "external_id",
                    "progress_snapshot",
                    "sub_issues",
+                    "logo_props",
                    # meta fields
+                    "completed_estimate_points",
+                    "total_estimate_points",
                    "is_favorite",
                    "total_issues",
                    "cancelled_issues",
@@ -265,17 +376,114 @@ class CycleArchiveUnarchiveEndpoint(BaseAPIView):
                    "backlog_issues",
                    "assignee_ids",
                    "status",
+                    "created_by",
+                    "archived_at",
                )
                .first()
            )
            queryset = queryset.first()

-            if data is None:
-                return Response(
-                    {"error": "Cycle does not exist"},
-                    status=status.HTTP_400_BAD_REQUEST,
+            estimate_type = Project.objects.filter(
+                workspace__slug=slug,
+                pk=project_id,
+                estimate__isnull=False,
+                estimate__type="points",
+            ).exists()
+
+            data["estimate_distribution"] = {}
+            if estimate_type:
+                assignee_distribution = (
+                    Issue.issue_objects.filter(
+                        issue_cycle__cycle_id=pk,
+                        workspace__slug=slug,
+                        project_id=project_id,
+                    )
+                    .annotate(display_name=F("assignees__display_name"))
+                    .annotate(assignee_id=F("assignees__id"))
+                    .annotate(avatar=F("assignees__avatar"))
+                    .values("display_name", "assignee_id", "avatar")
+                    .annotate(
+                        total_estimates=Sum(
+                            Cast("estimate_point__value", FloatField())
+                        )
+                    )
+                    .annotate(
+                        completed_estimates=Sum(
+                            Cast("estimate_point__value", FloatField()),
+                            filter=Q(
+                                completed_at__isnull=False,
+                                archived_at__isnull=True,
+                                is_draft=False,
+                            ),
+                        )
+                    )
+                    .annotate(
+                        pending_estimates=Sum(
+                            Cast("estimate_point__value", FloatField()),
+                            filter=Q(
+                                completed_at__isnull=True,
+                                archived_at__isnull=True,
+                                is_draft=False,
+                            ),
+                        )
+                    )
+                    .order_by("display_name")
                )

+                label_distribution = (
+                    Issue.issue_objects.filter(
+                        issue_cycle__cycle_id=pk,
+                        workspace__slug=slug,
+                        project_id=project_id,
+                    )
+                    .annotate(label_name=F("labels__name"))
+                    .annotate(color=F("labels__color"))
+                    .annotate(label_id=F("labels__id"))
+                    .values("label_name", "color", "label_id")
+                    .annotate(
+                        total_estimates=Sum(
+                            Cast("estimate_point__value", FloatField())
+                        )
+                    )
+                    .annotate(
+                        completed_estimates=Sum(
+                            Cast("estimate_point__value", FloatField()),
+                            filter=Q(
+                                completed_at__isnull=False,
+                                archived_at__isnull=True,
+                                is_draft=False,
+                            ),
+                        )
+                    )
+                    .annotate(
+                        pending_estimates=Sum(
+                            Cast("estimate_point__value", FloatField()),
+                            filter=Q(
+                                completed_at__isnull=True,
+                                archived_at__isnull=True,
+                                is_draft=False,
+                            ),
+                        )
+                    )
+                    .order_by("label_name")
+                )
+                data["estimate_distribution"] = {
+                    "assignees": assignee_distribution,
+                    "labels": label_distribution,
+                    "completion_chart": {},
+                }
+
+                if data["start_date"] and data["end_date"]:
+                    data["estimate_distribution"]["completion_chart"] = (
+                        burndown_plot(
+                            queryset=queryset,
+                            slug=slug,
+                            project_id=project_id,
+                            plot_type="points",
+                            cycle_id=pk,
+                        )
+                    )
+
            # Assignee Distribution
            assignee_distribution = (
                Issue.issue_objects.filter(
@@ -298,7 +506,10 @@ class CycleArchiveUnarchiveEndpoint(BaseAPIView):
                .annotate(
                    total_issues=Count(
                        "id",
-                        filter=Q(archived_at__isnull=True, is_draft=False),
+                        filter=Q(
+                            archived_at__isnull=True,
+                            is_draft=False,
+                        ),
                    ),
                )
                .annotate(
@@ -338,7 +549,10 @@ class CycleArchiveUnarchiveEndpoint(BaseAPIView):
                .annotate(
                    total_issues=Count(
                        "id",
-                        filter=Q(archived_at__isnull=True, is_draft=False),
+                        filter=Q(
+                            archived_at__isnull=True,
+                            is_draft=False,
+                        ),
                    ),
                )
                .annotate(
@@ -384,6 +598,7 @@ class CycleArchiveUnarchiveEndpoint(BaseAPIView):
                status=status.HTTP_200_OK,
            )

+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
    def post(self, request, slug, project_id, cycle_id):
        cycle = Cycle.objects.get(
            pk=cycle_id, project_id=project_id, workspace__slug=slug
@@ -397,11 +612,18 @@ class CycleArchiveUnarchiveEndpoint(BaseAPIView):

        cycle.archived_at = timezone.now()
        cycle.save()
+        UserFavorite.objects.filter(
+            entity_type="cycle",
+            entity_identifier=cycle_id,
+            project_id=project_id,
+            workspace__slug=slug,
+        ).delete()
        return Response(
            {"archived_at": str(cycle.archived_at)},
            status=status.HTTP_200_OK,
        )

+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
    def delete(self, request, slug, project_id, cycle_id):
        cycle = Cycle.objects.get(
            pk=cycle_id, project_id=project_id, workspace__slug=slug
--- a/apiserver/plane/app/views/cycle/base.py
+++ b/apiserver/plane/app/views/cycle/base.py
--- a/apiserver/plane/app/views/cycle/issue.py
+++ b/apiserver/plane/app/views/cycle/issue.py
@@ -3,12 +3,7 @@ import json

 # Django imports
 from django.core import serializers
-from django.db.models import (
-    F,
-    Func,
-    OuterRef,
-    Q,
-)
+from django.db.models import F, Func, OuterRef, Q
 from django.utils import timezone
 from django.utils.decorators import method_decorator
 from django.views.decorators.gzip import gzip_page
@@ -17,15 +12,12 @@ from django.views.decorators.gzip import gzip_page
 from rest_framework import status
 from rest_framework.response import Response

-from plane.app.permissions import (
-    ProjectEntityPermission,
-)
 # Module imports
 from .. import BaseViewSet
 from plane.app.serializers import (
    CycleIssueSerializer,
 )
-from plane.bgtasks.issue_activites_task import issue_activity
+from plane.bgtasks.issue_activities_task import issue_activity
 from plane.db.models import (
    Cycle,
    CycleIssue,
@@ -44,8 +36,8 @@ from plane.utils.paginator import (
    GroupedOffsetPaginator,
    SubGroupedOffsetPaginator,
 )
+from plane.app.permissions import allow_permission, ROLE

-# Module imports

 class CycleIssueViewSet(BaseViewSet):
    serializer_class = CycleIssueSerializer
@@ -54,10 +46,6 @@ class CycleIssueViewSet(BaseViewSet):
    webhook_event = "cycle_issue"
    bulk = True

-    permission_classes = [
-        ProjectEntityPermission,
-    ]
-
    filterset_fields = [
        "issue__labels__id",
        "issue__assignees__id",
@@ -92,6 +80,12 @@ class CycleIssueViewSet(BaseViewSet):
        )

    @method_decorator(gzip_page)
+    @allow_permission(
+        [
+            ROLE.ADMIN,
+            ROLE.MEMBER,
+        ]
+    )
    def list(self, request, slug, project_id, cycle_id):
        order_by_param = request.GET.get("order_by", "created_at")
        filters = issue_filters(request.query_params, "GET")
@@ -238,6 +232,7 @@ class CycleIssueViewSet(BaseViewSet):
                ),
            )

+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
    def create(self, request, slug, project_id, cycle_id):
        issues = request.data.get("issues", [])

@@ -333,8 +328,9 @@ class CycleIssueViewSet(BaseViewSet):
        )
        return Response({"message": "success"}, status=status.HTTP_201_CREATED)

+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
    def destroy(self, request, slug, project_id, cycle_id, issue_id):
-        cycle_issue = CycleIssue.objects.get(
+        cycle_issue = CycleIssue.objects.filter(
            issue_id=issue_id,
            workspace__slug=slug,
            project_id=project_id,
--- a/apiserver/plane/app/views/dashboard/base.py
+++ b/apiserver/plane/app/views/dashboard/base.py
@@ -43,6 +43,7 @@ from plane.db.models import (
    ProjectMember,
    User,
    Widget,
+    WorkspaceMember,
 )
 from plane.utils.issue_filters import issue_filters

@@ -51,36 +52,108 @@ from .. import BaseAPIView


 def dashboard_overview_stats(self, request, slug):
-    assigned_issues = Issue.issue_objects.filter(
-        project__project_projectmember__is_active=True,
-        project__project_projectmember__member=request.user,
-        workspace__slug=slug,
-        assignees__in=[request.user],
-    ).count()
+    assigned_issues = (
+        Issue.issue_objects.filter(
+            project__project_projectmember__is_active=True,
+            project__project_projectmember__member=request.user,
+            workspace__slug=slug,
+            assignees__in=[request.user],
+        ).filter(
+            Q(
+                project__project_projectmember__role=5,
+                project__guest_view_all_features=True,
+            )
+            | Q(
+                project__project_projectmember__role=5,
+                project__guest_view_all_features=False,
+                created_by=self.request.user,
+            )
+            |
+            # For other roles (role < 5), show all issues
+            Q(project__project_projectmember__role__gt=5),
+            project__project_projectmember__member=self.request.user,
+            project__project_projectmember__is_active=True,
+        )
+        .count()
+    )

-    pending_issues_count = Issue.issue_objects.filter(
-        ~Q(state__group__in=["completed", "cancelled"]),
-        target_date__lt=timezone.now().date(),
-        project__project_projectmember__is_active=True,
-        project__project_projectmember__member=request.user,
-        workspace__slug=slug,
-        assignees__in=[request.user],
-    ).count()
+    pending_issues_count = (
+        Issue.issue_objects.filter(
+            ~Q(state__group__in=["completed", "cancelled"]),
+            target_date__lt=timezone.now().date(),
+            project__project_projectmember__is_active=True,
+            project__project_projectmember__member=request.user,
+            workspace__slug=slug,
+            assignees__in=[request.user],
+        ).filter(
+            Q(
+                project__project_projectmember__role=5,
+                project__guest_view_all_features=True,
+            )
+            | Q(
+                project__project_projectmember__role=5,
+                project__guest_view_all_features=False,
+                created_by=self.request.user,
+            )
+            |
+            # For other roles (role < 5), show all issues
+            Q(project__project_projectmember__role__gt=5),
+            project__project_projectmember__member=self.request.user,
+            project__project_projectmember__is_active=True,
+        )
+        .count()
+    )

-    created_issues_count = Issue.issue_objects.filter(
-        workspace__slug=slug,
-        project__project_projectmember__is_active=True,
-        project__project_projectmember__member=request.user,
-        created_by_id=request.user.id,
-    ).count()
+    created_issues_count = (
+        Issue.issue_objects.filter(
+            workspace__slug=slug,
+            project__project_projectmember__is_active=True,
+            project__project_projectmember__member=request.user,
+            created_by_id=request.user.id,
+        ).filter(
+            Q(
+                project__project_projectmember__role=5,
+                project__guest_view_all_features=True,
+            )
+            | Q(
+                project__project_projectmember__role=5,
+                project__guest_view_all_features=False,
+                created_by=self.request.user,
+            )
+            |
+            # For other roles (role < 5), show all issues
+            Q(project__project_projectmember__role__gt=5),
+            project__project_projectmember__member=self.request.user,
+            project__project_projectmember__is_active=True,
+        )
+        .count()
+    )

-    completed_issues_count = Issue.issue_objects.filter(
-        workspace__slug=slug,
-        project__project_projectmember__is_active=True,
-        project__project_projectmember__member=request.user,
-        assignees__in=[request.user],
-        state__group="completed",
-    ).count()
+    completed_issues_count = (
+        Issue.issue_objects.filter(
+            workspace__slug=slug,
+            project__project_projectmember__is_active=True,
+            project__project_projectmember__member=request.user,
+            assignees__in=[request.user],
+            state__group="completed",
+        ).filter(
+            Q(
+                project__project_projectmember__role=5,
+                project__guest_view_all_features=True,
+            )
+            | Q(
+                project__project_projectmember__role=5,
+                project__guest_view_all_features=False,
+                created_by=self.request.user,
+            )
+            |
+            # For other roles (role < 5), show all issues
+            Q(project__project_projectmember__role__gt=5),
+            project__project_projectmember__member=self.request.user,
+            project__project_projectmember__is_active=True,
+        )
+        .count()
+    )

    return Response(
        {
@@ -166,6 +239,14 @@ def dashboard_assigned_issues(self, request, slug):
        )
    )

