fix: revamped box containers

* chore: project page version

* feat: page version history implemented

* chore: hide save button when version history overlay is active

* refactor: updated navigation logic

* chore: added error states

---------

Co-authored-by: NarayanBavisetti <narayan3119@gmail.com>

ENV_SETUP.md

@@ -1,6 +1,5 @@
 # Environment Variables
 
-​
 Environment variables are distributed in various files. Please refer them carefully.
 
 ## {PROJECT_FOLDER}/.env
@@ -9,17 +8,13 @@ File is available in the project root folder​
 
 ```
 # Database Settings
-PGUSER="plane"
-PGPASSWORD="plane"
-PGHOST="plane-db"
-PGDATABASE="plane"
-DATABASE_URL=postgresql://${PGUSER}:${PGPASSWORD}@${PGHOST}/${PGDATABASE}
-​
+POSTGRES_USER="plane"
+POSTGRES_PASSWORD="plane"
+POSTGRES_DB="plane"
+PGDATA="/var/lib/postgresql/data"
 # Redis Settings
 REDIS_HOST="plane-redis"
 REDIS_PORT="6379"
-REDIS_URL="redis://${REDIS_HOST}:6379/"
-​
 # AWS Settings
 AWS_REGION=""
 AWS_ACCESS_KEY_ID="access-key"
@@ -29,63 +24,39 @@ AWS_S3_ENDPOINT_URL="http://plane-minio:9000"
 AWS_S3_BUCKET_NAME="uploads"
 # Maximum file upload limit
 FILE_SIZE_LIMIT=5242880
-​
 # GPT settings
 OPENAI_API_BASE="https://api.openai.com/v1" # deprecated
 OPENAI_API_KEY="sk-" # deprecated
 GPT_ENGINE="gpt-3.5-turbo" # deprecated
-​
+# Settings related to Docker
+DOCKERIZED=1  # deprecated
 # set to 1 If using the pre-configured minio setup
 USE_MINIO=1
-​
 # Nginx Configuration
 NGINX_PORT=80
 ```
 
-​
-
-## {PROJECT_FOLDER}/web/.env.example
-
-​
-
-```
-# Public boards deploy URL
-NEXT_PUBLIC_DEPLOY_URL="http://localhost/spaces"
-```
-
 ## {PROJECT_FOLDER}/apiserver/.env
 
-​
-
 ```
 # Backend
 # Debug value for api server use it as 0 for production use
 DEBUG=0
-​
+CORS_ALLOWED_ORIGINS="http://localhost"
 # Error logs
 SENTRY_DSN=""
-​
+SENTRY_ENVIRONMENT="development"
 # Database Settings
-PGUSER="plane"
-PGPASSWORD="plane"
-PGHOST="plane-db"
-PGDATABASE="plane"
-DATABASE_URL=postgresql://${PGUSER}:${PGPASSWORD}@${PGHOST}/${PGDATABASE}
-​
+POSTGRES_USER="plane"
+POSTGRES_PASSWORD="plane"
+POSTGRES_HOST="plane-db"
+POSTGRES_DB="plane"
+POSTGRES_PORT=5432
+DATABASE_URL=postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}
 # Redis Settings
 REDIS_HOST="plane-redis"
 REDIS_PORT="6379"
 REDIS_URL="redis://${REDIS_HOST}:6379/"
-​
-# Email Settings
-EMAIL_HOST=""
-EMAIL_HOST_USER=""
-EMAIL_HOST_PASSWORD=""
-EMAIL_PORT=587
-EMAIL_FROM="Team Plane <team@mailer.plane.so>"
-EMAIL_USE_TLS="1"
-EMAIL_USE_SSL="0"
-​
 # AWS Settings
 AWS_REGION=""
 AWS_ACCESS_KEY_ID="access-key"
@@ -95,35 +66,25 @@ AWS_S3_ENDPOINT_URL="http://plane-minio:9000"
 AWS_S3_BUCKET_NAME="uploads"
 # Maximum file upload limit
 FILE_SIZE_LIMIT=5242880
-​
-# GPT settings
-OPENAI_API_BASE="https://api.openai.com/v1" # deprecated
-OPENAI_API_KEY="sk-" # deprecated
-GPT_ENGINE="gpt-3.5-turbo" # deprecated
-​
 # Settings related to Docker
-DOCKERIZED=1  # Deprecated
-
-# Github
-GITHUB_CLIENT_SECRET="" # For fetching release notes
-​
+DOCKERIZED=1 # deprecated
 # set to 1 If using the pre-configured minio setup
 USE_MINIO=1
-​
 # Nginx Configuration
 NGINX_PORT=80
-​
-​
-# SignUps
-ENABLE_SIGNUP="1"
-​
-# Email Redirection URL
+# Email redirections and minio domain settings
 WEB_URL="http://localhost"
+# Gunicorn Workers
+GUNICORN_WORKERS=2
+# Base URLs
+ADMIN_BASE_URL=
+SPACE_BASE_URL=
+APP_BASE_URL=
+SECRET_KEY="gxoytl7dmnc1y37zahah820z5iq3iozu38cnfjtu3yaau9cd9z"
 ```
 
 ## Updates​
 
-- The environment variable NEXT_PUBLIC_API_BASE_URL has been removed from both the web and space projects.
 - The naming convention for containers and images has been updated.
 - The plane-worker image will no longer be maintained, as it has been merged with plane-backend.
 - The Tiptap pro-extension dependency has been removed, eliminating the need for Tiptap API keys.

admin/app/general/form.tsx

@@ -9,8 +9,9 @@ import { IInstance, IInstanceAdmin } from "@plane/types";
 import { Button, Input, TOAST_TYPE, ToggleSwitch, setToast } from "@plane/ui";
 // components
 import { ControllerInput } from "@/components/common";
-// hooks
 import { useInstance } from "@/hooks/store";
+import { IntercomConfig } from "./intercom";
+// hooks
 
 export interface IGeneralConfigurationForm {
   instance: IInstance;
@@ -20,11 +21,13 @@ export interface IGeneralConfigurationForm {
 export const GeneralConfigurationForm: FC<IGeneralConfigurationForm> = observer((props) => {
   const { instance, instanceAdmins } = props;
   // hooks
-  const { updateInstanceInfo } = useInstance();
+  const { instanceConfigurations, updateInstanceInfo, updateInstanceConfigurations } = useInstance();
+
   // form data
   const {
     handleSubmit,
     control,
+    watch,
     formState: { errors, isSubmitting },
   } = useForm<Partial<IInstance>>({
     defaultValues: {
@@ -36,7 +39,16 @@ export const GeneralConfigurationForm: FC<IGeneralConfigurationForm> = observer(
   const onSubmit = async (formData: Partial<IInstance>) => {
     const payload: Partial<IInstance> = { ...formData };
 
-    console.log("payload", payload);
+    // update the intercom configuration
+    const isIntercomEnabled =
+      instanceConfigurations?.find((config) => config.key === "IS_INTERCOM_ENABLED")?.value === "1";
+    if (!payload.is_telemetry_enabled && isIntercomEnabled) {
+      try {
+        await updateInstanceConfigurations({ IS_INTERCOM_ENABLED: "0" });
+      } catch (error) {
+        console.error(error);
+      }
+    }
 
     await updateInstanceInfo(payload)
       .then(() =>
@@ -74,6 +86,7 @@ export const GeneralConfigurationForm: FC<IGeneralConfigurationForm> = observer(
               value={instanceAdmins[0]?.user_detail?.email ?? ""}
               placeholder="Admin email"
               className="w-full cursor-not-allowed !text-custom-text-400"
+              autoComplete="on"
               disabled
             />
           </div>
@@ -93,7 +106,8 @@ export const GeneralConfigurationForm: FC<IGeneralConfigurationForm> = observer(
       </div>
 
       <div className="space-y-3">
-        <div className="text-lg font-medium">Telemetry</div>
+        <div className="text-lg font-medium">Chat + telemetry</div>
+        <IntercomConfig isTelemetryEnabled={watch("is_telemetry_enabled") ?? false} />
         <div className="flex items-center gap-14 px-4 py-3 border border-custom-border-200 rounded">
           <div className="grow flex items-center gap-4">
             <div className="shrink-0">

admin/app/general/intercom.tsx

@@ -0,0 +1,82 @@
+"use client";
+
+import { FC, useState } from "react";
+import { observer } from "mobx-react";
+import useSWR from "swr";
+import { MessageSquare } from "lucide-react";
+import { IFormattedInstanceConfiguration } from "@plane/types";
+import { ToggleSwitch } from "@plane/ui";
+// hooks
+import { useInstance } from "@/hooks/store";
+
+type TIntercomConfig = {
+  isTelemetryEnabled: boolean;
+};
+
+export const IntercomConfig: FC<TIntercomConfig> = observer((props) => {
+  const { isTelemetryEnabled } = props;
+  // hooks
+  const { instanceConfigurations, updateInstanceConfigurations, fetchInstanceConfigurations } = useInstance();
+  // states
+  const [isSubmitting, setIsSubmitting] = useState<boolean>(false);
+
+  // derived values
+  const isIntercomEnabled = isTelemetryEnabled
+    ? instanceConfigurations
+      ? instanceConfigurations?.find((config) => config.key === "IS_INTERCOM_ENABLED")?.value === "1"
+        ? true
+        : false
+      : undefined
+    : false;
+
+  const { isLoading } = useSWR(isTelemetryEnabled ? "INSTANCE_CONFIGURATIONS" : null, () =>
+    isTelemetryEnabled ? fetchInstanceConfigurations() : null
+  );
+
+  const initialLoader = isLoading && isIntercomEnabled === undefined;
+
+  const submitInstanceConfigurations = async (payload: Partial<IFormattedInstanceConfiguration>) => {
+    try {
+      await updateInstanceConfigurations(payload);
+    } catch (error) {
+      console.error(error);
+    } finally {
+      setIsSubmitting(false);
+    }
+  };
+
+  const enableIntercomConfig = () => {
+    submitInstanceConfigurations({ IS_INTERCOM_ENABLED: isIntercomEnabled ? "0" : "1" });
+  };
+
+  return (
+    <>
+      <div className="flex items-center gap-14 px-4 py-3 border border-custom-border-200 rounded">
+        <div className="grow flex items-center gap-4">
+          <div className="shrink-0">
+            <div className="flex items-center justify-center w-10 h-10 bg-custom-background-80 rounded-full">
+              <MessageSquare className="w-6 h-6 text-custom-text-300/80 p-0.5" />
+            </div>
+          </div>
+
+          <div className="grow">
+            <div className="text-sm font-medium text-custom-text-100 leading-5">Talk to Plane</div>
+            <div className="text-xs font-normal text-custom-text-300 leading-5">
+              Let your members chat with us via Intercom or another service. Toggling Telemetry off turns this off
+              automatically.
+            </div>
+          </div>
+
+          <div className="ml-auto">
+            <ToggleSwitch
+              value={isIntercomEnabled ? true : false}
+              onChange={enableIntercomConfig}
+              size="sm"
+              disabled={!isTelemetryEnabled || isSubmitting || initialLoader}
+            />
+          </div>
+        </div>
+      </div>
+    </>
+  );
+});