+    if WorkspaceMember.objects.filter(
+        workspace__slug=slug,
+        member=request.user,
+        role=5,
+        is_active=True,
+    ).exists():
+        assigned_issues = assigned_issues.filter(created_by=request.user)
+
    # Priority Ordering
    priority_order = ["urgent", "high", "medium", "low", "none"]
    assigned_issues = assigned_issues.annotate(
@@ -409,6 +490,16 @@ def dashboard_created_issues(self, request, slug):
 def dashboard_issues_by_state_groups(self, request, slug):
    filters = issue_filters(request.query_params, "GET")
    state_order = ["backlog", "unstarted", "started", "completed", "cancelled"]
+    extra_filters = {}
+
+    if WorkspaceMember.objects.filter(
+        workspace__slug=slug,
+        member=request.user,
+        role=5,
+        is_active=True,
+    ).exists():
+        extra_filters = {"created_by": request.user}
+
    issues_by_state_groups = (
        Issue.issue_objects.filter(
            workspace__slug=slug,
@@ -416,7 +507,7 @@ def dashboard_issues_by_state_groups(self, request, slug):
            project__project_projectmember__member=request.user,
            assignees__in=[request.user],
        )
-        .filter(**filters)
+        .filter(**filters, **extra_filters)
        .values("state__group")
        .annotate(count=Count("id"))
    )
@@ -439,6 +530,15 @@ def dashboard_issues_by_state_groups(self, request, slug):
 def dashboard_issues_by_priority(self, request, slug):
    filters = issue_filters(request.query_params, "GET")
    priority_order = ["urgent", "high", "medium", "low", "none"]
+    extra_filters = {}
+
+    if WorkspaceMember.objects.filter(
+        workspace__slug=slug,
+        member=request.user,
+        role=5,
+        is_active=True,
+    ).exists():
+        extra_filters = {"created_by": request.user}

    issues_by_priority = (
        Issue.issue_objects.filter(
@@ -447,7 +547,7 @@ def dashboard_issues_by_priority(self, request, slug):
            project__project_projectmember__member=request.user,
            assignees__in=[request.user],
        )
-        .filter(**filters)
+        .filter(**filters, **extra_filters)
        .values("priority")
        .annotate(count=Count("id"))
    )
@@ -521,105 +621,42 @@ def dashboard_recent_projects(self, request, slug):


 def dashboard_recent_collaborators(self, request, slug):
-    # Subquery to count activities for each project member
-    activity_count_subquery = (
-        IssueActivity.objects.filter(
-            workspace__slug=slug,
-            actor=OuterRef("member"),
-            project__project_projectmember__member=request.user,
-            project__project_projectmember__is_active=True,
-            project__archived_at__isnull=True,
-        )
-        .values("actor")
-        .annotate(num_activities=Count("pk"))
-        .values("num_activities")
-    )
-
-    # Get all project members and annotate them with activity counts
    project_members_with_activities = (
-        ProjectMember.objects.filter(
+        WorkspaceMember.objects.filter(
            workspace__slug=slug,
-            project__project_projectmember__member=request.user,
-            project__project_projectmember__is_active=True,
-            project__archived_at__isnull=True,
            is_active=True,
        )
        .annotate(
-            num_activities=Coalesce(
-                Subquery(activity_count_subquery),
-                Value(0),
-                output_field=IntegerField(),
-            ),
-            is_current_user=Case(
-                When(member=request.user, then=Value(0)),
-                default=Value(1),
-                output_field=IntegerField(),
+            active_issue_count=Count(
+                Case(
+                    When(
+                        member__issue_assignee__issue__state__group__in=[
+                            "unstarted",
+                            "started",
+                        ],
+                        member__issue_assignee__issue__workspace__slug=slug,
+                        member__issue_assignee__issue__project__project_projectmember__member=request.user,
+                        member__issue_assignee__issue__project__project_projectmember__is_active=True,
+                        then=F("member__issue_assignee__issue__id"),
+                    ),
+                    distinct=True,
+                    output_field=IntegerField(),
+                ),
+                distinct=True,
            ),
+            user_id=F("member_id"),
        )
-        .values_list("member", flat=True)
-        .order_by("is_current_user", "-num_activities")
+        .values("user_id", "active_issue_count")
+        .order_by("-active_issue_count")
        .distinct()
    )
-    search = request.query_params.get("search", None)
-    if search:
-        project_members_with_activities = (
-            project_members_with_activities.filter(
-                Q(member__display_name__icontains=search)
-                | Q(member__first_name__icontains=search)
-                | Q(member__last_name__icontains=search)
-            )
-        )
-
-    return self.paginate(
-        request=request,
-        queryset=project_members_with_activities,
-        controller=lambda qs: self.get_results_controller(qs, slug),
+    return Response(
+        (project_members_with_activities),
+        status=status.HTTP_200_OK,
    )


 class DashboardEndpoint(BaseAPIView):
-    def get_results_controller(self, project_members_with_activities, slug):
-        user_active_issue_counts = (
-            User.objects.filter(
-                id__in=project_members_with_activities,
-            )
-            .annotate(
-                active_issue_count=Count(
-                    Case(
-                        When(
-                            issue_assignee__issue__state__group__in=[
-                                "unstarted",
-                                "started",
-                            ],
-                            issue_assignee__issue__workspace__slug=slug,
-                            issue_assignee__issue__project__project_projectmember__is_active=True,
-                            then=F("issue_assignee__issue__id"),
-                        ),
-                        output_field=IntegerField(),
-                    ),
-                    distinct=True,
-                )
-            )
-            .values("active_issue_count", user_id=F("id"))
-        )
-        # Create a dictionary to store the active issue counts by user ID
-        active_issue_counts_dict = {
-            user["user_id"]: user["active_issue_count"]
-            for user in user_active_issue_counts
-        }
-
-        # Preserve the sequence of project members with activities
-        paginated_results = [
-            {
-                "user_id": member_id,
-                "active_issue_count": active_issue_counts_dict.get(
-                    member_id, 0
-                ),
-            }
-            for member_id in project_members_with_activities
-        ]
-        return paginated_results
-
    def create(self, request, slug):
        serializer = DashboardSerializer(data=request.data)
        if serializer.is_valid():
--- a/apiserver/plane/app/views/estimate/base.py
+++ b/apiserver/plane/app/views/estimate/base.py
@@ -7,7 +7,11 @@ from rest_framework import status

 # Module imports
 from ..base import BaseViewSet, BaseAPIView
-from plane.app.permissions import ProjectEntityPermission
+from plane.app.permissions import (
+    ProjectEntityPermission,
+    allow_permission,
+    ROLE,
+)
 from plane.db.models import Project, Estimate, EstimatePoint, Issue
 from plane.app.serializers import (
    EstimateSerializer,
@@ -23,10 +27,13 @@ def generate_random_name(length=10):


 class ProjectEstimatePointEndpoint(BaseAPIView):
-    permission_classes = [
-        ProjectEntityPermission,
-    ]

+    @allow_permission(
+        [
+            ROLE.ADMIN,
+            ROLE.MEMBER,
+        ]
+    )
    def get(self, request, slug, project_id):
        project = Project.objects.get(workspace__slug=slug, pk=project_id)
        if project.estimate_id is not None:
@@ -189,10 +196,8 @@ class BulkEstimatePointEndpoint(BaseViewSet):


 class EstimatePointEndpoint(BaseViewSet):
-    permission_classes = [
-        ProjectEntityPermission,
-    ]

+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
    def create(self, request, slug, project_id, estimate_id):
        #  TODO: add a key validation if the same key already exists
        if not request.data.get("key") or not request.data.get("value"):
@@ -211,6 +216,7 @@ class EstimatePointEndpoint(BaseViewSet):
        serializer = EstimatePointSerializer(estimate_point).data
        return Response(serializer, status=status.HTTP_200_OK)

+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
    def partial_update(
        self, request, slug, project_id, estimate_id, estimate_point_id
    ):
@@ -231,6 +237,7 @@ class EstimatePointEndpoint(BaseViewSet):
        serializer.save()
        return Response(serializer.data, status=status.HTTP_200_OK)

+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
    def destroy(
        self, request, slug, project_id, estimate_id, estimate_point_id
    ):
--- a/apiserver/plane/app/views/exporter/base.py
+++ b/apiserver/plane/app/views/exporter/base.py
@@ -2,7 +2,7 @@
 from rest_framework import status
 from rest_framework.response import Response

-from plane.app.permissions import WorkSpaceAdminPermission
+from plane.app.permissions import allow_permission, ROLE
 from plane.app.serializers import ExporterHistorySerializer
 from plane.bgtasks.export_task import issue_export_task
 from plane.db.models import ExporterHistory, Project, Workspace
@@ -12,12 +12,10 @@ from .. import BaseAPIView


 class ExportIssuesEndpoint(BaseAPIView):
-    permission_classes = [
-        WorkSpaceAdminPermission,
-    ]
    model = ExporterHistory
    serializer_class = ExporterHistorySerializer

+    @allow_permission(allowed_roles=[ROLE.ADMIN, ROLE.MEMBER], level="WORKSPACE")
    def post(self, request, slug):
        # Get the workspace
        workspace = Workspace.objects.get(slug=slug)
@@ -64,6 +62,9 @@ class ExportIssuesEndpoint(BaseAPIView):
                status=status.HTTP_400_BAD_REQUEST,
            )

+    @allow_permission(
+        allowed_roles=[ROLE.ADMIN, ROLE.MEMBER], level="WORKSPACE"
+    )
    def get(self, request, slug):
        exporter_history = ExporterHistory.objects.filter(
            workspace__slug=slug,
--- a/apiserver/plane/app/views/external/base.py
+++ b/apiserver/plane/app/views/external/base.py
@@ -11,7 +11,7 @@ from rest_framework import status

 # Module imports
 from ..base import BaseAPIView
-from plane.app.permissions import ProjectEntityPermission, WorkspaceEntityPermission
+from plane.app.permissions import allow_permission, ROLE
 from plane.db.models import Workspace, Project
 from plane.app.serializers import (
    ProjectLiteSerializer,
@@ -21,10 +21,8 @@ from plane.license.utils.instance_value import get_configuration_value


 class GPTIntegrationEndpoint(BaseAPIView):
-    permission_classes = [
-        ProjectEntityPermission,
-    ]

+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
    def post(self, request, slug, project_id):
        OPENAI_API_KEY, GPT_ENGINE = get_configuration_value(
            [
@@ -84,10 +82,10 @@ class GPTIntegrationEndpoint(BaseAPIView):


 class WorkspaceGPTIntegrationEndpoint(BaseAPIView):
-    permission_classes = [
-        WorkspaceEntityPermission,
-    ]

+    @allow_permission(
+        allowed_roles=[ROLE.ADMIN, ROLE.MEMBER], level="WORKSPACE"
+    )
    def post(self, request, slug):
        OPENAI_API_KEY, GPT_ENGINE = get_configuration_value(
            [
--- a/apiserver/plane/app/views/inbox/base.py
+++ b/apiserver/plane/app/views/inbox/base.py
@@ -16,7 +16,7 @@ from rest_framework.response import Response

 # Module imports
 from ..base import BaseViewSet
-from plane.app.permissions import ProjectBasePermission, ProjectLitePermission
+from plane.app.permissions import allow_permission, ROLE
 from plane.db.models import (
    Inbox,
    InboxIssue,
@@ -35,13 +35,10 @@ from plane.app.serializers import (
    InboxIssueDetailSerializer,
 )
 from plane.utils.issue_filters import issue_filters
-from plane.bgtasks.issue_activites_task import issue_activity
+from plane.bgtasks.issue_activities_task import issue_activity


 class InboxViewSet(BaseViewSet):
-    permission_classes = [
-        ProjectBasePermission,
-    ]

    serializer_class = InboxSerializer
    model = Inbox
@@ -63,6 +60,7 @@ class InboxViewSet(BaseViewSet):
            .select_related("workspace", "project")
        )

+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
    def list(self, request, slug, project_id):
        inbox = self.get_queryset().first()
        return Response(
@@ -70,9 +68,11 @@ class InboxViewSet(BaseViewSet):
            status=status.HTTP_200_OK,
        )

+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
    def perform_create(self, serializer):
        serializer.save(project_id=self.kwargs.get("project_id"))

+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
    def destroy(self, request, slug, project_id, pk):
        inbox = Inbox.objects.filter(
            workspace__slug=slug, project_id=project_id, pk=pk
@@ -88,9 +88,6 @@ class InboxViewSet(BaseViewSet):


 class InboxIssueViewSet(BaseViewSet):
-    permission_classes = [
-        ProjectLitePermission,
-    ]

    serializer_class = InboxIssueSerializer
    model = InboxIssue
@@ -160,17 +157,20 @@ class InboxIssueViewSet(BaseViewSet):
                    ArrayAgg(
                        "issue_module__module_id",
                        distinct=True,
-                        filter=~Q(issue_module__module_id__isnull=True),
+                        filter=~Q(issue_module__module_id__isnull=True)
+                        & Q(issue_module__module__archived_at__isnull=True),
                    ),
                    Value([], output_field=ArrayField(UUIDField())),
                ),
            )
        ).distinct()

+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER, ROLE.GUEST])
    def list(self, request, slug, project_id):
-        inbox_id = Inbox.objects.filter(
+        inbox_id = Inbox.objects.get(
            workspace__slug=slug, project_id=project_id
-        ).first()
+        )
+        project = Project.objects.get(pk=project_id) 
        filters = issue_filters(request.GET, "GET", "issue__")
        inbox_issue = (
            InboxIssue.objects.filter(
@@ -200,6 +200,17 @@ class InboxIssueViewSet(BaseViewSet):
        if inbox_status:
            inbox_issue = inbox_issue.filter(status__in=inbox_status)

+        if (
+            ProjectMember.objects.filter(
+                workspace__slug=slug,
+                project_id=project_id,
+                member=request.user,
+                role=5,
+                is_active=True,
+            ).exists()
+            and not project.guest_view_all_features
+        ):
+            inbox_issue = inbox_issue.filter(created_by=request.user)
        return self.paginate(
            request=request,
            queryset=(inbox_issue),
@@ -209,6 +220,7 @@ class InboxIssueViewSet(BaseViewSet):
            ).data,
        )

+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER, ROLE.GUEST])
    def create(self, request, slug, project_id):
        if not request.data.get("issue", {}).get("name", False):
            return Response(
@@ -311,12 +323,13 @@ class InboxIssueViewSet(BaseViewSet):
                serializer.errors, status=status.HTTP_400_BAD_REQUEST
            )

-    def partial_update(self, request, slug, project_id, issue_id):
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER, ROLE.GUEST])
+    def partial_update(self, request, slug, project_id, pk):
        inbox_id = Inbox.objects.filter(
            workspace__slug=slug, project_id=project_id
        ).first()
        inbox_issue = InboxIssue.objects.get(
-            issue_id=issue_id,
+            issue_id=pk,
            workspace__slug=slug,
            project_id=project_id,
            inbox_id=inbox_id,
@@ -329,7 +342,7 @@ class InboxIssueViewSet(BaseViewSet):
            is_active=True,
        )
        # Only project members admins and created_by users can access this endpoint
-        if project_member.role <= 10 and str(inbox_issue.created_by_id) != str(
+        if project_member.role <= 5 and str(inbox_issue.created_by_id) != str(
            request.user.id
        ):
            return Response(
@@ -362,9 +375,8 @@ class InboxIssueViewSet(BaseViewSet):
                workspace__slug=slug,
                project_id=project_id,
            )
-            # Only allow guests and viewers to edit name and description
-            if project_member.role <= 10:
-                # viewers and guests since only viewers and guests
+            # Only allow guests to edit name and description
+            if project_member.role <= 5:
                issue_data = {
                    "name": issue_data.get("name", issue.name),
                    "description_html": issue_data.get(
@@ -406,7 +418,7 @@ class InboxIssueViewSet(BaseViewSet):
                )