admin/app/general/page.tsx

@@ -7,7 +7,7 @@ import { GeneralConfigurationForm } from "./form";
 
 function GeneralPage() {
   const { instance, instanceAdmins } = useInstance();
-  console.log("instance", instance);
+
   return (
     <>
       <div className="relative container mx-auto w-full h-full p-4 py-4 space-y-6 flex flex-col">

admin/core/components/admin-sidebar/help-section.tsx

@@ -96,7 +96,7 @@ export const HelpSection: FC = observer(() => {
           leaveTo="transform opacity-0 scale-95"
         >
           <div
-            className={`absolute bottom-2 min-w-[10rem] ${
+            className={`absolute bottom-2 min-w-[10rem] z-[15] ${
               isSidebarCollapsed ? "left-full" : "-left-[75px]"
             } divide-y divide-custom-border-200 whitespace-nowrap rounded bg-custom-background-100 p-1 shadow-custom-shadow-xs`}
             ref={helpOptionsRef}

admin/core/components/authentication/auth-banner.tsx

@@ -0,0 +1,29 @@
+import { FC } from "react";
+import { Info, X } from "lucide-react";
+// helpers
+import { TAuthErrorInfo } from "@/helpers/authentication.helper";
+
+type TAuthBanner = {
+  bannerData: TAuthErrorInfo | undefined;
+  handleBannerData?: (bannerData: TAuthErrorInfo | undefined) => void;
+};
+
+export const AuthBanner: FC<TAuthBanner> = (props) => {
+  const { bannerData, handleBannerData } = props;
+
+  if (!bannerData) return <></>;
+  return (
+    <div className="relative flex items-center p-2 rounded-md gap-2 border border-custom-primary-100/50 bg-custom-primary-100/10">
+      <div className="w-4 h-4 flex-shrink-0 relative flex justify-center items-center">
+        <Info size={16} className="text-custom-primary-100" />
+      </div>
+      <div className="w-full text-sm font-medium text-custom-primary-100">{bannerData?.message}</div>
+      <div
+        className="relative ml-auto w-6 h-6 rounded-sm flex justify-center items-center transition-all cursor-pointer hover:bg-custom-primary-100/20 text-custom-primary-100/80"
+        onClick={() => handleBannerData && handleBannerData(undefined)}
+      >
+        <X className="w-4 h-4 flex-shrink-0" />
+      </div>
+    </div>
+  );
+};

admin/core/components/authentication/index.ts

@@ -1,3 +1,4 @@
+export * from "./auth-banner";
 export * from "./email-config-switch";
 export * from "./password-config-switch";
 export * from "./authentication-method-card";

admin/core/components/instance/setup-form.tsx

@@ -174,6 +174,7 @@ export const InstanceSetupForm: FC = (props) => {
                 placeholder="Wilber"
                 value={formData.first_name}
                 onChange={(e) => handleFormChange("first_name", e.target.value)}
+                autoComplete="on"
                 autoFocus
               />
             </div>
@@ -190,6 +191,7 @@ export const InstanceSetupForm: FC = (props) => {
                 placeholder="Wright"
                 value={formData.last_name}
                 onChange={(e) => handleFormChange("last_name", e.target.value)}
+                autoComplete="on"
               />
             </div>
           </div>
@@ -208,6 +210,7 @@ export const InstanceSetupForm: FC = (props) => {
               value={formData.email}
               onChange={(e) => handleFormChange("email", e.target.value)}
               hasError={errorData.type && errorData.type === EErrorCodes.INVALID_EMAIL ? true : false}
+              autoComplete="on"
             />
             {errorData.type && errorData.type === EErrorCodes.INVALID_EMAIL && errorData.message && (
               <p className="px-1 text-xs text-red-500">{errorData.message}</p>
@@ -247,6 +250,7 @@ export const InstanceSetupForm: FC = (props) => {
                 hasError={errorData.type && errorData.type === EErrorCodes.INVALID_PASSWORD ? true : false}
                 onFocus={() => setIsPasswordInputFocused(true)}
                 onBlur={() => setIsPasswordInputFocused(false)}
+                autoComplete="on"
               />
               {showPassword.password ? (
                 <button

admin/core/components/login/sign-in-form.tsx

@@ -8,8 +8,16 @@ import { Button, Input, Spinner } from "@plane/ui";
 // components
 import { Banner } from "@/components/common";
 // helpers
+import {
+  authErrorHandler,
+  EAuthenticationErrorCodes,
+  EErrorAlertType,
+  TAuthErrorInfo,
+} from "@/helpers/authentication.helper";
+
 import { API_BASE_URL } from "@/helpers/common.helper";
 import { AuthService } from "@/services/auth.service";
+import { AuthBanner } from "../authentication";
 // ui
 // icons
 
@@ -53,12 +61,11 @@ export const InstanceSignInForm: FC = (props) => {
   const [csrfToken, setCsrfToken] = useState<string | undefined>(undefined);
   const [formData, setFormData] = useState<TFormData>(defaultFromData);
   const [isSubmitting, setIsSubmitting] = useState(false);
+  const [errorInfo, setErrorInfo] = useState<TAuthErrorInfo | undefined>(undefined);
 
   const handleFormChange = (key: keyof TFormData, value: string | boolean) =>
     setFormData((prev) => ({ ...prev, [key]: value }));
 
-  console.log("csrfToken", csrfToken);
-
   useEffect(() => {
     if (csrfToken === undefined)
       authService.requestCSRFToken().then((data) => data?.csrf_token && setCsrfToken(data.csrf_token));
@@ -93,6 +100,15 @@ export const InstanceSignInForm: FC = (props) => {
     [formData.email, formData.password, isSubmitting]
   );
 
+  useEffect(() => {
+    if (errorCode) {
+      const errorDetail = authErrorHandler(errorCode?.toString() as EAuthenticationErrorCodes);
+      if (errorDetail) {
+        setErrorInfo(errorDetail);
+      }
+    }
+  }, [errorCode]);
+
   return (
     <div className="flex-grow container mx-auto max-w-lg px-10 lg:max-w-md lg:px-5 py-10 lg:pt-28 transition-all">
       <div className="relative flex flex-col space-y-6">
@@ -105,7 +121,11 @@ export const InstanceSignInForm: FC = (props) => {
           </p>
         </div>
 
-        {errorData.type && errorData?.message && <Banner type="error" message={errorData?.message} />}
+        {errorData.type && errorData?.message ? (
+          <Banner type="error" message={errorData?.message} />
+        ) : (
+          <>{errorInfo && <AuthBanner bannerData={errorInfo} handleBannerData={(value) => setErrorInfo(value)} />}</>
+        )}
 
         <form
           className="space-y-4"
@@ -129,6 +149,7 @@ export const InstanceSignInForm: FC = (props) => {
               placeholder="name@company.com"
               value={formData.email}
               onChange={(e) => handleFormChange("email", e.target.value)}
+              autoComplete="on"
               autoFocus
             />
           </div>
@@ -147,6 +168,7 @@ export const InstanceSignInForm: FC = (props) => {
                 placeholder="Enter your password"
                 value={formData.password}
                 onChange={(e) => handleFormChange("password", e.target.value)}
+                autoComplete="on"
               />
               {showPassword ? (
                 <button

admin/package.json

@@ -14,10 +14,11 @@
     "@headlessui/react": "^1.7.19",
     "@plane/types": "*",
     "@plane/ui": "*",
+    "@plane/constants": "*",
     "@tailwindcss/typography": "^0.5.9",
     "@types/lodash": "^4.17.0",
     "autoprefixer": "10.4.14",
-    "axios": "^1.6.7",
+    "axios": "^1.7.4",
     "js-cookie": "^3.0.5",
     "lodash": "^4.17.21",
     "lucide-react": "^0.356.0",
@@ -46,4 +47,4 @@
     "tsconfig": "*",
     "typescript": "^5.4.2"
   }
-}
+}

apiserver/.env.example

@@ -50,3 +50,6 @@ GUNICORN_WORKERS=2
 ADMIN_BASE_URL=
 SPACE_BASE_URL=
 APP_BASE_URL=
+
+# Hard delete files after days
+HARD_DELETE_AFTER_DAYS=60

apiserver/Dockerfile.api

@@ -1,4 +1,4 @@
-FROM python:3.11.1-alpine3.17 AS backend
+FROM python:3.12.5-alpine AS backend
 
 # set environment variables
 ENV PYTHONDONTWRITEBYTECODE 1
@@ -7,23 +7,23 @@ ENV PIP_DISABLE_PIP_VERSION_CHECK=1
 
 WORKDIR /code
 
-RUN apk --no-cache add \
-    "libpq~=15" \
-    "libxslt~=1.1" \
-    "nodejs-current~=19" \
-    "xmlsec~=1.2"
+RUN apk add --no-cache \
+    "libpq" \
+    "libxslt" \
+    "nodejs-current" \
+    "xmlsec"
 
 COPY requirements.txt ./
 COPY requirements ./requirements
 RUN apk add --no-cache libffi-dev
 RUN apk add --no-cache --virtual .build-deps \
     "bash~=5.2" \
-    "g++~=12.2" \
-    "gcc~=12.2" \
-    "cargo~=1.64" \
-    "git~=2" \
-    "make~=4.3" \
-    "postgresql13-dev~=13" \
+    "g++" \
+    "gcc" \
+    "cargo" \
+    "git" \
+    "make" \
+    "postgresql-dev" \
     "libc-dev" \
     "linux-headers" \
     && \

apiserver/Dockerfile.dev

@@ -1,4 +1,4 @@
-FROM python:3.11.1-alpine3.17 AS backend
+FROM python:3.12.5-alpine AS backend
 
 # set environment variables
 ENV PYTHONDONTWRITEBYTECODE 1
@@ -7,18 +7,18 @@ ENV PIP_DISABLE_PIP_VERSION_CHECK=1
 
 RUN apk --no-cache add \
     "bash~=5.2" \
-    "libpq~=15" \
-    "libxslt~=1.1" \
-    "nodejs-current~=19" \
-    "xmlsec~=1.2" \
+    "libpq" \
+    "libxslt" \
+    "nodejs-current" \
+    "xmlsec" \
     "libffi-dev" \
     "bash~=5.2" \
-    "g++~=12.2" \
-    "gcc~=12.2" \
-    "cargo~=1.64" \
-    "git~=2" \
-    "make~=4.3" \
-    "postgresql13-dev~=13" \
+    "g++" \
+    "gcc" \
+    "cargo" \
+    "git" \
+    "make" \
+    "postgresql-dev" \
     "libc-dev" \
     "linux-headers"
 

apiserver/bin/docker-entrypoint-api-local.sh

@@ -32,4 +32,3 @@ python manage.py create_bucket
 python manage.py clear_cache
 
 python manage.py runserver 0.0.0.0:8000 --settings=plane.settings.local
-

apiserver/plane/api/rate_limit.py

@@ -40,3 +40,44 @@ class ApiKeyRateThrottle(SimpleRateThrottle):
             request.META["X-RateLimit-Reset"] = reset_time
 
         return allowed
+
+
+class ServiceTokenRateThrottle(SimpleRateThrottle):
+    scope = "service_token"
+    rate = "300/minute"
+
+    def get_cache_key(self, request, view):
+        # Retrieve the API key from the request header
+        api_key = request.headers.get("X-Api-Key")
+        if not api_key:
+            return None  # Allow the request if there's no API key
+
+        # Use the API key as part of the cache key
+        return f"{self.scope}:{api_key}"
+
+    def allow_request(self, request, view):
+        allowed = super().allow_request(request, view)
+
+        if allowed:
+            now = self.timer()
+            # Calculate the remaining limit and reset time
+            history = self.cache.get(self.key, [])
+
+            # Remove old histories
+            while history and history[-1] <= now - self.duration:
+                history.pop()
+
+            # Calculate the requests
+            num_requests = len(history)
+
+            # Check available requests
+            available = self.num_requests - num_requests
+
+            # Unix timestamp for when the rate limit will reset
+            reset_time = int(now + self.duration)
+
+            # Add headers
+            request.META["X-RateLimit-Remaining"] = max(0, available)
+            request.META["X-RateLimit-Reset"] = reset_time
+
+        return allowed

apiserver/plane/api/serializers/cycle.py

@@ -40,6 +40,7 @@ class CycleSerializer(BaseSerializer):
             "workspace",
             "project",
             "owned_by",
+            "deleted_at",
         ]
 
 

apiserver/plane/api/serializers/issue.py

@@ -11,6 +11,7 @@ from rest_framework import serializers
 # Module imports
 from plane.db.models import (
     Issue,
+    IssueType,
     IssueActivity,
     IssueAssignee,
     IssueAttachment,
@@ -46,6 +47,12 @@ class IssueSerializer(BaseSerializer):
         write_only=True,
         required=False,
     )
+    type_id = serializers.PrimaryKeyRelatedField(
+        source="type",
+        queryset=IssueType.objects.all(),
+        required=False,
+        allow_null=True,
+    )
 
     class Meta:
         model = Issue
@@ -53,9 +60,7 @@ class IssueSerializer(BaseSerializer):
             "id",
             "workspace",
             "project",
-            "created_by",
             "updated_by",
-            "created_at",
             "updated_at",
         ]
         exclude = [
@@ -131,7 +136,20 @@ class IssueSerializer(BaseSerializer):
         workspace_id = self.context["workspace_id"]
         default_assignee_id = self.context["default_assignee_id"]
 
-        issue = Issue.objects.create(**validated_data, project_id=project_id)
+        issue_type = validated_data.pop("type", None)
+
+        if not issue_type:
+            # Get default issue type
+            issue_type = IssueType.objects.filter(
+                project_issue_types__project_id=project_id, is_default=True
+            ).first()
+            issue_type = issue_type
+
+        issue = Issue.objects.create(
+            **validated_data,
+            project_id=project_id,
+            type=issue_type,
+        )
 
         # Issue Audit Users
         created_by_id = issue.created_by_id
@@ -268,6 +286,7 @@ class LabelSerializer(BaseSerializer):
             "updated_by",
             "created_at",
             "updated_at",
+            "deleted_at",
         ]
 
 
@@ -312,10 +331,14 @@ class IssueLinkSerializer(BaseSerializer):
         return IssueLink.objects.create(**validated_data)
 
     def update(self, instance, validated_data):
-        if IssueLink.objects.filter(
-            url=validated_data.get("url"),
-            issue_id=instance.issue_id,
-        ).exclude(pk=instance.id).exists():
+        if (
+            IssueLink.objects.filter(
+                url=validated_data.get("url"),
+                issue_id=instance.issue_id,
+            )
+            .exclude(pk=instance.id)
+            .exists()
+        ):
             raise serializers.ValidationError(
                 {"error": "URL already exists for this Issue"}
             )
@@ -332,9 +355,7 @@ class IssueAttachmentSerializer(BaseSerializer):
             "workspace",
             "project",
             "issue",
-            "created_by",
             "updated_by",
-            "created_at",
             "updated_at",
         ]
 

apiserver/plane/api/serializers/module.py

@@ -39,6 +39,7 @@ class ModuleSerializer(BaseSerializer):
             "updated_by",
             "created_at",
             "updated_at",
+            "deleted_at",
         ]
 
     def to_representation(self, instance):

apiserver/plane/api/serializers/project.py

@@ -31,6 +31,7 @@ class ProjectSerializer(BaseSerializer):
             "updated_at",
             "created_by",
             "updated_by",
+            "deleted_at",
         ]
 
     def validate(self, data):

apiserver/plane/api/serializers/state.py

@@ -23,6 +23,7 @@ class StateSerializer(BaseSerializer):
             "updated_at",
             "workspace",
             "project",
+            "deleted_at",
         ]
 
 

apiserver/plane/api/urls/__init__.py

@@ -4,6 +4,7 @@ from .issue import urlpatterns as issue_patterns
 from .cycle import urlpatterns as cycle_patterns
 from .module import urlpatterns as module_patterns
 from .inbox import urlpatterns as inbox_patterns
+from .member import urlpatterns as member_patterns
 
 urlpatterns = [
     *project_patterns,
@@ -12,4 +13,5 @@ urlpatterns = [
     *cycle_patterns,
     *module_patterns,
     *inbox_patterns,
+    *member_patterns,
 ]

apiserver/plane/api/urls/issue.py

@@ -7,6 +7,7 @@ from plane.api.views import (
     IssueCommentAPIEndpoint,
     IssueActivityAPIEndpoint,
     WorkspaceIssueAPIEndpoint,
+    IssueAttachmentEndpoint,
 )
 
 urlpatterns = [
@@ -65,4 +66,9 @@ urlpatterns = [
         IssueActivityAPIEndpoint.as_view(),
         name="activity",
     ),
+    path(
+        "workspaces/<str:slug>/projects/<uuid:project_id>/issues/<uuid:issue_id>/issue-attachments/",
+        IssueAttachmentEndpoint.as_view(),
+        name="attachment",
+    ),
 ]

apiserver/plane/api/urls/member.py

@@ -0,0 +1,13 @@
+from django.urls import path
+
+from plane.api.views import (
+    ProjectMemberAPIEndpoint,
+)
+
+urlpatterns = [
+    path(
+        "workspaces/<str:slug>/projects/<str:project_id>/members/",
+        ProjectMemberAPIEndpoint.as_view(),
+        name="users",
+    ),
+]

apiserver/plane/api/views/__init__.py

@@ -9,6 +9,7 @@ from .issue import (
     IssueLinkAPIEndpoint,
     IssueCommentAPIEndpoint,
     IssueActivityAPIEndpoint,
+    IssueAttachmentEndpoint,
 )
 
 from .cycle import (
@@ -24,4 +25,7 @@ from .module import (
     ModuleArchiveUnarchiveAPIEndpoint,
 )
 
+from .member import ProjectMemberAPIEndpoint
+
 from .inbox import InboxIssueAPIEndpoint
+

apiserver/plane/api/views/base.py

@@ -7,6 +7,7 @@ from django.core.exceptions import ObjectDoesNotExist, ValidationError
 from django.db import IntegrityError
 from django.urls import resolve
 from django.utils import timezone
+from plane.db.models.api import APIToken
 from rest_framework import status
 from rest_framework.permissions import IsAuthenticated
 from rest_framework.response import Response
@@ -16,7 +17,7 @@ from rest_framework.views import APIView
 
 # Module imports
 from plane.api.middleware.api_authentication import APIKeyAuthentication
-from plane.api.rate_limit import ApiKeyRateThrottle
+from plane.api.rate_limit import ApiKeyRateThrottle, ServiceTokenRateThrottle
 from plane.utils.exception_logger import log_exception
 from plane.utils.paginator import BasePaginator
 
@@ -44,15 +45,29 @@ class BaseAPIView(TimezoneMixin, APIView, BasePaginator):
         IsAuthenticated,
     ]
 
-    throttle_classes = [
-        ApiKeyRateThrottle,
-    ]
-
     def filter_queryset(self, queryset):
         for backend in list(self.filter_backends):
             queryset = backend().filter_queryset(self.request, queryset, self)
         return queryset
 