        # Only project admins and members can edit inbox issue attributes
-        if project_member.role > 10:
+        if project_member.role > 5:
            serializer = InboxIssueSerializer(
                inbox_issue, data=request.data, partial=True
            )
@@ -457,7 +469,7 @@ class InboxIssueViewSet(BaseViewSet):
                        request.data, cls=DjangoJSONEncoder
                    ),
                    actor_id=str(request.user.id),
-                    issue_id=str(issue_id),
+                    issue_id=str(pk),
                    project_id=str(project_id),
                    current_instance=current_instance,
                    epoch=int(timezone.now().timestamp()),
@@ -492,7 +504,7 @@ class InboxIssueViewSet(BaseViewSet):
                    )
                    .get(
                        inbox_id=inbox_id.id,
-                        issue_id=issue_id,
+                        issue_id=pk,
                        project_id=project_id,
                    )
                )
@@ -505,10 +517,20 @@ class InboxIssueViewSet(BaseViewSet):
            serializer = InboxIssueDetailSerializer(inbox_issue).data
            return Response(serializer, status=status.HTTP_200_OK)

-    def retrieve(self, request, slug, project_id, issue_id):
-        inbox_id = Inbox.objects.filter(
+    @allow_permission(
+        allowed_roles=[
+            ROLE.ADMIN,
+            ROLE.MEMBER,
+            ROLE.GUEST,
+        ],
+        creator=True,
+        model=Issue,
+    )
+    def retrieve(self, request, slug, project_id, pk):
+        inbox_id = Inbox.objects.get(
            workspace__slug=slug, project_id=project_id
-        ).first()
+        )
+        project = Project.objects.get(pk=project_id)
        inbox_issue = (
            InboxIssue.objects.select_related("issue")
            .prefetch_related(
@@ -533,22 +555,36 @@ class InboxIssueViewSet(BaseViewSet):
                    Value([], output_field=ArrayField(UUIDField())),
                ),
            )
-            .get(
-                inbox_id=inbox_id.id, issue_id=issue_id, project_id=project_id
-            )
+            .get(inbox_id=inbox_id.id, issue_id=pk, project_id=project_id)
        )
+        if (
+            ProjectMember.objects.filter(
+                workspace__slug=slug,
+                project_id=project_id,
+                member=request.user,
+                role=5,
+                is_active=True,
+            ).exists()
+            and not project.guest_view_all_features
+            and not inbox_issue.created_by == request.user
+        ):
+            return Response(
+                {"error": "You are not allowed to view this issue"},
+                status=status.HTTP_400_BAD_REQUEST,
+            )
        issue = InboxIssueDetailSerializer(inbox_issue).data
        return Response(
            issue,
            status=status.HTTP_200_OK,
        )

-    def destroy(self, request, slug, project_id, issue_id):
+    @allow_permission(allowed_roles=[ROLE.ADMIN], creator=True, model=Issue)
+    def destroy(self, request, slug, project_id, pk):
        inbox_id = Inbox.objects.filter(
            workspace__slug=slug, project_id=project_id
        ).first()
        inbox_issue = InboxIssue.objects.get(
-            issue_id=issue_id,
+            issue_id=pk,
            workspace__slug=slug,
            project_id=project_id,
            inbox_id=inbox_id,
@@ -558,21 +594,8 @@ class InboxIssueViewSet(BaseViewSet):
        if inbox_issue.status in [-2, -1, 0, 2]:
            # Delete the issue also
            issue = Issue.objects.filter(
-                workspace__slug=slug, project_id=project_id, pk=issue_id
+                workspace__slug=slug, project_id=project_id, pk=pk
            ).first()
-            if issue.created_by_id != request.user.id and (
-                not ProjectMember.objects.filter(
-                    workspace__slug=slug,
-                    member=request.user,
-                    role=20,
-                    project_id=project_id,
-                    is_active=True,
-                ).exists()
-            ):
-                return Response(
-                    {"error": "Only admin or creator can delete the issue"},
-                    status=status.HTTP_403_FORBIDDEN,
-                )
            issue.delete()

        inbox_issue.delete()
--- a/apiserver/plane/app/views/issue/activity.py
+++ b/apiserver/plane/app/views/issue/activity.py
@@ -19,7 +19,11 @@ from plane.app.serializers import (
    IssueActivitySerializer,
    IssueCommentSerializer,
 )
-from plane.app.permissions import ProjectEntityPermission
+from plane.app.permissions import (
+    ProjectEntityPermission,
+    allow_permission,
+    ROLE,
+)
 from plane.db.models import (
    IssueActivity,
    IssueComment,
@@ -33,6 +37,13 @@ class IssueActivityEndpoint(BaseAPIView):
    ]

    @method_decorator(gzip_page)
+    @allow_permission(
+        [
+            ROLE.ADMIN,
+            ROLE.MEMBER,
+            ROLE.GUEST,
+        ]
+    )
    def get(self, request, slug, project_id, issue_id):
        filters = {}
        if request.GET.get("created_at__gt", None) is not None:
--- a/apiserver/plane/app/views/issue/archive.py
+++ b/apiserver/plane/app/views/issue/archive.py
@@ -25,9 +25,9 @@ from plane.app.permissions import (
 from plane.app.serializers import (
    IssueFlatSerializer,
    IssueSerializer,
-    IssueDetailSerializer
+    IssueDetailSerializer,
 )
-from plane.bgtasks.issue_activites_task import issue_activity
+from plane.bgtasks.issue_activities_task import issue_activity
 from plane.db.models import (
    Issue,
    IssueAttachment,
@@ -46,15 +46,14 @@ from plane.utils.paginator import (
    GroupedOffsetPaginator,
    SubGroupedOffsetPaginator,
 )
+from plane.app.permissions import allow_permission, ROLE
+from plane.utils.error_codes import ERROR_CODES

 # Module imports
 from .. import BaseViewSet, BaseAPIView


 class IssueArchiveViewSet(BaseViewSet):
-    permission_classes = [
-        ProjectEntityPermission,
-    ]
    serializer_class = IssueFlatSerializer
    model = Issue

@@ -66,6 +65,7 @@ class IssueArchiveViewSet(BaseViewSet):
                .annotate(count=Func(F("id"), function="Count"))
                .values("count")
            )
+            .filter(deleted_at__isnull=True)
            .filter(archived_at__isnull=False)
            .filter(project_id=self.kwargs.get("project_id"))
            .filter(workspace__slug=self.kwargs.get("slug"))
@@ -97,6 +97,12 @@ class IssueArchiveViewSet(BaseViewSet):
        )

    @method_decorator(gzip_page)
+    @allow_permission(
+        [
+            ROLE.ADMIN,
+            ROLE.MEMBER,
+        ]
+    )
    def list(self, request, slug, project_id):
        filters = issue_filters(request.query_params, "GET")
        show_sub_issues = request.GET.get("show_sub_issues", "true")
@@ -212,6 +218,12 @@ class IssueArchiveViewSet(BaseViewSet):
                ),
            )

+    @allow_permission(
+        [
+            ROLE.ADMIN,
+            ROLE.MEMBER,
+        ]
+    )
    def retrieve(self, request, slug, project_id, pk=None):
        issue = (
            self.get_queryset()
@@ -255,6 +267,7 @@ class IssueArchiveViewSet(BaseViewSet):
        serializer = IssueDetailSerializer(issue, expand=self.expand)
        return Response(serializer.data, status=status.HTTP_200_OK)

+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
    def archive(self, request, slug, project_id, pk=None):
        issue = Issue.issue_objects.get(
            workspace__slug=slug,
@@ -293,6 +306,7 @@ class IssueArchiveViewSet(BaseViewSet):
            {"archived_at": str(issue.archived_at)}, status=status.HTTP_200_OK
        )

+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
    def unarchive(self, request, slug, project_id, pk=None):
        issue = Issue.objects.get(
            workspace__slug=slug,
@@ -324,6 +338,7 @@ class BulkArchiveIssuesEndpoint(BaseAPIView):
        ProjectEntityPermission,
    ]

+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
    def post(self, request, slug, project_id):
        issue_ids = request.data.get("issue_ids", [])

@@ -341,8 +356,10 @@ class BulkArchiveIssuesEndpoint(BaseAPIView):
            if issue.state.group not in ["completed", "cancelled"]:
                return Response(
                    {
-                        "error_code": 4091,
-                        "error_message": "INVALID_ARCHIVE_STATE_GROUP"
+                        "error_code": ERROR_CODES[
+                            "INVALID_ARCHIVE_STATE_GROUP"
+                        ],
+                        "error_message": "INVALID_ARCHIVE_STATE_GROUP",
                    },
                    status=status.HTTP_400_BAD_REQUEST,
                )
--- a/apiserver/plane/app/views/issue/attachment.py
+++ b/apiserver/plane/app/views/issue/attachment.py
@@ -13,19 +13,17 @@ from rest_framework.parsers import MultiPartParser, FormParser
 # Module imports
 from .. import BaseAPIView
 from plane.app.serializers import IssueAttachmentSerializer
-from plane.app.permissions import ProjectEntityPermission
 from plane.db.models import IssueAttachment
-from plane.bgtasks.issue_activites_task import issue_activity
+from plane.bgtasks.issue_activities_task import issue_activity
+from plane.app.permissions import allow_permission, ROLE


 class IssueAttachmentEndpoint(BaseAPIView):
    serializer_class = IssueAttachmentSerializer
-    permission_classes = [
-        ProjectEntityPermission,
-    ]
    model = IssueAttachment
    parser_classes = (MultiPartParser, FormParser)

+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER, ROLE.GUEST])
    def post(self, request, slug, project_id, issue_id):
        serializer = IssueAttachmentSerializer(data=request.data)
        if serializer.is_valid():
@@ -47,6 +45,7 @@ class IssueAttachmentEndpoint(BaseAPIView):
            return Response(serializer.data, status=status.HTTP_201_CREATED)
        return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)

+    @allow_permission([ROLE.ADMIN], creator=True, model=IssueAttachment)
    def delete(self, request, slug, project_id, issue_id, pk):
        issue_attachment = IssueAttachment.objects.get(pk=pk)
        issue_attachment.asset.delete(save=False)
@@ -65,6 +64,13 @@ class IssueAttachmentEndpoint(BaseAPIView):

        return Response(status=status.HTTP_204_NO_CONTENT)

+    @allow_permission(
+        [
+            ROLE.ADMIN,
+            ROLE.MEMBER,
+            ROLE.GUEST,
+        ]
+    )
    def get(self, request, slug, project_id, issue_id):
        issue_attachments = IssueAttachment.objects.filter(
            issue_id=issue_id, workspace__slug=slug, project_id=project_id
--- a/apiserver/plane/app/views/issue/base.py
+++ b/apiserver/plane/app/views/issue/base.py
@@ -25,17 +25,14 @@ from rest_framework import status
 from rest_framework.response import Response

 # Module imports
-from plane.app.permissions import (
-    ProjectEntityPermission,
-    ProjectLitePermission,
-)
+from plane.app.permissions import allow_permission, ROLE
 from plane.app.serializers import (
    IssueCreateSerializer,
    IssueDetailSerializer,
    IssueUserPropertySerializer,
    IssueSerializer,
 )
-from plane.bgtasks.issue_activites_task import issue_activity
+from plane.bgtasks.issue_activities_task import issue_activity
 from plane.db.models import (
    Issue,
    IssueAttachment,
@@ -59,16 +56,13 @@ from plane.utils.paginator import (
 )
 from .. import BaseAPIView, BaseViewSet
 from plane.utils.user_timezone_converter import user_timezone_converter
-
-# Module imports
+from plane.bgtasks.recent_visited_task import recent_visited_task
+from plane.utils.global_paginator import paginate
+from plane.bgtasks.webhook_task import model_activity


 class IssueListEndpoint(BaseAPIView):
-
-    permission_classes = [
-        ProjectEntityPermission,
-    ]
-
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER, ROLE.GUEST])
    def get(self, request, slug, project_id):
        issue_ids = request.GET.get("issues", False)

@@ -135,6 +129,14 @@ class IssueListEndpoint(BaseAPIView):
            sub_group_by=sub_group_by,
        )

+        recent_visited_task.delay(
+            slug=slug,
+            project_id=project_id,
+            entity_name="project",
+            entity_identifier=project_id,
+            user_id=request.user.id,
+        )
+
        if self.fields or self.expand:
            issues = IssueSerializer(
                queryset, many=True, fields=self.fields, expand=self.expand
@@ -185,9 +187,6 @@ class IssueViewSet(BaseViewSet):

    model = Issue
    webhook_event = "issue"
-    permission_classes = [
-        ProjectEntityPermission,
-    ]

    search_fields = [
        "name",
@@ -233,7 +232,9 @@ class IssueViewSet(BaseViewSet):
        ).distinct()

    @method_decorator(gzip_page)
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER, ROLE.GUEST])
    def list(self, request, slug, project_id):
+        project = Project.objects.get(pk=project_id, workspace__slug=slug)
        filters = issue_filters(request.query_params, "GET")
        order_by_param = request.GET.get("order_by", "-created_at")

@@ -257,6 +258,25 @@ class IssueViewSet(BaseViewSet):
            sub_group_by=sub_group_by,
        )

+        recent_visited_task.delay(
+            slug=slug,
+            project_id=project_id,
+            entity_name="project",
+            entity_identifier=project_id,
+            user_id=request.user.id,
+        )
+        if (
+            ProjectMember.objects.filter(
+                workspace__slug=slug,
+                project_id=project_id,
+                member=request.user,
+                role=5,
+                is_active=True,
+            ).exists()
+            and not project.guest_view_all_features
+        ):
+            issue_queryset = issue_queryset.filter(created_by=request.user)
+
        if group_by:
            if sub_group_by:
                if group_by == sub_group_by:
@@ -338,6 +358,7 @@ class IssueViewSet(BaseViewSet):
                ),
            )

+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
    def create(self, request, slug, project_id):
        project = Project.objects.get(pk=project_id)

@@ -409,10 +430,31 @@ class IssueViewSet(BaseViewSet):
            issue = user_timezone_converter(
                issue, datetime_fields, request.user.user_timezone
            )
+            # Send the model activity
+            model_activity.delay(
+                model_name="issue",
+                model_id=str(serializer.data["id"]),
+                requested_data=request.data,
+                current_instance=None,
+                actor_id=request.user.id,
+                slug=slug,
+                origin=request.META.get("HTTP_ORIGIN"),
+            )
            return Response(issue, status=status.HTTP_201_CREATED)
        return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)

+    @allow_permission(
+        allowed_roles=[
+            ROLE.ADMIN,
+            ROLE.MEMBER,
+            ROLE.GUEST,
+        ],
+        creator=True,
+        model=Issue,
+    )
    def retrieve(self, request, slug, project_id, pk=None):
+        project = Project.objects.get(pk=project_id, workspace__slug=slug)
+
        issue = (
            self.get_queryset()
            .filter(pk=pk)
@@ -438,7 +480,8 @@ class IssueViewSet(BaseViewSet):
                    ArrayAgg(
                        "issue_module__module_id",
                        distinct=True,
-                        filter=~Q(issue_module__module_id__isnull=True),
+                        filter=~Q(issue_module__module_id__isnull=True)
+                        & Q(issue_module__module__archived_at__isnull=True),
                    ),
                    Value([], output_field=ArrayField(UUIDField())),
                ),
@@ -480,9 +523,41 @@ class IssueViewSet(BaseViewSet):
                status=status.HTTP_404_NOT_FOUND,
            )

+        """
+        if the role is guest and guest_view_all_features is false and owned by is not 
+        the requesting user then dont show the issue
+        """
+
+        if (
+            ProjectMember.objects.filter(
+                workspace__slug=slug,
+                project_id=project_id,
+                member=request.user,
+                role=5,
+                is_active=True,
+            ).exists()
+            and not project.guest_view_all_features
+            and not issue.created_by == request.user
+        ):
+            return Response(
+                {"error": "You are not allowed to view this issue"},
+                status=status.HTTP_400_BAD_REQUEST,
+            )
+
+        recent_visited_task.delay(
+            slug=slug,
+            entity_name="issue",
+            entity_identifier=pk,
+            user_id=request.user.id,
+            project_id=project_id,
+        )
+
        serializer = IssueDetailSerializer(issue, expand=self.expand)
        return Response(serializer.data, status=status.HTTP_200_OK)

+    @allow_permission(
+        allowed_roles=[ROLE.ADMIN, ROLE.MEMBER], creator=True, model=Issue
+    )
    def partial_update(self, request, slug, project_id, pk=None):
        issue = (
            self.get_queryset()
@@ -544,27 +619,23 @@ class IssueViewSet(BaseViewSet):
                notification=True,
                origin=request.META.get("HTTP_ORIGIN"),
            )
-            issue = self.get_queryset().filter(pk=pk).first()
+            model_activity.delay(
+                model_name="issue",
+                model_id=str(serializer.data.get("id", None)),
+                requested_data=request.data,
+                current_instance=current_instance,
+                actor_id=request.user.id,
+                slug=slug,
+                origin=request.META.get("HTTP_ORIGIN"),
+            )
            return Response(status=status.HTTP_204_NO_CONTENT)
        return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)

+    @allow_permission([ROLE.ADMIN], creator=True, model=Issue)
    def destroy(self, request, slug, project_id, pk=None):
        issue = Issue.objects.get(
            workspace__slug=slug, project_id=project_id, pk=pk
        )
-        if issue.created_by_id != request.user.id and (
-            not ProjectMember.objects.filter(
-                workspace__slug=slug,
-                member=request.user,
-                role=20,
-                project_id=project_id,
-                is_active=True,
-            ).exists()
-        ):
-            return Response(
-                {"error": "Only admin or creator can delete the issue"},
-                status=status.HTTP_403_FORBIDDEN,
-            )

        issue.delete()
        issue_activity.delay(
@@ -582,10 +653,7 @@ class IssueViewSet(BaseViewSet):


 class IssueUserDisplayPropertyEndpoint(BaseAPIView):
-    permission_classes = [
-        ProjectLitePermission,
-    ]
-
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER, ROLE.GUEST])
    def patch(self, request, slug, project_id):
        issue_property = IssueUserProperty.objects.get(
            user=request.user,
@@ -605,6 +673,13 @@ class IssueUserDisplayPropertyEndpoint(BaseAPIView):
        serializer = IssueUserPropertySerializer(issue_property)
        return Response(serializer.data, status=status.HTTP_201_CREATED)

+    @allow_permission(
+        [
+            ROLE.ADMIN,
+            ROLE.MEMBER,
+            ROLE.GUEST,
+        ]
+    )
    def get(self, request, slug, project_id):
        issue_property, _ = IssueUserProperty.objects.get_or_create(
            user=request.user, project_id=project_id
@@ -614,24 +689,8 @@ class IssueUserDisplayPropertyEndpoint(BaseAPIView):


 class BulkDeleteIssuesEndpoint(BaseAPIView):
-    permission_classes = [
-        ProjectEntityPermission,
-    ]
-
+    @allow_permission([ROLE.ADMIN])
    def delete(self, request, slug, project_id):
-        if ProjectMember.objects.filter(
-            workspace__slug=slug,
-            member=request.user,
-            role=20,
-            project_id=project_id,
-            is_active=True,
-        ).exists():
-
-            return Response(
-                {"error": "Only admin can perform this action"},
-                status=status.HTTP_403_FORBIDDEN,
-            )
-
        issue_ids = request.data.get("issue_ids", [])

        if not len(issue_ids):
@@ -652,3 +711,141 @@ class BulkDeleteIssuesEndpoint(BaseAPIView):
            {"message": f"{total_issues} issues were deleted"},
            status=status.HTTP_200_OK,
        )
+
+
+class IssuePaginatedViewSet(BaseViewSet):
+    def get_queryset(self):
+        workspace_slug = self.kwargs.get("slug")
+        project_id = self.kwargs.get("project_id")
+
+        return (
+            Issue.issue_objects.filter(
+                workspace__slug=workspace_slug, project_id=project_id
+            )
+            .select_related("workspace", "project", "state", "parent")
+            .prefetch_related("assignees", "labels", "issue_module__module")
+            .annotate(cycle_id=F("issue_cycle__cycle_id"))
+            .annotate(
+                link_count=IssueLink.objects.filter(issue=OuterRef("id"))
+                .order_by()
+                .annotate(count=Func(F("id"), function="Count"))
+                .values("count")
+            )
+            .annotate(
+                attachment_count=IssueAttachment.objects.filter(
+                    issue=OuterRef("id")
+                )
+                .order_by()
+                .annotate(count=Func(F("id"), function="Count"))
+                .values("count")
+            )
+            .annotate(
+                sub_issues_count=Issue.issue_objects.filter(
+                    parent=OuterRef("id")
+                )
+                .order_by()
+                .annotate(count=Func(F("id"), function="Count"))
+                .values("count")
+            )
+        ).distinct()
+
+    def process_paginated_result(self, fields, results, timezone):
+        paginated_data = results.values(*fields)
+
+        # converting the datetime fields in paginated data
+        datetime_fields = ["created_at", "updated_at"]
+        paginated_data = user_timezone_converter(
+            paginated_data, datetime_fields, timezone
+        )
+
+        return paginated_data
+
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER, ROLE.GUEST])
+    def list(self, request, slug, project_id):
+        cursor = request.GET.get("cursor", None)
+        is_description_required = request.GET.get("description", False)
+        updated_at = request.GET.get("updated_at__gte", None)
+
+        # required fields
+        required_fields = [
+            "id",
+            "name",
+            "state_id",
+            "sort_order",
+            "completed_at",
+            "estimate_point",
+            "priority",
+            "start_date",
+            "target_date",
+            "sequence_id",
+            "project_id",
+            "parent_id",
+            "cycle_id",
+            "created_at",
+            "updated_at",
+            "created_by",
+            "updated_by",
+            "is_draft",
+            "archived_at",
+            "deleted_at",
+            "module_ids",
+            "label_ids",
+            "assignee_ids",
+            "link_count",
+            "attachment_count",
+            "sub_issues_count",
+        ]
+
+        if is_description_required:
+            required_fields.append("description_html")
+
+        # querying issues
+        base_queryset = Issue.issue_objects.filter(
+            workspace__slug=slug, project_id=project_id
+        ).order_by("updated_at")
+        queryset = self.get_queryset().order_by("updated_at")
+
+        # filtering issues by greater then updated_at given by the user
+        if updated_at:
+            base_queryset = base_queryset.filter(updated_at__gte=updated_at)
+            queryset = queryset.filter(updated_at__gte=updated_at)
+
+        queryset = queryset.annotate(
+            label_ids=Coalesce(
+                ArrayAgg(
+                    "labels__id",
+                    distinct=True,
+                    filter=~Q(labels__id__isnull=True),
+                ),
+                Value([], output_field=ArrayField(UUIDField())),
+            ),
+            assignee_ids=Coalesce(
+                ArrayAgg(
+                    "assignees__id",
+                    distinct=True,
+                    filter=~Q(assignees__id__isnull=True)
+                    & Q(assignees__member_project__is_active=True),
+                ),
+                Value([], output_field=ArrayField(UUIDField())),
+            ),
+            module_ids=Coalesce(
+                ArrayAgg(
+                    "issue_module__module_id",
+                    distinct=True,
+                    filter=~Q(issue_module__module_id__isnull=True)
+                    & Q(issue_module__module__archived_at__isnull=True),
+                ),
+                Value([], output_field=ArrayField(UUIDField())),
+            ),
+        )
+
+        paginated_data = paginate(
+            base_queryset=base_queryset,
+            queryset=queryset,
+            cursor=cursor,
+            on_result=lambda results: self.process_paginated_result(
+                required_fields, results, request.user.user_timezone
+            ),
+        )
+
+        return Response(paginated_data, status=status.HTTP_200_OK)
--- a/apiserver/plane/app/views/issue/bulk_operations.py
+++ b/apiserver/plane/app/views/issue/bulk_operations.py
@@ -1,288 +0,0 @@
-# Python imports
-import json
-from datetime import datetime
-
-# Django imports
-from django.utils import timezone
-
-# Third Party imports
-from rest_framework.response import Response
-from rest_framework import status
-
-# Module imports
-from .. import BaseAPIView
-from plane.app.permissions import (
-    ProjectEntityPermission,
-)
-from plane.db.models import (
-    Project,
-    Issue,
-    IssueLabel,
-    IssueAssignee,
-)
-from plane.bgtasks.issue_activites_task import issue_activity
-
-
-class BulkIssueOperationsEndpoint(BaseAPIView):
-    permission_classes = [
-        ProjectEntityPermission,
-    ]
-
-    def post(self, request, slug, project_id):
-        issue_ids = request.data.get("issue_ids", [])
-        if not len(issue_ids):
-            return Response(
-                {"error": "Issue IDs are required"},
-                status=status.HTTP_400_BAD_REQUEST,
-            )
-
-        # Get all the issues
-        issues = (
-            Issue.objects.filter(
-                workspace__slug=slug, project_id=project_id, pk__in=issue_ids
-            )
-            .select_related("state")
-            .prefetch_related("labels", "assignees")
-        )
-        # Current epoch
-        epoch = int(timezone.now().timestamp())
-
-        # Project details
-        project = Project.objects.get(workspace__slug=slug, pk=project_id)
-        workspace_id = project.workspace_id
-
-        # Initialize arrays
-        bulk_update_issues = []
-        bulk_issue_activities = []
-        bulk_update_issue_labels = []
-        bulk_update_issue_assignees = []
-
-        properties = request.data.get("properties", {})
-
-        if properties.get("start_date", False) and properties.get("target_date", False):
-            if (
-                datetime.strptime(properties.get("start_date"), "%Y-%m-%d").date()
-                > datetime.strptime(properties.get("target_date"), "%Y-%m-%d").date()
-            ):
-                return Response(
-                    {
-                        "error_code": 4100,
-                        "error_message": "INVALID_ISSUE_DATES",
-                    },
-                    status=status.HTTP_400_BAD_REQUEST,
-                )
-
-        for issue in issues:
-
-            # Priority
-            if properties.get("priority", False):
-                bulk_issue_activities.append(
-                    {
-                        "type": "issue.activity.updated",
-                        "requested_data": json.dumps(
-                            {"priority": properties.get("priority")}
-                        ),
-                        "current_instance": json.dumps(
-                            {"priority": (issue.priority)}
-                        ),
-                        "issue_id": str(issue.id),
-                        "actor_id": str(request.user.id),
-                        "project_id": str(project_id),
-                        "epoch": epoch,
-                    }
-                )
-                issue.priority = properties.get("priority")
-
-            # State
-            if properties.get("state_id", False):
-                bulk_issue_activities.append(
-                    {
-                        "type": "issue.activity.updated",
-                        "requested_data": json.dumps(
-                            {"state": properties.get("state")}
-                        ),
-                        "current_instance": json.dumps(
-                            {"state": str(issue.state_id)}
-                        ),
-                        "issue_id": str(issue.id),
-                        "actor_id": str(request.user.id),
-                        "project_id": str(project_id),
-                        "epoch": epoch,
-                    }
-                )
-                issue.state_id = properties.get("state_id")
-
-            # Start date
-            if properties.get("start_date", False):
-                if (
-                    issue.target_date
-                    and not properties.get("target_date", False)
-                    and issue.target_date
-                    <= datetime.strptime(
-                        properties.get("start_date"), "%Y-%m-%d"
-                    ).date()
-                ):
-                    return Response(
-                        {
-                            "error_code": 4101,
-                            "error_message": "INVALID_ISSUE_START_DATE",
-                        },
-                        status=status.HTTP_400_BAD_REQUEST,
-                    )
-                bulk_issue_activities.append(
-                    {
-                        "type": "issue.activity.updated",
-                        "requested_data": json.dumps(
-                            {"start_date": properties.get("start_date")}
-                        ),
-                        "current_instance": json.dumps(
-                            {"start_date": str(issue.start_date)}
-                        ),
-                        "issue_id": str(issue.id),
-                        "actor_id": str(request.user.id),
-                        "project_id": str(project_id),
-                        "epoch": epoch,
-                    }
-                )
-                issue.start_date = properties.get("start_date")
-
-            # Target date
-            if properties.get("target_date", False):
-                if (
-                    issue.start_date
-                    and not properties.get("start_date", False)
-                    and issue.start_date
-                    >= datetime.strptime(
-                        properties.get("target_date"), "%Y-%m-%d"
-                    ).date()
-                ):
-                    return Response(
-                        {
-                            "error_code": 4102,
-                            "error_message": "INVALID_ISSUE_TARGET_DATE",
-                        },
-                        status=status.HTTP_400_BAD_REQUEST,
-                    )
-                bulk_issue_activities.append(
-                    {
-                        "type": "issue.activity.updated",
-                        "requested_data": json.dumps(
-                            {"target_date": properties.get("target_date")}
-                        ),
-                        "current_instance": json.dumps(
-                            {"target_date": str(issue.target_date)}
-                        ),
-                        "issue_id": str(issue.id),
-                        "actor_id": str(request.user.id),
-                        "project_id": str(project_id),
-                        "epoch": epoch,
-                    }
-                )
-                issue.target_date = properties.get("target_date")
-
-            bulk_update_issues.append(issue)
-
-            # Labels
-            if properties.get("label_ids", []):
-                for label_id in properties.get("label_ids", []):
-                    bulk_update_issue_labels.append(
-                        IssueLabel(
-                            issue=issue,
-                            label_id=label_id,
-                            created_by=request.user,
-                            project_id=project_id,
-                            workspace_id=workspace_id,
-                        )
-                    )
-                bulk_issue_activities.append(
-                    {
-                        "type": "issue.activity.updated",
-                        "requested_data": json.dumps(
-                            {"label_ids": properties.get("label_ids", [])}
-                        ),
-                        "current_instance": json.dumps(
-                            {
-                                "label_ids": [
-                                    str(label.id)
-                                    for label in issue.labels.all()
-                                ]
-                            }
-                        ),
-                        "issue_id": str(issue.id),
-                        "actor_id": str(request.user.id),
-                        "project_id": str(project_id),
-                        "epoch": epoch,
-                    }
-                )
-
-            # Assignees
-            if properties.get("assignee_ids", []):
-                for assignee_id in properties.get(
-                    "assignee_ids", issue.assignees
-                ):
-                    bulk_update_issue_assignees.append(
-                        IssueAssignee(
-                            issue=issue,
-                            assignee_id=assignee_id,
-                            created_by=request.user,
-                            project_id=project_id,
-                            workspace_id=workspace_id,
-                        )
-                    )
-                bulk_issue_activities.append(
-                    {
-                        "type": "issue.activity.updated",
-                        "requested_data": json.dumps(
-                            {
-                                "assignee_ids": properties.get(
-                                    "assignee_ids", []
-                                )
-                            }
-                        ),
-                        "current_instance": json.dumps(
-                            {
-                                "assignee_ids": [
-                                    str(assignee.id)
-                                    for assignee in issue.assignees.all()
-                                ]
-                            }
-                        ),
-                        "issue_id": str(issue.id),
-                        "actor_id": str(request.user.id),
-                        "project_id": str(project_id),
-                        "epoch": epoch,
-                    }
-                )
-
-        # Bulk update all the objects
-        Issue.objects.bulk_update(
-            bulk_update_issues,
-            [
-                "priority",
-                "start_date",
-                "target_date",
-                "state",
-            ],
-            batch_size=100,
-        )
-
-        # Create new labels
-        IssueLabel.objects.bulk_create(
-            bulk_update_issue_labels,
-            ignore_conflicts=True,
-            batch_size=100,
-        )
-
-        # Create new assignees
-        IssueAssignee.objects.bulk_create(
-            bulk_update_issue_assignees,
-            ignore_conflicts=True,
-            batch_size=100,
-        )
-        # update the issue activity
-        [
-            issue_activity.delay(**activity)
-            for activity in bulk_issue_activities
-        ]
-
-        return Response(status=status.HTTP_204_NO_CONTENT)
--- a/apiserver/plane/app/views/issue/comment.py
+++ b/apiserver/plane/app/views/issue/comment.py
@@ -16,22 +16,21 @@ from plane.app.serializers import (
    IssueCommentSerializer,
    CommentReactionSerializer,
 )
-from plane.app.permissions import ProjectLitePermission
+from plane.app.permissions import allow_permission, ROLE
 from plane.db.models import (
    IssueComment,
    ProjectMember,
    CommentReaction,
+    Project,
+    Issue,
 )
-from plane.bgtasks.issue_activites_task import issue_activity
+from plane.bgtasks.issue_activities_task import issue_activity