+    def get_throttles(self):
+        throttle_classes = []
+        api_key = self.request.headers.get("X-Api-Key")
+
+        if api_key:
+            service_token = APIToken.objects.filter(
+                token=api_key,
+                is_service=True,
+            ).first()
+
+            if service_token:
+                throttle_classes.append(ServiceTokenRateThrottle())
+                return throttle_classes
+
+        throttle_classes.append(ApiKeyRateThrottle())
+
+        return throttle_classes
+
     def handle_exception(self, exc):
         """
         Handle any exception that occurs, by returning an appropriate response,
@@ -152,4 +167,4 @@ class BaseAPIView(TimezoneMixin, APIView, BasePaginator):
             for expand in self.request.GET.get("expand", "").split(",")
             if expand
         ]
-        return expand if expand else None
+        return expand if expand else None

apiserver/plane/api/views/cycle.py

@@ -26,7 +26,7 @@ from plane.api.serializers import (
     CycleSerializer,
 )
 from plane.app.permissions import ProjectEntityPermission
-from plane.bgtasks.issue_activites_task import issue_activity
+from plane.bgtasks.issue_activities_task import issue_activity
 from plane.db.models import (
     Cycle,
     CycleIssue,
@@ -34,6 +34,8 @@ from plane.db.models import (
     Project,
     IssueAttachment,
     IssueLink,
+    ProjectMember,
+    UserFavorite,
 )
 from plane.utils.analytics_plot import burndown_plot
 
@@ -363,14 +365,28 @@ class CycleAPIEndpoint(BaseAPIView):
         return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
 
     def delete(self, request, slug, project_id, pk):
+        cycle = Cycle.objects.get(
+            workspace__slug=slug, project_id=project_id, pk=pk
+        )
+        if cycle.owned_by_id != request.user.id and (
+            not ProjectMember.objects.filter(
+                workspace__slug=slug,
+                member=request.user,
+                role=20,
+                project_id=project_id,
+                is_active=True,
+            ).exists()
+        ):
+            return Response(
+                {"error": "Only admin or creator can delete the cycle"},
+                status=status.HTTP_403_FORBIDDEN,
+            )
+
         cycle_issues = list(
             CycleIssue.objects.filter(
                 cycle_id=self.kwargs.get("pk")
             ).values_list("issue", flat=True)
         )
-        cycle = Cycle.objects.get(
-            workspace__slug=slug, project_id=project_id, pk=pk
-        )
 
         issue_activity.delay(
             type="cycle.activity.deleted",
@@ -389,11 +405,20 @@ class CycleAPIEndpoint(BaseAPIView):
         )
         # Delete the cycle
         cycle.delete()
+        # Delete the cycle issues
+        CycleIssue.objects.filter(
+            cycle_id=self.kwargs.get("pk"),
+        ).delete()
+        # Delete the user favorite cycle
+        UserFavorite.objects.filter(
+            entity_type="cycle",
+            entity_identifier=pk,
+            project_id=project_id,
+        ).delete()
         return Response(status=status.HTTP_204_NO_CONTENT)
 
 
 class CycleArchiveUnarchiveAPIEndpoint(BaseAPIView):
-
     permission_classes = [
         ProjectEntityPermission,
     ]
@@ -519,6 +544,12 @@ class CycleArchiveUnarchiveAPIEndpoint(BaseAPIView):
             )
         cycle.archived_at = timezone.now()
         cycle.save()
+        UserFavorite.objects.filter(
+            entity_type="cycle",
+            entity_identifier=cycle_id,
+            project_id=project_id,
+            workspace__slug=slug,
+        ).delete()
         return Response(status=status.HTTP_204_NO_CONTENT)
 
     def delete(self, request, slug, project_id, cycle_id):
@@ -647,72 +678,63 @@ class CycleIssueAPIEndpoint(BaseAPIView):
             workspace__slug=slug, project_id=project_id, pk=cycle_id
         )
 
-        if (
-            cycle.end_date is not None
-            and cycle.end_date < timezone.now().date()
-        ):
-            return Response(
+        # Get all CycleIssues already created
+        cycle_issues = list(
+            CycleIssue.objects.filter(
+                ~Q(cycle_id=cycle_id), issue_id__in=issues
+            )
+        )
+
+        existing_issues = [
+            str(cycle_issue.issue_id)
+            for cycle_issue in cycle_issues
+            if str(cycle_issue.issue_id) in issues
+        ]
+        new_issues = list(set(issues) - set(existing_issues))
+
+        # New issues to create
+        created_records = CycleIssue.objects.bulk_create(
+            [
+                CycleIssue(
+                    project_id=project_id,
+                    workspace_id=cycle.workspace_id,
+                    cycle_id=cycle_id,
+                    issue_id=issue,
+                )
+                for issue in new_issues
+            ],
+            ignore_conflicts=True,
+            batch_size=10,
+        )
+
+        # Updated Issues
+        updated_records = []
+        update_cycle_issue_activity = []
+        # Iterate over each cycle_issue in cycle_issues
+        for cycle_issue in cycle_issues:
+            old_cycle_id = cycle_issue.cycle_id
+            # Update the cycle_issue's cycle_id
+            cycle_issue.cycle_id = cycle_id
+            # Add the modified cycle_issue to the records_to_update list
+            updated_records.append(cycle_issue)
+            # Record the update activity
+            update_cycle_issue_activity.append(
                 {
-                    "error": "The Cycle has already been completed so no new issues can be added"
-                },
-                status=status.HTTP_400_BAD_REQUEST,
+                    "old_cycle_id": str(old_cycle_id),
+                    "new_cycle_id": str(cycle_id),
+                    "issue_id": str(cycle_issue.issue_id),
+                }
             )
 
-        issues = Issue.objects.filter(
-            pk__in=issues, workspace__slug=slug, project_id=project_id
-        ).values_list("id", flat=True)
-
-        # Get all CycleIssues already created
-        cycle_issues = list(CycleIssue.objects.filter(issue_id__in=issues))
-        update_cycle_issue_activity = []
-        record_to_create = []
-        records_to_update = []
-
-        for issue in issues:
-            cycle_issue = [
-                cycle_issue
-                for cycle_issue in cycle_issues
-                if str(cycle_issue.issue_id) in issues
-            ]
-            # Update only when cycle changes
-            if len(cycle_issue):
-                if cycle_issue[0].cycle_id != cycle_id:
-                    update_cycle_issue_activity.append(
-                        {
-                            "old_cycle_id": str(cycle_issue[0].cycle_id),
-                            "new_cycle_id": str(cycle_id),
-                            "issue_id": str(cycle_issue[0].issue_id),
-                        }
-                    )
-                    cycle_issue[0].cycle_id = cycle_id
-                    records_to_update.append(cycle_issue[0])
-            else:
-                record_to_create.append(
-                    CycleIssue(
-                        project_id=project_id,
-                        workspace=cycle.workspace,
-                        created_by=request.user,
-                        updated_by=request.user,
-                        cycle=cycle,
-                        issue_id=issue,
-                    )
-                )
-
-        CycleIssue.objects.bulk_create(
-            record_to_create,
-            batch_size=10,
-            ignore_conflicts=True,
-        )
+        # Update the cycle issues
         CycleIssue.objects.bulk_update(
-            records_to_update,
-            ["cycle"],
-            batch_size=10,
+            updated_records, ["cycle_id"], batch_size=100
         )
 
         # Capture Issue Activity
         issue_activity.delay(
             type="cycle.activity.created",
-            requested_data=json.dumps({"cycles_list": str(issues)}),
+            requested_data=json.dumps({"cycles_list": issues}),
             actor_id=str(self.request.user.id),
             issue_id=None,
             project_id=str(self.kwargs.get("project_id", None)),
@@ -720,13 +742,14 @@ class CycleIssueAPIEndpoint(BaseAPIView):
                 {
                     "updated_cycle_issues": update_cycle_issue_activity,
                     "created_cycle_issues": serializers.serialize(
-                        "json", record_to_create
+                        "json", created_records
                     ),
                 }
             ),
             epoch=int(timezone.now().timestamp()),
+            notification=True,
+            origin=request.META.get("HTTP_ORIGIN"),
         )
-
         # Return all Cycle Issues
         return Response(
             CycleIssueSerializer(self.get_queryset(), many=True).data,

apiserver/plane/api/views/inbox.py

@@ -3,8 +3,11 @@ import json
 
 # Django improts
 from django.core.serializers.json import DjangoJSONEncoder
-from django.db.models import Q
 from django.utils import timezone
+from django.db.models import Q, Value, UUIDField
+from django.db.models.functions import Coalesce
+from django.contrib.postgres.aggregates import ArrayAgg
+from django.contrib.postgres.fields import ArrayField
 
 # Third party imports
 from rest_framework import status
@@ -13,7 +16,7 @@ from rest_framework.response import Response
 # Module imports
 from plane.api.serializers import InboxIssueSerializer, IssueSerializer
 from plane.app.permissions import ProjectLitePermission
-from plane.bgtasks.issue_activites_task import issue_activity
+from plane.bgtasks.issue_activities_task import issue_activity
 from plane.db.models import (
     Inbox,
     InboxIssue,
@@ -224,8 +227,27 @@ class InboxIssueAPIEndpoint(BaseAPIView):
         issue_data = request.data.pop("issue", False)
 
         if bool(issue_data):
-            issue = Issue.objects.get(
-                pk=issue_id, workspace__slug=slug, project_id=project_id
+            issue = Issue.objects.annotate(
+                label_ids=Coalesce(
+                    ArrayAgg(
+                        "labels__id",
+                        distinct=True,
+                        filter=~Q(labels__id__isnull=True),
+                    ),
+                    Value([], output_field=ArrayField(UUIDField())),
+                ),
+                assignee_ids=Coalesce(
+                    ArrayAgg(
+                        "assignees__id",
+                        distinct=True,
+                        filter=~Q(assignees__id__isnull=True),
+                    ),
+                    Value([], output_field=ArrayField(UUIDField())),
+                ),
+            ).get(
+                pk=issue_id,
+                workspace__slug=slug,
+                project_id=project_id,
             )
             # Only allow guests and viewers to edit name and description
             if project_member.role <= 10:
@@ -368,29 +390,26 @@ class InboxIssueAPIEndpoint(BaseAPIView):
             inbox_id=inbox.id,
         )
 