 class IssueCommentViewSet(BaseViewSet):
    serializer_class = IssueCommentSerializer
    model = IssueComment
    webhook_event = "issue_comment"
-    permission_classes = [
-        ProjectLitePermission,
-    ]

    filterset_fields = [
        "issue__id",
@@ -66,7 +65,31 @@ class IssueCommentViewSet(BaseViewSet):
            .distinct()
        )

+    @allow_permission(
+        [
+            ROLE.ADMIN,
+            ROLE.MEMBER,
+            ROLE.GUEST,
+        ]
+    )
    def create(self, request, slug, project_id, issue_id):
+        project = Project.objects.get(pk=project_id)
+        issue = Issue.objects.get(pk=issue_id)
+        if (
+            ProjectMember.objects.filter(
+                workspace__slug=slug,
+                project_id=project_id,
+                member=request.user,
+                role=5,
+                is_active=True,
+            ).exists()
+            and not project.guest_view_all_features
+            and not issue.created_by == request.user
+        ):
+            return Response(
+                {"error": "You are not allowed to comment on the issue"},
+                status=status.HTTP_400_BAD_REQUEST,
+            )
        serializer = IssueCommentSerializer(data=request.data)
        if serializer.is_valid():
            serializer.save(
@@ -90,6 +113,11 @@ class IssueCommentViewSet(BaseViewSet):
            return Response(serializer.data, status=status.HTTP_201_CREATED)
        return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)

+    @allow_permission(
+        allowed_roles=[ROLE.ADMIN],
+        creator=True,
+        model=IssueComment,
+    )
    def partial_update(self, request, slug, project_id, issue_id, pk):
        issue_comment = IssueComment.objects.get(
            workspace__slug=slug,
@@ -121,6 +149,9 @@ class IssueCommentViewSet(BaseViewSet):
            return Response(serializer.data, status=status.HTTP_200_OK)
        return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)

+    @allow_permission(
+        allowed_roles=[ROLE.ADMIN], creator=True, model=IssueComment
+    )
    def destroy(self, request, slug, project_id, issue_id, pk):
        issue_comment = IssueComment.objects.get(
            workspace__slug=slug,
@@ -150,9 +181,6 @@ class IssueCommentViewSet(BaseViewSet):
 class CommentReactionViewSet(BaseViewSet):
    serializer_class = CommentReactionSerializer
    model = CommentReaction
-    permission_classes = [
-        ProjectLitePermission,
-    ]

    def get_queryset(self):
        return (
@@ -170,6 +198,13 @@ class CommentReactionViewSet(BaseViewSet):
            .distinct()
        )

+    @allow_permission(
+        [
+            ROLE.ADMIN,
+            ROLE.MEMBER,
+            ROLE.GUEST,
+        ]
+    )
    def create(self, request, slug, project_id, comment_id):
        serializer = CommentReactionSerializer(data=request.data)
        if serializer.is_valid():
@@ -192,6 +227,13 @@ class CommentReactionViewSet(BaseViewSet):
            return Response(serializer.data, status=status.HTTP_201_CREATED)
        return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)

+    @allow_permission(
+        [
+            ROLE.ADMIN,
+            ROLE.MEMBER,
+            ROLE.GUEST,
+        ]
+    )
    def destroy(self, request, slug, project_id, comment_id, reaction_code):
        comment_reaction = CommentReaction.objects.get(
            workspace__slug=slug,
--- a/apiserver/plane/app/views/issue/draft.py
+++ b/apiserver/plane/app/views/issue/draft.py
@@ -32,7 +32,7 @@ from plane.app.serializers import (
    IssueFlatSerializer,
    IssueSerializer,
 )
-from plane.bgtasks.issue_activites_task import issue_activity
+from plane.bgtasks.issue_activities_task import issue_activity
 from plane.db.models import (
    Issue,
    IssueAttachment,
@@ -68,6 +68,7 @@ class IssueDraftViewSet(BaseViewSet):
            Issue.objects.filter(project_id=self.kwargs.get("project_id"))
            .filter(workspace__slug=self.kwargs.get("slug"))
            .filter(is_draft=True)
+            .filter(deleted_at__isnull=True)
            .select_related("workspace", "project", "state", "parent")
            .prefetch_related("assignees", "labels", "issue_module__module")
            .annotate(cycle_id=F("issue_cycle__cycle_id"))
--- a/apiserver/plane/app/views/issue/label.py
+++ b/apiserver/plane/app/views/issue/label.py
@@ -11,9 +11,7 @@ from rest_framework import status
 # Module imports
 from .. import BaseViewSet, BaseAPIView
 from plane.app.serializers import LabelSerializer
-from plane.app.permissions import (
-    ProjectMemberPermission,
-)
+from plane.app.permissions import allow_permission, ProjectBasePermission, ROLE
 from plane.db.models import (
    Project,
    Label,
@@ -25,7 +23,7 @@ class LabelViewSet(BaseViewSet):
    serializer_class = LabelSerializer
    model = Label
    permission_classes = [
-        ProjectMemberPermission,
+        ProjectBasePermission,
    ]

    def get_queryset(self):
@@ -45,6 +43,7 @@ class LabelViewSet(BaseViewSet):
    @invalidate_cache(
        path="/api/workspaces/:slug/labels/", url_params=True, user=False
    )
+    @allow_permission([ROLE.ADMIN])
    def create(self, request, slug, project_id):
        try:
            serializer = LabelSerializer(data=request.data)
@@ -67,17 +66,20 @@ class LabelViewSet(BaseViewSet):
    @invalidate_cache(
        path="/api/workspaces/:slug/labels/", url_params=True, user=False
    )
+    @allow_permission([ROLE.ADMIN])
    def partial_update(self, request, *args, **kwargs):
        return super().partial_update(request, *args, **kwargs)

    @invalidate_cache(
        path="/api/workspaces/:slug/labels/", url_params=True, user=False
    )
+    @allow_permission([ROLE.ADMIN])
    def destroy(self, request, *args, **kwargs):
        return super().destroy(request, *args, **kwargs)


 class BulkCreateIssueLabelsEndpoint(BaseAPIView):
+    @allow_permission([ROLE.ADMIN])
    def post(self, request, slug, project_id):
        label_data = request.data.get("label_data", [])
        project = Project.objects.get(pk=project_id)
--- a/apiserver/plane/app/views/issue/link.py
+++ b/apiserver/plane/app/views/issue/link.py
@@ -14,7 +14,7 @@ from .. import BaseViewSet
 from plane.app.serializers import IssueLinkSerializer
 from plane.app.permissions import ProjectEntityPermission
 from plane.db.models import IssueLink
-from plane.bgtasks.issue_activites_task import issue_activity
+from plane.bgtasks.issue_activities_task import issue_activity


 class IssueLinkViewSet(BaseViewSet):
--- a/apiserver/plane/app/views/issue/reaction.py
+++ b/apiserver/plane/app/views/issue/reaction.py
@@ -12,17 +12,14 @@ from rest_framework import status
 # Module imports
 from .. import BaseViewSet
 from plane.app.serializers import IssueReactionSerializer
-from plane.app.permissions import ProjectLitePermission
+from plane.app.permissions import allow_permission, ROLE
 from plane.db.models import IssueReaction
-from plane.bgtasks.issue_activites_task import issue_activity
+from plane.bgtasks.issue_activities_task import issue_activity


 class IssueReactionViewSet(BaseViewSet):
    serializer_class = IssueReactionSerializer
    model = IssueReaction
-    permission_classes = [
-        ProjectLitePermission,
-    ]

    def get_queryset(self):
        return (
@@ -40,6 +37,7 @@ class IssueReactionViewSet(BaseViewSet):
            .distinct()
        )

+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER, ROLE.GUEST])
    def create(self, request, slug, project_id, issue_id):
        serializer = IssueReactionSerializer(data=request.data)
        if serializer.is_valid():
@@ -62,6 +60,7 @@ class IssueReactionViewSet(BaseViewSet):
            return Response(serializer.data, status=status.HTTP_201_CREATED)
        return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)

+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER, ROLE.GUEST])
    def destroy(self, request, slug, project_id, issue_id, reaction_code):
        issue_reaction = IssueReaction.objects.get(
            workspace__slug=slug,
--- a/apiserver/plane/app/views/issue/relation.py
+++ b/apiserver/plane/app/views/issue/relation.py
@@ -27,7 +27,7 @@ from plane.db.models import (
    IssueAttachment,
    IssueLink,
 )
-from plane.bgtasks.issue_activites_task import issue_activity
+from plane.bgtasks.issue_activities_task import issue_activity


 class IssueRelationViewSet(BaseViewSet):
@@ -80,8 +80,7 @@ class IssueRelationViewSet(BaseViewSet):
        ).values_list("issue_id", flat=True)

        queryset = (
-            Issue.issue_objects
-            .filter(workspace__slug=slug)
+            Issue.issue_objects.filter(workspace__slug=slug)
            .select_related("workspace", "project", "state", "parent")
            .prefetch_related("assignees", "labels", "issue_module__module")
            .annotate(cycle_id=F("issue_cycle__cycle_id"))
--- a/apiserver/plane/app/views/issue/sub_issue.py
+++ b/apiserver/plane/app/views/issue/sub_issue.py
@@ -30,7 +30,7 @@ from plane.db.models import (
    IssueLink,
    IssueAttachment,
 )
-from plane.bgtasks.issue_activites_task import issue_activity
+from plane.bgtasks.issue_activities_task import issue_activity
 from plane.utils.user_timezone_converter import user_timezone_converter
 from collections import defaultdict