-        # Get the project member
-        project_member = ProjectMember.objects.get(
-            workspace__slug=slug,
-            project_id=project_id,
-            member=request.user,
-            is_active=True,
-        )
-
-        # Check the inbox issue created
-        if project_member.role <= 10 and str(inbox_issue.created_by_id) != str(
-            request.user.id
-        ):
-            return Response(
-                {"error": "You cannot delete inbox issue"},
-                status=status.HTTP_400_BAD_REQUEST,
-            )
-
         # Check the issue status
         if inbox_issue.status in [-2, -1, 0, 2]:
             # Delete the issue also
-            Issue.objects.filter(
+            issue = Issue.objects.filter(
                 workspace__slug=slug, project_id=project_id, pk=issue_id
-            ).delete()
+            ).first()
+            if issue.created_by_id != request.user.id and (
+                not ProjectMember.objects.filter(
+                    workspace__slug=slug,
+                    member=request.user,
+                    role=20,
+                    project_id=project_id,
+                    is_active=True,
+                ).exists()
+            ):
+                return Response(
+                    {"error": "Only admin or creator can delete the issue"},
+                    status=status.HTTP_403_FORBIDDEN,
+                )
+            issue.delete()
 
         inbox_issue.delete()
         return Response(status=status.HTTP_204_NO_CONTENT)

apiserver/plane/api/views/issue.py

@@ -22,9 +22,11 @@ from django.utils import timezone
 # Third party imports
 from rest_framework import status
 from rest_framework.response import Response
+from rest_framework.parsers import MultiPartParser, FormParser
 
 # Module imports
 from plane.api.serializers import (
+    IssueAttachmentSerializer,
     IssueActivitySerializer,
     IssueCommentSerializer,
     IssueLinkSerializer,
@@ -36,7 +38,7 @@ from plane.app.permissions import (
     ProjectLitePermission,
     ProjectMemberPermission,
 )
-from plane.bgtasks.issue_activites_task import issue_activity
+from plane.bgtasks.issue_activities_task import issue_activity
 from plane.db.models import (
     Issue,
     IssueActivity,
@@ -149,6 +151,25 @@ class IssueAPIEndpoint(BaseAPIView):
         ).distinct()
 
     def get(self, request, slug, project_id, pk=None):
+        external_id = request.GET.get("external_id")
+        external_source = request.GET.get("external_source")
+
+        if external_id and external_source:
+            issue = Issue.objects.get(
+                external_id=external_id,
+                external_source=external_source,
+                workspace__slug=slug,
+                project_id=project_id,
+            )
+            return Response(
+                IssueSerializer(
+                    issue,
+                    fields=self.fields,
+                    expand=self.expand,
+                ).data,
+                status=status.HTTP_200_OK,
+            )
+
         if pk:
             issue = Issue.issue_objects.annotate(
                 sub_issues_count=Issue.issue_objects.filter(
@@ -307,6 +328,17 @@ class IssueAPIEndpoint(BaseAPIView):
                 )
 
             serializer.save()
+            # Refetch the issue
+            issue = Issue.objects.filter(
+                workspace__slug=slug,
+                project_id=project_id,
+                pk=serializer.data["id"],
+            ).first()
+            issue.created_at = request.data.get("created_at", timezone.now())
+            issue.created_by_id = request.data.get(
+                "created_by", request.user.id
+            )
+            issue.save(update_fields=["created_at", "created_by"])
 
             # Track the issue
             issue_activity.delay(
@@ -323,6 +355,124 @@ class IssueAPIEndpoint(BaseAPIView):
             return Response(serializer.data, status=status.HTTP_201_CREATED)
         return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
 
+    def put(self, request, slug, project_id):
+        # Get the entities required for putting the issue, external_id and
+        # external_source are must to identify the issue here
+        project = Project.objects.get(pk=project_id)
+        external_id = request.data.get("external_id")
+        external_source = request.data.get("external_source")
+
+        # If the external_id and source are present, we need to find the exact
+        # issue that needs to be updated with the provided external_id and
+        # external_source
+        if external_id and external_source:
+            try:
+                issue = Issue.objects.get(
+                    project_id=project_id,
+                    workspace__slug=slug,
+                    external_id=external_id,
+                    external_source=external_source,
+                )
+
+                # Get the current instance of the issue in order to track
+                # changes and dispatch the issue activity
+                current_instance = json.dumps(
+                    IssueSerializer(issue).data, cls=DjangoJSONEncoder
+                )
+
+                # Get the requested data, encode it as django object and pass it
+                # to serializer to validation
+                requested_data = json.dumps(
+                    self.request.data, cls=DjangoJSONEncoder
+                )
+                serializer = IssueSerializer(
+                    issue,
+                    data=request.data,
+                    context={
+                        "project_id": project_id,
+                        "workspace_id": project.workspace_id,
+                    },
+                    partial=True,
+                )
+                if serializer.is_valid():
+                    # If the serializer is valid, save the issue and dispatch
+                    # the update issue activity worker event.
+                    serializer.save()
+                    issue_activity.delay(
+                        type="issue.activity.updated",
+                        requested_data=requested_data,
+                        actor_id=str(request.user.id),
+                        issue_id=str(issue.id),
+                        project_id=str(project_id),
+                        current_instance=current_instance,
+                        epoch=int(timezone.now().timestamp()),
+                    )
+                    return Response(serializer.data, status=status.HTTP_200_OK)
+                return Response(
+                    # If the serializer is not valid, respond with 400 bad
+                    # request
+                    serializer.errors,
+                    status=status.HTTP_400_BAD_REQUEST,
+                )
+            except Issue.DoesNotExist:
+                # If the issue does not exist, a new record needs to be created
+                # for the requested data.
+                # Serialize the data with the context of the project and
+                # workspace
+                serializer = IssueSerializer(
+                    data=request.data,
+                    context={
+                        "project_id": project_id,
+                        "workspace_id": project.workspace_id,
+                        "default_assignee_id": project.default_assignee_id,
+                    },
+                )
+
+                # If the serializer is valid, save the issue and dispatch the
+                # issue activity worker event as created
+                if serializer.is_valid():
+                    serializer.save()
+                    # Refetch the issue
+                    issue = Issue.objects.filter(
+                        workspace__slug=slug,
+                        project_id=project_id,
+                        pk=serializer.data["id"],
+                    ).first()
+
+                    # If any of the created_at or created_by is present, update
+                    # the issue with the provided data, else return with the
+                    # default states given.
+                    issue.created_at = request.data.get(
+                        "created_at", timezone.now()
+                    )
+                    issue.created_by_id = request.data.get(
+                        "created_by", request.user.id
+                    )
+                    issue.save(update_fields=["created_at", "created_by"])
+
+                    issue_activity.delay(
+                        type="issue.activity.created",
+                        requested_data=json.dumps(
+                            self.request.data, cls=DjangoJSONEncoder
+                        ),
+                        actor_id=str(request.user.id),
+                        issue_id=str(serializer.data.get("id", None)),
+                        project_id=str(project_id),
+                        current_instance=None,
+                        epoch=int(timezone.now().timestamp()),
+                    )
+                    return Response(
+                        serializer.data, status=status.HTTP_201_CREATED
+                    )
+                return Response(
+                    serializer.errors, status=status.HTTP_400_BAD_REQUEST
+                )
+        else:
+            return Response(
+                {"error": "external_id and external_source are required"},
+                status=status.HTTP_400_BAD_REQUEST,
+            )
+
     def patch(self, request, slug, project_id, pk=None):
         issue = Issue.objects.get(
             workspace__slug=slug, project_id=project_id, pk=pk
@@ -379,6 +529,19 @@ class IssueAPIEndpoint(BaseAPIView):
         issue = Issue.objects.get(
             workspace__slug=slug, project_id=project_id, pk=pk
         )
+        if issue.created_by_id != request.user.id and (
+            not ProjectMember.objects.filter(
+                workspace__slug=slug,
+                member=request.user,
+                role=20,
+                project_id=project_id,
+                is_active=True,
+            ).exists()
+        ):
+            return Response(
+                {"error": "Only admin or creator can delete the issue"},
+                status=status.HTTP_403_FORBIDDEN,
+            )
         current_instance = json.dumps(
             IssueSerializer(issue).data, cls=DjangoJSONEncoder
         )
@@ -587,14 +750,20 @@ class IssueLinkAPIEndpoint(BaseAPIView):
                 project_id=project_id,
                 issue_id=issue_id,
             )
+
+            link = IssueLink.objects.get(pk=serializer.data["id"])
+            link.created_by_id = request.data.get(
+                "created_by", request.user.id
+            )
+            link.save(update_fields=["created_by"])
             issue_activity.delay(
                 type="link.activity.created",
                 requested_data=json.dumps(
                     serializer.data, cls=DjangoJSONEncoder
                 ),
-                actor_id=str(self.request.user.id),
                 issue_id=str(self.kwargs.get("issue_id")),
                 project_id=str(self.kwargs.get("project_id")),
+                actor_id=str(link.created_by_id),
                 current_instance=None,
                 epoch=int(timezone.now().timestamp()),
             )
@@ -748,12 +917,24 @@ class IssueCommentAPIEndpoint(BaseAPIView):
                 issue_id=issue_id,
                 actor=request.user,
             )
+            issue_comment = IssueComment.objects.get(
+                pk=serializer.data.get("id")
+            )
+            # Update the created_at and the created_by and save the comment
+            issue_comment.created_at = request.data.get(
+                "created_at", timezone.now()
+            )
+            issue_comment.created_by_id = request.data.get(
+                "created_by", request.user.id
+            )
+            issue_comment.save(update_fields=["created_at", "created_by"])
+
             issue_activity.delay(
                 type="comment.activity.created",
                 requested_data=json.dumps(
                     serializer.data, cls=DjangoJSONEncoder
                 ),
-                actor_id=str(self.request.user.id),
+                actor_id=str(issue_comment.created_by_id),
                 issue_id=str(self.kwargs.get("issue_id")),
                 project_id=str(self.kwargs.get("project_id")),
                 current_instance=None,
@@ -874,3 +1055,83 @@ class IssueActivityAPIEndpoint(BaseAPIView):
                 expand=self.expand,
             ).data,
         )
+
+
+class IssueAttachmentEndpoint(BaseAPIView):
+    serializer_class = IssueAttachmentSerializer
+    permission_classes = [
+        ProjectEntityPermission,
+    ]
+    model = IssueAttachment
+    parser_classes = (MultiPartParser, FormParser)
+
+    def post(self, request, slug, project_id, issue_id):
+        serializer = IssueAttachmentSerializer(data=request.data)
+        if (
+            request.data.get("external_id")
+            and request.data.get("external_source")
+            and IssueAttachment.objects.filter(
+                project_id=project_id,
+                workspace__slug=slug,
+                issue_id=issue_id,
+                external_source=request.data.get("external_source"),
+                external_id=request.data.get("external_id"),
+            ).exists()
+        ):
+            issue_attachment = IssueAttachment.objects.filter(
+                workspace__slug=slug,
+                project_id=project_id,
+                external_id=request.data.get("external_id"),
+                external_source=request.data.get("external_source"),
+            ).first()
+            return Response(
+                {
+                    "error": "Issue attachment with the same external id and external source already exists",
+                    "id": str(issue_attachment.id),
+                },
+                status=status.HTTP_409_CONFLICT,
+            )
+
+        if serializer.is_valid():
+            serializer.save(project_id=project_id, issue_id=issue_id)
+            issue_activity.delay(
+                type="attachment.activity.created",
+                requested_data=None,
+                actor_id=str(self.request.user.id),
+                issue_id=str(self.kwargs.get("issue_id", None)),
+                project_id=str(self.kwargs.get("project_id", None)),
+                current_instance=json.dumps(
+                    serializer.data,
+                    cls=DjangoJSONEncoder,
+                ),
+                epoch=int(timezone.now().timestamp()),
+                notification=True,
+                origin=request.META.get("HTTP_ORIGIN"),
+            )
+            return Response(serializer.data, status=status.HTTP_201_CREATED)
+        return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
+
+    def delete(self, request, slug, project_id, issue_id, pk):
+        issue_attachment = IssueAttachment.objects.get(pk=pk)
+        issue_attachment.asset.delete(save=False)
+        issue_attachment.delete()
+        issue_activity.delay(
+            type="attachment.activity.deleted",
+            requested_data=None,
+            actor_id=str(self.request.user.id),
+            issue_id=str(self.kwargs.get("issue_id", None)),
+            project_id=str(self.kwargs.get("project_id", None)),
+            current_instance=None,
+            epoch=int(timezone.now().timestamp()),
+            notification=True,
+            origin=request.META.get("HTTP_ORIGIN"),
+        )
+
+        return Response(status=status.HTTP_204_NO_CONTENT)
+
+    def get(self, request, slug, project_id, issue_id):
+        issue_attachments = IssueAttachment.objects.filter(
+            issue_id=issue_id, workspace__slug=slug, project_id=project_id
+        )
+        serializer = IssueAttachmentSerializer(issue_attachments, many=True)
+        return Response(serializer.data, status=status.HTTP_200_OK)

apiserver/plane/api/views/member.py

@@ -0,0 +1,153 @@
+# Python imports
+import uuid
+
+# Django imports
+from django.contrib.auth.hashers import make_password
+from django.core.validators import validate_email
+from django.core.exceptions import ValidationError
+
+# Third Party imports
+from rest_framework.response import Response
+from rest_framework import status
+
+# Module imports
+from .base import BaseAPIView
+from plane.api.serializers import UserLiteSerializer
+from plane.db.models import (
+    User,
+    Workspace,
+    Project,
+    WorkspaceMember,
+    ProjectMember,
+)
+
+from plane.app.permissions import (
+    ProjectMemberPermission,
+)
+
+
+# API endpoint to get and insert users inside the workspace
+class ProjectMemberAPIEndpoint(BaseAPIView):
+    permission_classes = [
+        ProjectMemberPermission,
+    ]
+
+    # Get all the users that are present inside the workspace
+    def get(self, request, slug, project_id):
+        # Check if the workspace exists
+        if not Workspace.objects.filter(slug=slug).exists():
+            return Response(
+                {"error": "Provided workspace does not exist"},
+                status=status.HTTP_400_BAD_REQUEST,
+            )
+
+        # Get the workspace members that are present inside the workspace
+        project_members = ProjectMember.objects.filter(
+            project_id=project_id, workspace__slug=slug
+        ).values_list("member_id", flat=True)
+
+        # Get all the users that are present inside the workspace
+        users = UserLiteSerializer(
+            User.objects.filter(
+                id__in=project_members,
+            ),
+            many=True,
+        ).data
+
+        return Response(users, status=status.HTTP_200_OK)
+
+    # Insert a new user inside the workspace, and assign the user to the project
+    def post(self, request, slug, project_id):
+        # Check if user with email already exists, and send bad request if it's
+        # not present, check for workspace and valid project mandat
+        # ------------------- Validation -------------------
+        if (
+            request.data.get("email") is None
+            or request.data.get("display_name") is None
+        ):
+            return Response(
+                {
+                    "error": "Expected email, display_name, workspace_slug, project_id, one or more of the fields are missing."
+                },
+                status=status.HTTP_400_BAD_REQUEST,
+            )
+
+        email = request.data.get("email")
+
+        try:
+            validate_email(email)
+        except ValidationError:
+            return Response(
+                {"error": "Invalid email provided"},
+                status=status.HTTP_400_BAD_REQUEST,
+            )
+
+        workspace = Workspace.objects.filter(slug=slug).first()
+        project = Project.objects.filter(pk=project_id).first()
+
+        if not all([workspace, project]):
+            return Response(
+                {"error": "Provided workspace or project does not exist"},
+                status=status.HTTP_400_BAD_REQUEST,
+            )
+
+        # Check if user exists
+        user = User.objects.filter(email=email).first()
+        workspace_member = None
+        project_member = None
+
+        if user:
+            # Check if user is part of the workspace
+            workspace_member = WorkspaceMember.objects.filter(
+                workspace=workspace, member=user
+            ).first()
+            if workspace_member:
+                # Check if user is part of the project
+                project_member = ProjectMember.objects.filter(
+                    project=project, member=user
+                ).first()
+                if project_member:
+                    return Response(
+                        {
+                            "error": "User is already part of the workspace and project"
+                        },
+                        status=status.HTTP_400_BAD_REQUEST,
+                    )
+
+        # If user does not exist, create the user
+        if not user:
+            user = User.objects.create(
+                email=email,
+                display_name=request.data.get("display_name"),
+                first_name=request.data.get("first_name", ""),
+                last_name=request.data.get("last_name", ""),
+                username=uuid.uuid4().hex,
+                password=make_password(uuid.uuid4().hex),
+                is_password_autoset=True,
+                is_active=False,
+            )
+            user.save()
+
+        # Create a workspace member for the user if not already a member
+        if not workspace_member:
+            workspace_member = WorkspaceMember.objects.create(
+                workspace=workspace,
+                member=user,
+                role=request.data.get("role", 10),
+            )
+            workspace_member.save()
+
+        # Create a project member for the user if not already a member
+        if not project_member:
+            project_member = ProjectMember.objects.create(
+                project=project,
+                member=user,
+                role=request.data.get("role", 10),
+            )
+            project_member.save()
+
+        # Serialize the user and return the response
+        user_data = UserLiteSerializer(user).data
+
+        return Response(user_data, status=status.HTTP_201_CREATED)
+

apiserver/plane/api/views/module.py

@@ -18,7 +18,7 @@ from plane.api.serializers import (
     ModuleSerializer,
 )
 from plane.app.permissions import ProjectEntityPermission
-from plane.bgtasks.issue_activites_task import issue_activity
+from plane.bgtasks.issue_activities_task import issue_activity
 from plane.db.models import (
     Issue,
     IssueAttachment,
@@ -27,6 +27,8 @@ from plane.db.models import (
     ModuleIssue,
     ModuleLink,
     Project,
+    ProjectMember,
+    UserFavorite,
 )
 
 from .base import BaseAPIView
@@ -265,6 +267,20 @@ class ModuleAPIEndpoint(BaseAPIView):
         module = Module.objects.get(
             workspace__slug=slug, project_id=project_id, pk=pk
         )
+        if module.created_by_id != request.user.id and (
+            not ProjectMember.objects.filter(
+                workspace__slug=slug,
+                member=request.user,
+                role=20,
+                project_id=project_id,
+                is_active=True,
+            ).exists()
+        ):
+            return Response(
+                {"error": "Only admin or creator can delete the module"},
+                status=status.HTTP_403_FORBIDDEN,
+            )
+
         module_issues = list(
             ModuleIssue.objects.filter(module_id=pk).values_list(
                 "issue", flat=True
@@ -286,6 +302,17 @@ class ModuleAPIEndpoint(BaseAPIView):
             epoch=int(timezone.now().timestamp()),
         )
         module.delete()
+        # Delete the module issues
+        ModuleIssue.objects.filter(
+            module=pk,
+            project_id=project_id,
+        ).delete()
+        # Delete the user favorite module
+        UserFavorite.objects.filter(
+            entity_type="module",
+            entity_identifier=pk,
+            project_id=project_id,
+        ).delete()
         return Response(status=status.HTTP_204_NO_CONTENT)
 