--- a/apiserver/plane/app/views/module/archive.py
+++ b/apiserver/plane/app/views/module/archive.py
@@ -12,7 +12,8 @@ from django.db.models import (
    Subquery,
    UUIDField,
    Value,
-    Sum
+    Sum,
+    FloatField,
 )
 from django.db.models.functions import Coalesce, Cast
 from django.utils import timezone
@@ -44,8 +45,8 @@ class ModuleArchiveUnarchiveEndpoint(BaseAPIView):
    def get_queryset(self):
        favorite_subquery = UserFavorite.objects.filter(
            user=self.request.user,
-            entity_identifier=OuterRef("pk"),
            entity_type="module",
+            entity_identifier=OuterRef("pk"),
            project_id=self.kwargs.get("project_id"),
            workspace__slug=self.kwargs.get("slug"),
        )
@@ -102,8 +103,93 @@ class ModuleArchiveUnarchiveEndpoint(BaseAPIView):
            .annotate(cnt=Count("pk"))
            .values("cnt")
        )
+        completed_estimate_point = (
+            Issue.issue_objects.filter(
+                estimate_point__estimate__type="points",
+                state__group="completed",
+                issue_module__module_id=OuterRef("pk"),
+            )
+            .values("issue_module__module_id")
+            .annotate(
+                completed_estimate_points=Sum(
+                    Cast("estimate_point__value", FloatField())
+                )
+            )
+            .values("completed_estimate_points")[:1]
+        )
+
+        total_estimate_point = (
+            Issue.issue_objects.filter(
+                estimate_point__estimate__type="points",
+                issue_module__module_id=OuterRef("pk"),
+            )
+            .values("issue_module__module_id")
+            .annotate(
+                total_estimate_points=Sum(
+                    Cast("estimate_point__value", FloatField())
+                )
+            )
+            .values("total_estimate_points")[:1]
+        )
+        backlog_estimate_point = (
+            Issue.issue_objects.filter(
+                estimate_point__estimate__type="points",
+                state__group="backlog",
+                issue_module__module_id=OuterRef("pk"),
+            )
+            .values("issue_module__module_id")
+            .annotate(
+                backlog_estimate_point=Sum(
+                    Cast("estimate_point__value", FloatField())
+                )
+            )
+            .values("backlog_estimate_point")[:1]
+        )
+        unstarted_estimate_point = (
+            Issue.issue_objects.filter(
+                estimate_point__estimate__type="points",
+                state__group="unstarted",
+                issue_module__module_id=OuterRef("pk"),
+            )
+            .values("issue_module__module_id")
+            .annotate(
+                unstarted_estimate_point=Sum(
+                    Cast("estimate_point__value", FloatField())
+                )
+            )
+            .values("unstarted_estimate_point")[:1]
+        )
+        started_estimate_point = (
+            Issue.issue_objects.filter(
+                estimate_point__estimate__type="points",
+                state__group="started",
+                issue_module__module_id=OuterRef("pk"),
+            )
+            .values("issue_module__module_id")
+            .annotate(
+                started_estimate_point=Sum(
+                    Cast("estimate_point__value", FloatField())
+                )
+            )
+            .values("started_estimate_point")[:1]
+        )
+        cancelled_estimate_point = (
+            Issue.issue_objects.filter(
+                estimate_point__estimate__type="points",
+                state__group="cancelled",
+                issue_module__module_id=OuterRef("pk"),
+            )
+            .values("issue_module__module_id")
+            .annotate(
+                cancelled_estimate_point=Sum(
+                    Cast("estimate_point__value", FloatField())
+                )
+            )
+            .values("cancelled_estimate_point")[:1]
+        )
        return (
            Module.objects.filter(workspace__slug=self.kwargs.get("slug"))
+            .filter(project_id=self.kwargs.get("project_id"))
            .filter(archived_at__isnull=False)
            .annotate(is_favorite=Exists(favorite_subquery))
            .select_related("workspace", "project", "lead")
@@ -152,6 +238,42 @@ class ModuleArchiveUnarchiveEndpoint(BaseAPIView):
                    Value(0, output_field=IntegerField()),
                )
            )
+            .annotate(
+                backlog_estimate_points=Coalesce(
+                    Subquery(backlog_estimate_point),
+                    Value(0, output_field=FloatField()),
+                ),
+            )
+            .annotate(
+                unstarted_estimate_points=Coalesce(
+                    Subquery(unstarted_estimate_point),
+                    Value(0, output_field=FloatField()),
+                ),
+            )
+            .annotate(
+                started_estimate_points=Coalesce(
+                    Subquery(started_estimate_point),
+                    Value(0, output_field=FloatField()),
+                ),
+            )
+            .annotate(
+                cancelled_estimate_points=Coalesce(
+                    Subquery(cancelled_estimate_point),
+                    Value(0, output_field=FloatField()),
+                ),
+            )
+            .annotate(
+                completed_estimate_points=Coalesce(
+                    Subquery(completed_estimate_point),
+                    Value(0, output_field=FloatField()),
+                ),
+            )
+            .annotate(
+                total_estimate_points=Coalesce(
+                    Subquery(total_estimate_point),
+                    Value(0, output_field=FloatField()),
+                ),
+            )
            .annotate(
                member_ids=Coalesce(
                    ArrayAgg(
@@ -232,7 +354,7 @@ class ModuleArchiveUnarchiveEndpoint(BaseAPIView):
            data["estimate_distribution"] = {}

            if estimate_type:
-                label_distribution = (
+                assignee_distribution = (
                    Issue.issue_objects.filter(
                        issue_module__module_id=pk,
                        workspace__slug=slug,
@@ -252,12 +374,12 @@ class ModuleArchiveUnarchiveEndpoint(BaseAPIView):
                    )
                    .annotate(
                        total_estimates=Sum(
-                            Cast("estimate_point__value", IntegerField())
+                            Cast("estimate_point__value", FloatField())
                        ),
                    )
                    .annotate(
                        completed_estimates=Sum(
-                            Cast("estimate_point__value", IntegerField()),
+                            Cast("estimate_point__value", FloatField()),
                            filter=Q(
                                completed_at__isnull=False,
                                archived_at__isnull=True,
@@ -267,7 +389,7 @@ class ModuleArchiveUnarchiveEndpoint(BaseAPIView):
                    )
                    .annotate(
                        pending_estimates=Sum(
-                            Cast("estimate_point__value", IntegerField()),
+                            Cast("estimate_point__value", FloatField()),
                            filter=Q(
                                completed_at__isnull=True,
                                archived_at__isnull=True,
@@ -278,7 +400,7 @@ class ModuleArchiveUnarchiveEndpoint(BaseAPIView):
                    .order_by("first_name", "last_name")
                )

-                assignee_distribution = (
+                label_distribution = (
                    Issue.issue_objects.filter(
                        issue_module__module_id=pk,
                        workspace__slug=slug,
@@ -290,12 +412,12 @@ class ModuleArchiveUnarchiveEndpoint(BaseAPIView):
                    .values("label_name", "color", "label_id")
                    .annotate(
                        total_estimates=Sum(
-                            Cast("estimate_point__value", IntegerField())
+                            Cast("estimate_point__value", FloatField())
                        ),
                    )
                    .annotate(
                        completed_estimates=Sum(
-                            Cast("estimate_point__value", IntegerField()),
+                            Cast("estimate_point__value", FloatField()),
                            filter=Q(
                                completed_at__isnull=False,
                                archived_at__isnull=True,
@@ -305,7 +427,7 @@ class ModuleArchiveUnarchiveEndpoint(BaseAPIView):
                    )
                    .annotate(
                        pending_estimates=Sum(
-                            Cast("estimate_point__value", IntegerField()),
+                            Cast("estimate_point__value", FloatField()),
                            filter=Q(
                                completed_at__isnull=True,
                                archived_at__isnull=True,
@@ -315,8 +437,8 @@ class ModuleArchiveUnarchiveEndpoint(BaseAPIView):
                    )
                    .order_by("label_name")
                )
-                data["estimate_distribution"]["assignee"] = assignee_distribution
-                data["estimate_distribution"]["label"] = label_distribution
+                data["estimate_distribution"]["assignees"] = assignee_distribution
+                data["estimate_distribution"]["labels"] = label_distribution

                if modules and modules.start_date and modules.target_date:
                    data["estimate_distribution"]["completion_chart"] = (
@@ -328,6 +450,7 @@ class ModuleArchiveUnarchiveEndpoint(BaseAPIView):
                            module_id=pk,
                        )
                    )
+
            assignee_distribution = (
                Issue.issue_objects.filter(
                    issue_module__module_id=pk,
@@ -353,7 +476,7 @@ class ModuleArchiveUnarchiveEndpoint(BaseAPIView):
                            archived_at__isnull=True,
                            is_draft=False,
                        ),
-                    )
+                    ),
                )
                .annotate(
                    completed_issues=Count(
@@ -425,8 +548,6 @@ class ModuleArchiveUnarchiveEndpoint(BaseAPIView):
                "labels": label_distribution,
                "completion_chart": {},
            }
-
-            # Fetch the modules
            if modules and modules.start_date and modules.target_date:
                data["distribution"]["completion_chart"] = burndown_plot(
                    queryset=modules,
@@ -454,6 +575,12 @@ class ModuleArchiveUnarchiveEndpoint(BaseAPIView):
            )
        module.archived_at = timezone.now()
        module.save()
+        UserFavorite.objects.filter(
+            entity_type="module",
+            entity_identifier=module_id,
+            project_id=project_id,
+            workspace__slug=slug,
+        ).delete()
        return Response(
            {"archived_at": str(module.archived_at)},
            status=status.HTTP_200_OK,
--- a/apiserver/plane/app/views/module/base.py
+++ b/apiserver/plane/app/views/module/base.py
@@ -30,8 +30,10 @@ from rest_framework.response import Response
 # Module imports
 from plane.app.permissions import (
    ProjectEntityPermission,
-    ProjectLitePermission,
+    allow_permission,
+    ROLE,
 )
+
 from plane.app.serializers import (
    ModuleDetailSerializer,
    ModuleLinkSerializer,
@@ -39,7 +41,7 @@ from plane.app.serializers import (
    ModuleUserPropertiesSerializer,
    ModuleWriteSerializer,
 )
-from plane.bgtasks.issue_activites_task import issue_activity
+from plane.bgtasks.issue_activities_task import issue_activity
 from plane.db.models import (
    Issue,
    Module,
@@ -48,19 +50,16 @@ from plane.db.models import (
    ModuleLink,
    ModuleUserProperties,
    Project,
-    ProjectMember,
 )
 from plane.utils.analytics_plot import burndown_plot
 from plane.utils.user_timezone_converter import user_timezone_converter
 from plane.bgtasks.webhook_task import model_activity
 from .. import BaseAPIView, BaseViewSet
+from plane.bgtasks.recent_visited_task import recent_visited_task


 class ModuleViewSet(BaseViewSet):
    model = Module
-    permission_classes = [
-        ProjectEntityPermission,
-    ]
    webhook_event = "module"

    def get_serializer_class(self):
@@ -318,6 +317,13 @@ class ModuleViewSet(BaseViewSet):
            .order_by("-is_favorite", "-created_at")
        )

+    allow_permission(
+        [
+            ROLE.ADMIN,
+            ROLE.MEMBER,
+        ]
+    )
+
    def create(self, request, slug, project_id):
        project = Project.objects.get(workspace__slug=slug, pk=project_id)
        serializer = ModuleWriteSerializer(
@@ -380,6 +386,8 @@ class ModuleViewSet(BaseViewSet):
            return Response(module, status=status.HTTP_201_CREATED)
        return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)

+    allow_permission([ROLE.ADMIN, ROLE.MEMBER, ROLE.GUEST])
+
    def list(self, request, slug, project_id):
        queryset = self.get_queryset().filter(archived_at__isnull=True)
        if self.fields:
@@ -427,6 +435,13 @@ class ModuleViewSet(BaseViewSet):
            )
        return Response(modules, status=status.HTTP_200_OK)

+    allow_permission(
+        [
+            ROLE.ADMIN,
+            ROLE.MEMBER,
+        ]
+    )
+
    def retrieve(self, request, slug, project_id, pk):
        queryset = (
            self.get_queryset()
@@ -444,6 +459,12 @@ class ModuleViewSet(BaseViewSet):
            )
        )

+        if not queryset.exists():
+            return Response(
+                {"error": "Module not found"},
+                status=status.HTTP_404_NOT_FOUND,
+            )
+
        estimate_type = Project.objects.filter(
            workspace__slug=slug,
            pk=project_id,
@@ -555,7 +576,7 @@ class ModuleViewSet(BaseViewSet):
                )

        assignee_distribution = (
-            Issue.objects.filter(
+            Issue.issue_objects.filter(
                issue_module__module_id=pk,
                workspace__slug=slug,
                project_id=project_id,
@@ -605,7 +626,7 @@ class ModuleViewSet(BaseViewSet):
        )

        label_distribution = (
-            Issue.objects.filter(
+            Issue.issue_objects.filter(
                issue_module__module_id=pk,
                workspace__slug=slug,
                project_id=project_id,
@@ -660,11 +681,20 @@ class ModuleViewSet(BaseViewSet):
                module_id=pk,
            )

+        recent_visited_task.delay(
+            slug=slug,
+            entity_name="module",
+            entity_identifier=pk,
+            user_id=request.user.id,
+            project_id=project_id,
+        )
+
        return Response(
            data,
            status=status.HTTP_200_OK,
        )

+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
    def partial_update(self, request, slug, project_id, pk):
        module = self.get_queryset().filter(pk=pk)

@@ -734,25 +764,12 @@ class ModuleViewSet(BaseViewSet):
            return Response(module, status=status.HTTP_200_OK)
        return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)

+    @allow_permission([ROLE.ADMIN], creator=True, model=Module)
    def destroy(self, request, slug, project_id, pk):
        module = Module.objects.get(
            workspace__slug=slug, project_id=project_id, pk=pk
        )

-        if module.created_by_id != request.user.id and (
-            not ProjectMember.objects.filter(
-                workspace__slug=slug,
-                member=request.user,
-                role=20,
-                project_id=project_id,
-                is_active=True,
-            ).exists()
-        ):
-            return Response(
-                {"error": "Only admin or creator can delete the module"},
-                status=status.HTTP_403_FORBIDDEN,
-            )
-
        module_issues = list(
            ModuleIssue.objects.filter(module_id=pk).values_list(
                "issue", flat=True
@@ -773,6 +790,18 @@ class ModuleViewSet(BaseViewSet):
            for issue in module_issues
        ]
        module.delete()
+        # Delete the module issues
+        ModuleIssue.objects.filter(
+            module=pk,
+            project_id=project_id,
+        ).delete()
+        # Delete the user favorite module
+        UserFavorite.objects.filter(
+            user=request.user,
+            entity_type="module",
+            entity_identifier=pk,
+            project_id=project_id,
+        ).delete()
        return Response(status=status.HTTP_204_NO_CONTENT)


@@ -836,15 +865,13 @@ class ModuleFavoriteViewSet(BaseViewSet):
            entity_type="module",
            entity_identifier=module_id,
        )
-        module_favorite.delete()
+        module_favorite.delete(soft=False)
        return Response(status=status.HTTP_204_NO_CONTENT)


 class ModuleUserPropertiesEndpoint(BaseAPIView):
-    permission_classes = [
-        ProjectLitePermission,
-    ]

+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER, ROLE.GUEST])
    def patch(self, request, slug, project_id, module_id):
        module_properties = ModuleUserProperties.objects.get(
            user=request.user,
@@ -867,6 +894,7 @@ class ModuleUserPropertiesEndpoint(BaseAPIView):
        serializer = ModuleUserPropertiesSerializer(module_properties)
        return Response(serializer.data, status=status.HTTP_201_CREATED)

+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER, ROLE.GUEST])
    def get(self, request, slug, project_id, module_id):
        module_properties, _ = ModuleUserProperties.objects.get_or_create(
            user=request.user,
--- a/apiserver/plane/app/views/module/issue.py
+++ b/apiserver/plane/app/views/module/issue.py
@@ -17,13 +17,11 @@ from django.views.decorators.gzip import gzip_page
 from rest_framework import status
 from rest_framework.response import Response

-from plane.app.permissions import (
-    ProjectEntityPermission,
-)
+from plane.app.permissions import allow_permission, ROLE
 from plane.app.serializers import (
    ModuleIssueSerializer,
 )
-from plane.bgtasks.issue_activites_task import issue_activity
+from plane.bgtasks.issue_activities_task import issue_activity
 from plane.db.models import (
    Issue,
    IssueAttachment,
@@ -46,6 +44,7 @@ from plane.utils.paginator import (
 # Module imports
 from .. import BaseViewSet

+
 class ModuleIssueViewSet(BaseViewSet):
    serializer_class = ModuleIssueSerializer
    model = ModuleIssue
@@ -57,10 +56,6 @@ class ModuleIssueViewSet(BaseViewSet):
        "issue__assignees__id",
    ]

-    permission_classes = [
-        ProjectEntityPermission,
-    ]
-
    def get_queryset(self):
        return (
            Issue.issue_objects.filter(
@@ -96,6 +91,12 @@ class ModuleIssueViewSet(BaseViewSet):
        ).distinct()

    @method_decorator(gzip_page)
+    @allow_permission(
+        [
+            ROLE.ADMIN,
+            ROLE.MEMBER,
+        ]
+    )
    def list(self, request, slug, project_id, module_id):
        filters = issue_filters(request.query_params, "GET")
        issue_queryset = self.get_queryset().filter(**filters)
@@ -203,6 +204,7 @@ class ModuleIssueViewSet(BaseViewSet):
                ),
            )

+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
    # create multiple issues inside a module
    def create_module_issues(self, request, slug, project_id, module_id):
        issues = request.data.get("issues", [])
@@ -244,13 +246,13 @@ class ModuleIssueViewSet(BaseViewSet):
        ]
        return Response({"message": "success"}, status=status.HTTP_201_CREATED)

+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
    # add multiple module inside an issue and remove multiple modules from an issue
    def create_issue_modules(self, request, slug, project_id, issue_id):
        modules = request.data.get("modules", [])
        removed_modules = request.data.get("removed_modules", [])
        project = Project.objects.get(pk=project_id)

-
        if modules:
            _ = ModuleIssue.objects.bulk_create(
                [
@@ -284,7 +286,7 @@ class ModuleIssueViewSet(BaseViewSet):
            ]

        for module_id in removed_modules:
-            module_issue = ModuleIssue.objects.get(
+            module_issue = ModuleIssue.objects.filter(
                workspace__slug=slug,
                project_id=project_id,
                module_id=module_id,
@@ -297,7 +299,7 @@ class ModuleIssueViewSet(BaseViewSet):
                issue_id=str(issue_id),
                project_id=str(project_id),
                current_instance=json.dumps(
-                    {"module_name": module_issue.module.name}
+                    {"module_name": module_issue.first().module.name}
                ),
                epoch=int(timezone.now().timestamp()),
                notification=True,
@@ -307,8 +309,9 @@ class ModuleIssueViewSet(BaseViewSet):

        return Response({"message": "success"}, status=status.HTTP_201_CREATED)

+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
    def destroy(self, request, slug, project_id, module_id, issue_id):
-        module_issue = ModuleIssue.objects.get(
+        module_issue = ModuleIssue.objects.filter(
            workspace__slug=slug,
            project_id=project_id,
            module_id=module_id,
@@ -321,7 +324,7 @@ class ModuleIssueViewSet(BaseViewSet):
            issue_id=str(issue_id),
            project_id=str(project_id),
            current_instance=json.dumps(
-                {"module_name": module_issue.module.name}
+                {"module_name": module_issue.first().module.name}
            ),
            epoch=int(timezone.now().timestamp()),
            notification=True,
--- a/apiserver/plane/app/views/notification/base.py
+++ b/apiserver/plane/app/views/notification/base.py
@@ -19,6 +19,7 @@ from plane.db.models import (
    WorkspaceMember,
 )
 from plane.utils.paginator import BasePaginator
+from plane.app.permissions import allow_permission, ROLE

 # Module imports
 from ..base import BaseAPIView, BaseViewSet
@@ -39,6 +40,10 @@ class NotificationViewSet(BaseViewSet, BasePaginator):
            .select_related("workspace", "project," "triggered_by", "receiver")
        )

+    @allow_permission(
+        allowed_roles=[ROLE.ADMIN, ROLE.MEMBER],
+        level="WORKSPACE",
+    )
    def list(self, request, slug):
        # Get query parameters
        snoozed = request.GET.get("snoozed", "false")
@@ -168,6 +173,10 @@ class NotificationViewSet(BaseViewSet, BasePaginator):
        serializer = NotificationSerializer(notifications, many=True)
        return Response(serializer.data, status=status.HTTP_200_OK)

+    @allow_permission(
+        allowed_roles=[ROLE.ADMIN, ROLE.MEMBER, ROLE.GUEST],
+        level="WORKSPACE",
+    )
    def partial_update(self, request, slug, pk):
        notification = Notification.objects.get(
            workspace__slug=slug, pk=pk, receiver=request.user
@@ -185,6 +194,9 @@ class NotificationViewSet(BaseViewSet, BasePaginator):
            return Response(serializer.data, status=status.HTTP_200_OK)
        return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)

+    @allow_permission(
+        allowed_roles=[ROLE.ADMIN, ROLE.MEMBER, ROLE.GUEST], level="WORKSPACE"
+    )
    def mark_read(self, request, slug, pk):
        notification = Notification.objects.get(
            receiver=request.user, workspace__slug=slug, pk=pk
@@ -194,6 +206,9 @@ class NotificationViewSet(BaseViewSet, BasePaginator):
        serializer = NotificationSerializer(notification)
        return Response(serializer.data, status=status.HTTP_200_OK)

+    @allow_permission(
+        allowed_roles=[ROLE.ADMIN, ROLE.MEMBER], level="WORKSPACE"
+    )
    def mark_unread(self, request, slug, pk):
        notification = Notification.objects.get(
            receiver=request.user, workspace__slug=slug, pk=pk
@@ -203,6 +218,9 @@ class NotificationViewSet(BaseViewSet, BasePaginator):
        serializer = NotificationSerializer(notification)
        return Response(serializer.data, status=status.HTTP_200_OK)

+    @allow_permission(
+        allowed_roles=[ROLE.ADMIN, ROLE.MEMBER], level="WORKSPACE"
+    )
    def archive(self, request, slug, pk):
        notification = Notification.objects.get(
            receiver=request.user, workspace__slug=slug, pk=pk
@@ -212,6 +230,9 @@ class NotificationViewSet(BaseViewSet, BasePaginator):
        serializer = NotificationSerializer(notification)
        return Response(serializer.data, status=status.HTTP_200_OK)

+    @allow_permission(
+        allowed_roles=[ROLE.ADMIN, ROLE.MEMBER], level="WORKSPACE"
+    )
    def unarchive(self, request, slug, pk):
        notification = Notification.objects.get(
            receiver=request.user, workspace__slug=slug, pk=pk
@@ -223,6 +244,10 @@ class NotificationViewSet(BaseViewSet, BasePaginator):


 class UnreadNotificationEndpoint(BaseAPIView):
+    @allow_permission(
+        allowed_roles=[ROLE.ADMIN, ROLE.MEMBER, ROLE.GUEST],
+        level="WORKSPACE",
+    )
    def get(self, request, slug):
        # Watching Issues Count
        unread_notifications_count = (
@@ -260,6 +285,9 @@ class UnreadNotificationEndpoint(BaseAPIView):


 class MarkAllReadNotificationViewSet(BaseViewSet):
+    @allow_permission(
+        allowed_roles=[ROLE.ADMIN, ROLE.MEMBER], level="WORKSPACE"
+    )
    def create(self, request, slug):
        snoozed = request.data.get("snoozed", False)
        archived = request.data.get("archived", False)
--- a/apiserver/plane/app/views/page/base.py
+++ b/apiserver/plane/app/views/page/base.py
@@ -19,7 +19,7 @@ from rest_framework import status
 from rest_framework.response import Response


-from plane.app.permissions import ProjectEntityPermission
+from plane.app.permissions import allow_permission, ROLE
 from plane.app.serializers import (
    PageLogSerializer,
    PageSerializer,
@@ -32,13 +32,16 @@ from plane.db.models import (
    UserFavorite,
    ProjectMember,
    ProjectPage,
+    Project,
 )
+from plane.utils.error_codes import ERROR_CODES

 # Module imports
 from ..base import BaseAPIView, BaseViewSet

 from plane.bgtasks.page_transaction_task import page_transaction
 from plane.bgtasks.page_version_task import page_version
+from plane.bgtasks.recent_visited_task import recent_visited_task


 def unarchive_archive_page_and_descendants(page_id, archived_at):
@@ -60,9 +63,6 @@ def unarchive_archive_page_and_descendants(page_id, archived_at):
 class PageViewSet(BaseViewSet):
    serializer_class = PageSerializer
    model = Page
-    permission_classes = [
-        ProjectEntityPermission,
-    ]
    search_fields = [
        "name",
    ]
@@ -122,6 +122,7 @@ class PageViewSet(BaseViewSet):
            .distinct()
        )

+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER, ROLE.GUEST])
    def create(self, request, slug, project_id):
        serializer = PageSerializer(
            data=request.data,
@@ -143,6 +144,7 @@ class PageViewSet(BaseViewSet):
            return Response(serializer.data, status=status.HTTP_201_CREATED)
        return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)

+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER, ROLE.GUEST])
    def partial_update(self, request, slug, project_id, pk):
        try:
            page = Page.objects.get(
@@ -208,8 +210,38 @@ class PageViewSet(BaseViewSet):
                status=status.HTTP_400_BAD_REQUEST,
            )

+    @allow_permission(
+        [
+            ROLE.ADMIN,
+            ROLE.MEMBER,
+            ROLE.GUEST,
+        ]
+    )
    def retrieve(self, request, slug, project_id, pk=None):
        page = self.get_queryset().filter(pk=pk).first()
+        project = Project.objects.get(pk=project_id)
+
+        """
+        if the role is guest and guest_view_all_features is false and owned by is not 
+        the requesting user then dont show the page
+        """
+
+        if (
+            ProjectMember.objects.filter(
+                workspace__slug=slug,
+                project_id=project_id,
+                member=request.user,
+                role=5,
+                is_active=True,
+            ).exists()
+            and not project.guest_view_all_features
+            and not page.owned_by == request.user
+        ):
+            return Response(
+                {"error": "You are not allowed to view this page"},
+                status=status.HTTP_400_BAD_REQUEST,
+            )
+
        if page is None:
            return Response(
                {"error": "Page not found"},
@@ -221,11 +253,19 @@ class PageViewSet(BaseViewSet):
            ).values_list("entity_identifier", flat=True)
            data = PageDetailSerializer(page).data
            data["issue_ids"] = issue_ids
+            recent_visited_task.delay(
+                slug=slug,
+                entity_name="page",
+                entity_identifier=pk,
+                user_id=request.user.id,
+                project_id=project_id,
+            )
            return Response(
                data,
                status=status.HTTP_200_OK,
            )

+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER, ROLE.GUEST])
    def lock(self, request, slug, project_id, pk):
        page = Page.objects.filter(
            pk=pk, workspace__slug=slug, projects__id=project_id
@@ -235,6 +275,7 @@ class PageViewSet(BaseViewSet):
        page.save()
        return Response(status=status.HTTP_204_NO_CONTENT)

+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER, ROLE.GUEST])
    def unlock(self, request, slug, project_id, pk):
        page = Page.objects.filter(
            pk=pk, workspace__slug=slug, projects__id=project_id
@@ -245,6 +286,7 @@ class PageViewSet(BaseViewSet):

        return Response(status=status.HTTP_204_NO_CONTENT)

+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER, ROLE.GUEST])
    def access(self, request, slug, project_id, pk):
        access = request.data.get("access", 0)
        page = Page.objects.filter(
@@ -267,11 +309,31 @@ class PageViewSet(BaseViewSet):
        page.save()
        return Response(status=status.HTTP_204_NO_CONTENT)

+    @allow_permission(
+        [
+            ROLE.ADMIN,
+            ROLE.MEMBER,
+            ROLE.GUEST,
+        ]
+    )
    def list(self, request, slug, project_id):
        queryset = self.get_queryset()
+        project = Project.objects.get(pk=project_id)
+        if (
+            ProjectMember.objects.filter(
+                workspace__slug=slug,
+                project_id=project_id,
+                member=request.user,
+                role=5,
+                is_active=True,
+            ).exists()
+            and not project.guest_view_all_features
+        ):
+            queryset = queryset.filter(owned_by=request.user)
        pages = PageSerializer(queryset, many=True).data
        return Response(pages, status=status.HTTP_200_OK)

+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER, ROLE.GUEST])
    def archive(self, request, slug, project_id, pk):
        page = Page.objects.get(
            pk=pk, workspace__slug=slug, projects__id=project_id
@@ -292,6 +354,13 @@ class PageViewSet(BaseViewSet):
                status=status.HTTP_400_BAD_REQUEST,
            )

+        UserFavorite.objects.filter(
+            entity_type="page",
+            entity_identifier=pk,
+            project_id=project_id,
+            workspace__slug=slug,
+        ).delete()
+
        unarchive_archive_page_and_descendants(pk, datetime.now())

        return Response(
@@ -299,6 +368,7 @@ class PageViewSet(BaseViewSet):
            status=status.HTTP_200_OK,
        )

+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER, ROLE.GUEST])
    def unarchive(self, request, slug, project_id, pk):
        page = Page.objects.get(
            pk=pk, workspace__slug=slug, projects__id=project_id
@@ -328,13 +398,20 @@ class PageViewSet(BaseViewSet):

        return Response(status=status.HTTP_204_NO_CONTENT)

+    @allow_permission([ROLE.ADMIN], creator=True, model=Page)
    def destroy(self, request, slug, project_id, pk):
        page = Page.objects.get(
            pk=pk, workspace__slug=slug, projects__id=project_id
        )