 
@@ -493,7 +520,6 @@ class ModuleIssueAPIEndpoint(BaseAPIView):
 
 
 class ModuleArchiveUnarchiveAPIEndpoint(BaseAPIView):
-
     permission_classes = [
         ProjectEntityPermission,
     ]
@@ -608,6 +634,12 @@ class ModuleArchiveUnarchiveAPIEndpoint(BaseAPIView):
             )
         module.archived_at = timezone.now()
         module.save()
+        UserFavorite.objects.filter(
+            entity_type="module",
+            entity_identifier=pk,
+            project_id=project_id,
+            workspace__slug=slug,
+        ).delete()
         return Response(status=status.HTTP_204_NO_CONTENT)
 
     def delete(self, request, slug, project_id, pk):

apiserver/plane/api/views/project.py

@@ -19,13 +19,14 @@ from plane.app.permissions import ProjectBasePermission
 from plane.db.models import (
     Cycle,
     Inbox,
-    IssueProperty,
+    IssueUserProperty,
     Module,
     Project,
     DeployBoard,
     ProjectMember,
     State,
     Workspace,
+    UserFavorite,
 )
 from plane.bgtasks.webhook_task import model_activity
 from .base import BaseAPIView
@@ -165,7 +166,7 @@ class ProjectAPIEndpoint(BaseAPIView):
                     role=20,
                 )
                 # Also create the issue property for the user
-                _ = IssueProperty.objects.create(
+                _ = IssueUserProperty.objects.create(
                     project_id=serializer.data["id"],
                     user=request.user,
                 )
@@ -179,7 +180,7 @@ class ProjectAPIEndpoint(BaseAPIView):
                         role=20,
                     )
                     # Also create the issue property for the user
-                    IssueProperty.objects.create(
+                    IssueUserProperty.objects.create(
                         project_id=serializer.data["id"],
                         user_id=serializer.data["project_lead"],
                     )
@@ -240,6 +241,7 @@ class ProjectAPIEndpoint(BaseAPIView):
                     .filter(pk=serializer.data["id"])
                     .first()
                 )
+
                 # Model activity
                 model_activity.delay(
                     model_name="project",
@@ -355,6 +357,12 @@ class ProjectAPIEndpoint(BaseAPIView):
 
     def delete(self, request, slug, pk):
         project = Project.objects.get(pk=pk, workspace__slug=slug)
+        # Delete the user favorite cycle
+        UserFavorite.objects.filter(
+            entity_type="project",
+            entity_identifier=pk,
+            project_id=pk,
+        ).delete()
         project.delete()
         return Response(status=status.HTTP_204_NO_CONTENT)
 
@@ -369,6 +377,10 @@ class ProjectArchiveUnarchiveAPIEndpoint(BaseAPIView):
         project = Project.objects.get(pk=project_id, workspace__slug=slug)
         project.archived_at = timezone.now()
         project.save()
+        UserFavorite.objects.filter(
+            workspace__slug=slug,
+            project=project_id,
+        ).delete()
         return Response(status=status.HTTP_204_NO_CONTENT)
 
     def delete(self, request, slug, project_id):

apiserver/plane/app/permissions/__init__.py

@@ -12,3 +12,4 @@ from .project import (
     ProjectMemberPermission,
     ProjectLitePermission,
 )
+from .base import allow_permission, ROLE

apiserver/plane/app/permissions/base.py

@@ -0,0 +1,61 @@
+from plane.db.models import WorkspaceMember, ProjectMember
+from functools import wraps
+from rest_framework.response import Response
+from rest_framework import status
+
+from enum import Enum
+
+class ROLE(Enum):
+    ADMIN = 20
+    MEMBER = 15
+    VIEWER = 10
+    GUEST = 5
+
+
+def allow_permission(allowed_roles, level="PROJECT", creator=False, model=None):
+    def decorator(view_func):
+        @wraps(view_func)
+        def _wrapped_view(instance, request, *args, **kwargs):
+
+            # Check for creator if required
+            if creator and model:
+                obj = model.objects.filter(
+                    id=kwargs["pk"], created_by=request.user
+                ).exists()
+                if obj:
+                    return view_func(instance, request, *args, **kwargs)
+
+            # Convert allowed_roles to their values if they are enum members
+            allowed_role_values = [
+                role.value if isinstance(role, ROLE) else role
+                for role in allowed_roles
+            ]
+
+            # Check role permissions
+            if level == "WORKSPACE":
+                if WorkspaceMember.objects.filter(
+                    member=request.user,
+                    workspace__slug=kwargs["slug"],
+                    role__in=allowed_role_values,
+                    is_active=True,
+                ).exists():
+                    return view_func(instance, request, *args, **kwargs)
+            else:
+                if ProjectMember.objects.filter(
+                    member=request.user,
+                    workspace__slug=kwargs["slug"],
+                    project_id=kwargs["project_id"],
+                    role__in=allowed_role_values,
+                    is_active=True,
+                ).exists():
+                    return view_func(instance, request, *args, **kwargs)
+
+            # Return permission denied if no conditions are met
+            return Response(
+                {"error": "You don't have the required permissions."},
+                status=status.HTTP_403_FORBIDDEN,
+            )
+
+        return _wrapped_view
+
+    return decorator

apiserver/plane/app/serializers/__init__.py

@@ -50,7 +50,7 @@ from .issue import (
     IssueCreateSerializer,
     IssueActivitySerializer,
     IssueCommentSerializer,
-    IssuePropertySerializer,
+    IssueUserPropertySerializer,
     IssueAssigneeSerializer,
     LabelSerializer,
     IssueSerializer,
@@ -91,6 +91,8 @@ from .page import (
     PageLogSerializer,
     SubPageSerializer,
     PageDetailSerializer,
+    PageVersionSerializer,
+    PageVersionDetailSerializer,
 )
 
 from .estimate import (
@@ -120,3 +122,5 @@ from .exporter import ExporterHistorySerializer
 from .webhook import WebhookSerializer, WebhookLogSerializer
 
 from .dashboard import DashboardSerializer, WidgetSerializer
+
+from .favorite import UserFavoriteSerializer

apiserver/plane/app/serializers/favorite.py

@@ -0,0 +1,101 @@
+from rest_framework import serializers
+
+from plane.db.models import (
+    UserFavorite,
+    Cycle,
+    Module,
+    Issue,
+    IssueView,
+    Page,
+    Project,
+)
+
+
+class ProjectFavoriteLiteSerializer(serializers.ModelSerializer):
+
+    class Meta:
+        model = Project
+        fields = ["id", "name", "logo_props"]
+
+
+class PageFavoriteLiteSerializer(serializers.ModelSerializer):
+    project_id = serializers.SerializerMethodField()
+
+    class Meta:
+        model = Page
+        fields = ["id", "name", "logo_props", "project_id"]
+
+    def get_project_id(self, obj):
+        project = (
+            obj.projects.first()
+        )  # This gets the first project related to the Page
+        return project.id if project else None
+
+
+class CycleFavoriteLiteSerializer(serializers.ModelSerializer):
+
+    class Meta:
+        model = Cycle
+        fields = ["id", "name", "logo_props", "project_id"]
+
+
+class ModuleFavoriteLiteSerializer(serializers.ModelSerializer):
+
+    class Meta:
+        model = Module
+        fields = ["id", "name", "logo_props", "project_id"]
+
+
+class ViewFavoriteSerializer(serializers.ModelSerializer):
+
+    class Meta:
+        model = IssueView
+        fields = ["id", "name", "logo_props", "project_id"]
+
+
+def get_entity_model_and_serializer(entity_type):
+    entity_map = {
+        "cycle": (Cycle, CycleFavoriteLiteSerializer),
+        "issue": (Issue, None),
+        "module": (Module, ModuleFavoriteLiteSerializer),
+        "view": (IssueView, ViewFavoriteSerializer),
+        "page": (Page, PageFavoriteLiteSerializer),
+        "project": (Project, ProjectFavoriteLiteSerializer),
+        "folder": (None, None),
+    }
+    return entity_map.get(entity_type, (None, None))
+
+
+class UserFavoriteSerializer(serializers.ModelSerializer):
+    entity_data = serializers.SerializerMethodField()
+
+    class Meta:
+        model = UserFavorite
+        fields = [
+            "id",
+            "entity_type",
+            "entity_identifier",
+            "entity_data",
+            "name",
+            "is_folder",
+            "sequence",
+            "parent",
+            "workspace_id",
+            "project_id",
+        ]
+        read_only_fields = ["workspace", "created_by", "updated_by"]
+
+    def get_entity_data(self, obj):
+        entity_type = obj.entity_type
+        entity_identifier = obj.entity_identifier
+
+        entity_model, entity_serializer = get_entity_model_and_serializer(
+            entity_type
+        )
+        if entity_model and entity_serializer:
+            try:
+                entity = entity_model.objects.get(pk=entity_identifier)
+                return entity_serializer(entity).data
+            except entity_model.DoesNotExist:
+                return None
+        return None

apiserver/plane/app/serializers/issue.py

@@ -17,7 +17,7 @@ from plane.db.models import (
     Issue,
     IssueActivity,
     IssueComment,
-    IssueProperty,
+    IssueUserProperty,
     IssueAssignee,
     IssueSubscriber,
     IssueLabel,
@@ -135,7 +135,11 @@ class IssueCreateSerializer(BaseSerializer):
         workspace_id = self.context["workspace_id"]
         default_assignee_id = self.context["default_assignee_id"]
 
-        issue = Issue.objects.create(**validated_data, project_id=project_id)
+        # Create Issue
+        issue = Issue.objects.create(
+            **validated_data,
+            project_id=project_id,
+        )
 
         # Issue Audit Users
         created_by_id = issue.created_by_id
@@ -248,9 +252,9 @@ class IssueActivitySerializer(BaseSerializer):
         fields = "__all__"
 
 
-class IssuePropertySerializer(BaseSerializer):
+class IssueUserPropertySerializer(BaseSerializer):
     class Meta:
-        model = IssueProperty
+        model = IssueUserProperty
         fields = "__all__"
         read_only_fields = [
             "user",
@@ -529,6 +533,7 @@ class IssueReactionSerializer(BaseSerializer):
             "project",
             "issue",
             "actor",
+            "deleted_at"
         ]
 
 
@@ -547,7 +552,7 @@ class CommentReactionSerializer(BaseSerializer):
     class Meta:
         model = CommentReaction
         fields = "__all__"
-        read_only_fields = ["workspace", "project", "comment", "actor"]
+        read_only_fields = ["workspace", "project", "comment", "actor", "deleted_at"]
 
 
 class IssueVoteSerializer(BaseSerializer):

apiserver/plane/app/serializers/module.py

@@ -39,6 +39,7 @@ class ModuleWriteSerializer(BaseSerializer):
             "created_at",
             "updated_at",
             "archived_at",
+            "deleted_at",
         ]
 
     def to_representation(self, instance):

apiserver/plane/app/serializers/notification.py

@@ -12,6 +12,7 @@ class NotificationSerializer(BaseSerializer):
         read_only=True, source="triggered_by"
     )
     is_inbox_issue = serializers.BooleanField(read_only=True)
+    is_mentioned_notification = serializers.BooleanField(read_only=True)
 
     class Meta:
         model = Notification

apiserver/plane/app/serializers/page.py

@@ -10,6 +10,7 @@ from plane.db.models import (
     Label,
     ProjectPage,
     Project,
+    PageVersion,
 )
 