-        if not page.owned_by_id != request.user.id and not (
-            ProjectMember.objects.filter(
+        if page.archived_at is None:
+            return Response(
+                {"error": "The page should be archived before deleting"},
+                status=status.HTTP_400_BAD_REQUEST,
+            )
+
+        if page.owned_by_id != request.user.id and (
+            not ProjectMember.objects.filter(
                workspace__slug=slug,
                member=request.user,
                role=20,
@@ -347,43 +424,27 @@ class PageViewSet(BaseViewSet):
                status=status.HTTP_403_FORBIDDEN,
            )

-        # only the owner and admin can delete the page
-        if (
-            ProjectMember.objects.filter(
-                project_id=project_id,
-                member=request.user,
-                is_active=True,
-                role__gt=20,
-            ).exists()
-            or request.user.id != page.owned_by_id
-        ):
-            return Response(
-                {"error": "Only the owner and admin can delete the page"},
-                status=status.HTTP_400_BAD_REQUEST,
-            )
-
-        if page.archived_at is None:
-            return Response(
-                {"error": "The page should be archived before deleting"},
-                status=status.HTTP_400_BAD_REQUEST,
-            )
-
        # remove parent from all the children
        _ = Page.objects.filter(
            parent_id=pk, projects__id=project_id, workspace__slug=slug
        ).update(parent=None)

        page.delete()
+        # Delete the user favorite page
+        UserFavorite.objects.filter(
+            project=project_id,
+            workspace__slug=slug,
+            entity_identifier=pk,
+            entity_type="page",
+        ).delete()
        return Response(status=status.HTTP_204_NO_CONTENT)


 class PageFavoriteViewSet(BaseViewSet):
-    permission_classes = [
-        ProjectEntityPermission,
-    ]

    model = UserFavorite

+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
    def create(self, request, slug, project_id, pk):
        _ = UserFavorite.objects.create(
            project_id=project_id,
@@ -393,6 +454,7 @@ class PageFavoriteViewSet(BaseViewSet):
        )
        return Response(status=status.HTTP_204_NO_CONTENT)

+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
    def destroy(self, request, slug, project_id, pk):
        page_favorite = UserFavorite.objects.get(
            project=project_id,
@@ -401,14 +463,11 @@ class PageFavoriteViewSet(BaseViewSet):
            entity_identifier=pk,
            entity_type="page",
        )
-        page_favorite.delete()
+        page_favorite.delete(soft=False)
        return Response(status=status.HTTP_204_NO_CONTENT)


 class PageLogEndpoint(BaseAPIView):
-    permission_classes = [
-        ProjectEntityPermission,
-    ]

    serializer_class = PageLogSerializer
    model = PageLog
@@ -448,9 +507,6 @@ class PageLogEndpoint(BaseAPIView):


 class SubPagesEndpoint(BaseAPIView):
-    permission_classes = [
-        ProjectEntityPermission,
-    ]

    @method_decorator(gzip_page)
    def get(self, request, slug, project_id, page_id):
@@ -469,10 +525,14 @@ class SubPagesEndpoint(BaseAPIView):


 class PagesDescriptionViewSet(BaseViewSet):
-    permission_classes = [
-        ProjectEntityPermission,
-    ]

+    @allow_permission(
+        [
+            ROLE.ADMIN,
+            ROLE.MEMBER,
+            ROLE.GUEST,
+        ]
+    )
    def retrieve(self, request, slug, project_id, pk):
        page = (
            Page.objects.filter(
@@ -481,6 +541,11 @@ class PagesDescriptionViewSet(BaseViewSet):
            .filter(Q(owned_by=self.request.user) | Q(access=0))
            .first()
        )
+        if page is None:
+            return Response(
+                {"error": "Page not found"},
+                status=404,
+            )
        binary_data = page.description_binary

        def stream_data():
@@ -497,6 +562,7 @@ class PagesDescriptionViewSet(BaseViewSet):
        )
        return response

+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER, ROLE.GUEST])
    def partial_update(self, request, slug, project_id, pk):
        page = (
            Page.objects.filter(
@@ -514,14 +580,20 @@ class PagesDescriptionViewSet(BaseViewSet):

        if page.is_locked:
            return Response(
-                {"error": "Page is locked"},
-                status=471,
+                {
+                    "error_code": ERROR_CODES["PAGE_LOCKED"],
+                    "error_message": "PAGE_LOCKED",
+                },
+                status=status.HTTP_400_BAD_REQUEST,
            )

        if page.archived_at:
            return Response(
-                {"error": "Page is archived"},
-                status=472,
+                {
+                    "error_code": ERROR_CODES["PAGE_ARCHIVED"],
+                    "error_message": "PAGE_ARCHIVED",
+                },
+                status=status.HTTP_400_BAD_REQUEST,
            )

        # Serialize the existing instance
@@ -549,6 +621,7 @@ class PagesDescriptionViewSet(BaseViewSet):
            # Store the updated binary data
            page.description_binary = new_binary_data
            page.description_html = request.data.get("description_html")
+            page.description = request.data.get("description")
            page.save()
            # Return a success response
            page_version.delay(
--- a/apiserver/plane/app/views/page/version.py
+++ b/apiserver/plane/app/views/page/version.py
@@ -5,16 +5,18 @@ from rest_framework.response import Response
 # Module imports
 from plane.db.models import PageVersion
 from ..base import BaseAPIView
-from plane.app.permissions import ProjectEntityPermission
-from plane.app.serializers import PageVersionSerializer
+from plane.app.serializers import (
+    PageVersionSerializer,
+    PageVersionDetailSerializer,
+)
+from plane.app.permissions import allow_permission, ROLE


 class PageVersionEndpoint(BaseAPIView):

-    permission_classes = [
-        ProjectEntityPermission,
-    ]
-
+    @allow_permission(
+        allowed_roles=[ROLE.ADMIN, ROLE.MEMBER, ROLE.GUEST]
+    )
    def get(self, request, slug, project_id, page_id, pk=None):
        # Check if pk is provided
        if pk:
@@ -25,7 +27,7 @@ class PageVersionEndpoint(BaseAPIView):
                pk=pk,
            )
            # Serialize the page version
-            serializer = PageVersionSerializer(page_version)
+            serializer = PageVersionDetailSerializer(page_version)
            return Response(serializer.data, status=status.HTTP_200_OK)
        # Return all page versions
        page_versions = PageVersion.objects.filter(
--- a/apiserver/plane/app/views/project/base.py
+++ b/apiserver/plane/app/views/project/base.py
@@ -31,8 +31,9 @@ from plane.app.serializers import (
 )

 from plane.app.permissions import (
-    ProjectBasePermission,
    ProjectMemberPermission,
+    allow_permission,
+    ROLE,
 )
 from plane.db.models import (
    UserFavorite,
@@ -47,9 +48,11 @@ from plane.db.models import (
    ProjectMember,
    State,
    Workspace,
+    WorkspaceMember,
 )
 from plane.utils.cache import cache_response
 from plane.bgtasks.webhook_task import model_activity
+from plane.bgtasks.recent_visited_task import recent_visited_task


 class ProjectViewSet(BaseViewSet):
@@ -57,10 +60,6 @@ class ProjectViewSet(BaseViewSet):
    model = Project
    webhook_event = "project"

-    permission_classes = [
-        ProjectBasePermission,
-    ]
-
    def get_queryset(self):
        sort_order = ProjectMember.objects.filter(
            member=self.request.user,
@@ -72,13 +71,6 @@ class ProjectViewSet(BaseViewSet):
            super()
            .get_queryset()
            .filter(workspace__slug=self.kwargs.get("slug"))
-            .filter(
-                Q(
-                    project_projectmember__member=self.request.user,
-                    project_projectmember__is_active=True,
-                )
-                | Q(network=2)
-            )
            .select_related(
                "workspace",
                "workspace__owner",
@@ -155,6 +147,10 @@ class ProjectViewSet(BaseViewSet):
            .distinct()
        )

+    @allow_permission(
+        allowed_roles=[ROLE.ADMIN, ROLE.MEMBER, ROLE.GUEST],
+        level="WORKSPACE",
+    )
    def list(self, request, slug):
        fields = [
            field
@@ -162,6 +158,31 @@ class ProjectViewSet(BaseViewSet):
            if field
        ]
        projects = self.get_queryset().order_by("sort_order", "name")
+        if WorkspaceMember.objects.filter(
+            member=request.user,
+            workspace__slug=slug,
+            is_active=True,
+            role=5,
+        ).exists():
+            projects = projects.filter(
+                project_projectmember__member=self.request.user,
+                project_projectmember__is_active=True,
+            )
+
+        if WorkspaceMember.objects.filter(
+            member=request.user,
+            workspace__slug=slug,
+            is_active=True,
+            role=10,
+        ).exists():
+            projects = projects.filter(
+                Q(
+                    project_projectmember__member=self.request.user,
+                    project_projectmember__is_active=True,
+                )
+                | Q(network=2)
+            )
+
        if request.GET.get("per_page", False) and request.GET.get(
            "cursor", False
        ):
@@ -173,11 +194,16 @@ class ProjectViewSet(BaseViewSet):
                    projects, many=True
                ).data,
            )
+
        projects = ProjectListSerializer(
            projects, many=True, fields=fields if fields else None
        ).data
        return Response(projects, status=status.HTTP_200_OK)

+    @allow_permission(
+        allowed_roles=[ROLE.ADMIN, ROLE.MEMBER, ROLE.GUEST],
+        level="WORKSPACE",
+    )
    def retrieve(self, request, slug, pk):
        project = (
            self.get_queryset()
@@ -246,9 +272,18 @@ class ProjectViewSet(BaseViewSet):
                status=status.HTTP_404_NOT_FOUND,
            )

+        recent_visited_task.delay(
+            slug=slug,
+            project_id=pk,
+            entity_name="project",
+            entity_identifier=pk,
+            user_id=request.user.id,
+        )
+
        serializer = ProjectListSerializer(project)
        return Response(serializer.data, status=status.HTTP_200_OK)

+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER], level="WORKSPACE")
    def create(self, request, slug):
        try:
            workspace = Workspace.objects.get(slug=slug)
@@ -378,6 +413,7 @@ class ProjectViewSet(BaseViewSet):
                status=status.HTTP_410_GONE,
            )

+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER], level="WORKSPACE")
    def partial_update(self, request, slug, pk=None):
        try:
            workspace = Workspace.objects.get(slug=slug)
@@ -459,19 +495,21 @@ class ProjectViewSet(BaseViewSet):

 class ProjectArchiveUnarchiveEndpoint(BaseAPIView):

-    permission_classes = [
-        ProjectBasePermission,
-    ]
-
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
    def post(self, request, slug, project_id):
        project = Project.objects.get(pk=project_id, workspace__slug=slug)
        project.archived_at = timezone.now()
        project.save()
+        UserFavorite.objects.filter(
+            workspace__slug=slug,
+            project=project_id,
+        ).delete()
        return Response(
            {"archived_at": str(project.archived_at)},
            status=status.HTTP_200_OK,
        )

+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
    def delete(self, request, slug, project_id):
        project = Project.objects.get(pk=project_id, workspace__slug=slug)
        project.archived_at = None
@@ -480,10 +518,7 @@ class ProjectArchiveUnarchiveEndpoint(BaseAPIView):


 class ProjectIdentifierEndpoint(BaseAPIView):
-    permission_classes = [
-        ProjectBasePermission,
-    ]
-
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER], level="WORKSPACE")
    def get(self, request, slug):
        name = request.GET.get("name", "").strip().upper()

@@ -502,6 +537,7 @@ class ProjectIdentifierEndpoint(BaseAPIView):
            status=status.HTTP_200_OK,
        )

+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER], level="WORKSPACE")
    def delete(self, request, slug):
        name = request.data.get("name", "").strip().upper()

@@ -599,7 +635,7 @@ class ProjectFavoritesViewSet(BaseViewSet):
            user=request.user,
            workspace__slug=slug,
        )
-        project_favorite.delete()
+        project_favorite.delete(soft=False)
        return Response(status=status.HTTP_204_NO_CONTENT)


--- a/apiserver/plane/app/views/project/invite.py
+++ b/apiserver/plane/app/views/project/invite.py
@@ -17,7 +17,7 @@ from rest_framework.permissions import AllowAny
 from .base import BaseViewSet, BaseAPIView
 from plane.app.serializers import ProjectMemberInviteSerializer

-from plane.app.permissions import ProjectBasePermission
+from plane.app.permissions import allow_permission, ROLE

 from plane.db.models import (
    ProjectMember,
@@ -35,10 +35,6 @@ class ProjectInvitationsViewset(BaseViewSet):

    search_fields = []

-    permission_classes = [
-        ProjectBasePermission,
-    ]
-
    def get_queryset(self):
        return self.filter_queryset(
            super()
@@ -49,6 +45,7 @@ class ProjectInvitationsViewset(BaseViewSet):
            .select_related("workspace", "workspace__owner")
        )

+    @allow_permission([ROLE.ADMIN])
    def create(self, request, slug, project_id):
        emails = request.data.get("emails", [])

@@ -59,24 +56,21 @@ class ProjectInvitationsViewset(BaseViewSet):
                status=status.HTTP_400_BAD_REQUEST,
            )

-        requesting_user = ProjectMember.objects.get(
-            workspace__slug=slug,
-            project_id=project_id,
-            member_id=request.user.id,
-        )
+        for email in emails:
+            workspace_role = WorkspaceMember.objects.filter(
+                workspace__slug=slug,
+                member__email=email.get("email"),
+                is_active=True,
+            ).role

-        # Check if any invited user has an higher role
-        if len(
-            [
-                email
-                for email in emails
-                if int(email.get("role", 10)) > requesting_user.role
-            ]
-        ):
-            return Response(
-                {"error": "You cannot invite a user with higher role"},
-                status=status.HTTP_400_BAD_REQUEST,
-            )
+            if workspace_role in [5, 20] and workspace_role != email.get(
+                "role", 5
+            ):
+                return Response(
+                    {
+                        "error": "You cannot invite a user with different role than workspace role"
+                    },
+                )

        workspace = Workspace.objects.get(slug=slug)

@@ -97,7 +91,7 @@ class ProjectInvitationsViewset(BaseViewSet):
                            settings.SECRET_KEY,
                            algorithm="HS256",
                        ),
-                        role=email.get("role", 10),
+                        role=email.get("role", 5),
                        created_by=request.user,
                    )
                )
@@ -170,7 +164,7 @@ class UserProjectInvitationsViewset(BaseViewSet):
                ProjectMember(
                    project_id=project_id,
                    member=request.user,
-                    role=15 if workspace_role >= 15 else 10,
+                    role=workspace_role,
                    workspace=workspace,
                    created_by=request.user,
                )
--- a/Show More
+++ b/Show More