 
@@ -161,3 +162,46 @@ class PageLogSerializer(BaseSerializer):
             "workspace",
             "page",
         ]
+
+
+class PageVersionSerializer(BaseSerializer):
+    class Meta:
+        model = PageVersion
+        fields = [
+            "id",
+            "workspace",
+            "page",
+            "last_saved_at",
+            "owned_by",
+            "created_at",
+            "updated_at",
+            "created_by",
+            "updated_by",
+        ]
+        read_only_fields = [
+            "workspace",
+            "page",
+        ]
+
+
+class PageVersionDetailSerializer(BaseSerializer):
+    class Meta:
+        model = PageVersion
+        fields = [
+            "id",
+            "workspace",
+            "page",
+            "last_saved_at",
+            "description_binary",
+            "description_html",
+            "description_json",
+            "owned_by",
+            "created_at",
+            "updated_at",
+            "created_by",
+            "updated_by",
+        ]
+        read_only_fields = [
+            "workspace",
+            "page",
+        ]

apiserver/plane/app/serializers/project.py

@@ -28,6 +28,7 @@ class ProjectSerializer(BaseSerializer):
         fields = "__all__"
         read_only_fields = [
             "workspace",
+            "deleted_at",
         ]
 
     def create(self, validated_data):

apiserver/plane/app/serializers/view.py

@@ -23,7 +23,7 @@ class IssueViewSerializer(DynamicBaseSerializer):
         ]
 
     def create(self, validated_data):
-        query_params = validated_data.get("query_data", {})
+        query_params = validated_data.get("filters", {})
         if bool(query_params):
             validated_data["query"] = issue_filters(query_params, "POST")
         else:
@@ -31,7 +31,7 @@ class IssueViewSerializer(DynamicBaseSerializer):
         return IssueView.objects.create(**validated_data)
 
     def update(self, instance, validated_data):
-        query_params = validated_data.get("query_data", {})
+        query_params = validated_data.get("filters", {})
         if bool(query_params):
             validated_data["query"] = issue_filters(query_params, "POST")
         else:

apiserver/plane/app/urls/api.py

@@ -1,5 +1,5 @@
 from django.urls import path
-from plane.app.views import ApiTokenEndpoint
+from plane.app.views import ApiTokenEndpoint, ServiceApiTokenEndpoint
 
 urlpatterns = [
     # API Tokens
@@ -13,5 +13,10 @@ urlpatterns = [
         ApiTokenEndpoint.as_view(),
         name="api-tokens",
     ),
+    path(
+        "workspaces/<str:slug>/service-api-tokens/",
+        ServiceApiTokenEndpoint.as_view(),
+        name="service-api-tokens",
+    ),
     ## End API Tokens
 ]

apiserver/plane/app/urls/inbox.py

@@ -40,7 +40,7 @@ urlpatterns = [
         name="inbox-issue",
     ),
     path(
-        "workspaces/<str:slug>/projects/<uuid:project_id>/inbox-issues/<uuid:issue_id>/",
+        "workspaces/<str:slug>/projects/<uuid:project_id>/inbox-issues/<uuid:pk>/",
         InboxIssueViewSet.as_view(
             {
                 "get": "retrieve",

apiserver/plane/app/urls/issue.py

@@ -19,7 +19,6 @@ from plane.app.views import (
     IssueUserDisplayPropertyEndpoint,
     IssueViewSet,
     LabelViewSet,
-    BulkIssueOperationsEndpoint,
     BulkArchiveIssuesEndpoint,
 )
 
@@ -233,13 +232,13 @@ urlpatterns = [
         name="project-issue-comment-reactions",
     ),
     ## End Comment Reactions
-    ## IssueProperty
+    ## IssueUserProperty
     path(
         "workspaces/<str:slug>/projects/<uuid:project_id>/user-properties/",
         IssueUserDisplayPropertyEndpoint.as_view(),
         name="project-issue-display-properties",
     ),
-    ## IssueProperty End
+    ## IssueUserProperty End
     ## Issue Archives
     path(
         "workspaces/<str:slug>/projects/<uuid:project_id>/archived-issues/",
@@ -304,10 +303,5 @@ urlpatterns = [
             }
         ),
         name="project-issue-draft",
-    ),
-    path(
-        "workspaces/<str:slug>/projects/<uuid:project_id>/bulk-operation-issues/",
-        BulkIssueOperationsEndpoint.as_view(),
-        name="bulk-operations-issues",
-    ),
+    )
 ]

apiserver/plane/app/urls/page.py

@@ -7,6 +7,7 @@ from plane.app.views import (
     PageLogEndpoint,
     SubPagesEndpoint,
     PagesDescriptionViewSet,
+    PageVersionEndpoint,
 )
 
 
@@ -65,6 +66,16 @@ urlpatterns = [
         ),
         name="project-pages-lock-unlock",
     ),
+    # private and public page
+    path(
+        "workspaces/<str:slug>/projects/<uuid:project_id>/pages/<uuid:pk>/access/",
+        PageViewSet.as_view(
+            {
+                "post": "access",
+            }
+        ),
+        name="project-pages-access",
+    ),
     path(
         "workspaces/<str:slug>/projects/<uuid:project_id>/pages/<uuid:pk>/transactions/",
         PageLogEndpoint.as_view(),
@@ -90,4 +101,14 @@ urlpatterns = [
         ),
         name="page-description",
     ),
+    path(
+        "workspaces/<str:slug>/projects/<uuid:project_id>/pages/<uuid:page_id>/versions/",
+        PageVersionEndpoint.as_view(),
+        name="page-versions",
+    ),
+    path(
+        "workspaces/<str:slug>/projects/<uuid:project_id>/pages/<uuid:page_id>/versions/<uuid:pk>/",
+        PageVersionEndpoint.as_view(),
+        name="page-versions",
+    ),
 ]

apiserver/plane/app/urls/workspace.py

@@ -25,6 +25,8 @@ from plane.app.views import (
     ExportWorkspaceUserActivityEndpoint,
     WorkspaceModulesEndpoint,
     WorkspaceCyclesEndpoint,
+    WorkspaceFavoriteEndpoint,
+    WorkspaceFavoriteGroupEndpoint,
 )
 
 
@@ -237,4 +239,19 @@ urlpatterns = [
         WorkspaceCyclesEndpoint.as_view(),
         name="workspace-cycles",
     ),
+    path(
+        "workspaces/<str:slug>/user-favorites/",
+        WorkspaceFavoriteEndpoint.as_view(),
+        name="workspace-user-favorites",
+    ),
+    path(
+        "workspaces/<str:slug>/user-favorites/<uuid:favorite_id>/",
+        WorkspaceFavoriteEndpoint.as_view(),
+        name="workspace-user-favorites",
+    ),
+    path(
+        "workspaces/<str:slug>/user-favorites/<uuid:favorite_id>/group/",
+        WorkspaceFavoriteGroupEndpoint.as_view(),
+        name="workspace-user-favorites-groups",
+    ),
 ]

apiserver/plane/app/views/__init__.py

@@ -40,6 +40,11 @@ from .workspace.base import (
     ExportWorkspaceUserActivityEndpoint,
 )
 
+from .workspace.favorite import (
+    WorkspaceFavoriteEndpoint,
+    WorkspaceFavoriteGroupEndpoint,
+)
+
 from .workspace.member import (
     WorkSpaceMemberViewSet,
     TeamMemberViewSet,
@@ -151,9 +156,6 @@ from .issue.subscriber import (
     IssueSubscriberViewSet,
 )
 
-
-from .issue.bulk_operations import BulkIssueOperationsEndpoint
-
 from .module.base import (
     ModuleViewSet,
     ModuleLinkViewSet,
@@ -169,8 +171,10 @@ from .module.archive import (
     ModuleArchiveUnarchiveEndpoint,
 )
 
-from .api import ApiTokenEndpoint
-
+from .api import (
+    ApiTokenEndpoint,
+    ServiceApiTokenEndpoint,
+)
 
 from .page.base import (
     PageViewSet,
@@ -179,6 +183,7 @@ from .page.base import (
     SubPagesEndpoint,
     PagesDescriptionViewSet,
 )
+from .page.version import PageVersionEndpoint
 
 from .search.base import GlobalSearchEndpoint
 from .search.issue import IssueSearchEndpoint

apiserver/plane/app/views/analytic/base.py

@@ -7,22 +7,22 @@ from django.utils import timezone
 from rest_framework import status
 from rest_framework.response import Response
 
+# Module imports
 from plane.app.permissions import WorkSpaceAdminPermission
 from plane.app.serializers import AnalyticViewSerializer
-
-# Module imports
 from plane.app.views.base import BaseAPIView, BaseViewSet
 from plane.bgtasks.analytic_plot_export import analytic_export_task
 from plane.db.models import AnalyticView, Issue, Workspace
 from plane.utils.analytics_plot import build_graph_plot
 from plane.utils.issue_filters import issue_filters
+from plane.app.permissions import allow_permission, ROLE
 
 
 class AnalyticsEndpoint(BaseAPIView):
-    permission_classes = [
-        WorkSpaceAdminPermission,
-    ]
 
+    @allow_permission(
+        [ROLE.ADMIN, ROLE.MEMBER, ROLE.VIEWER], level="WORKSPACE"
+    )
     def get(self, request, slug):
         x_axis = request.GET.get("x_axis", False)
         y_axis = request.GET.get("y_axis", False)
@@ -201,10 +201,10 @@ class AnalyticViewViewset(BaseViewSet):
 
 
 class SavedAnalyticEndpoint(BaseAPIView):
-    permission_classes = [
-        WorkSpaceAdminPermission,
-    ]
 
+    @allow_permission(
+        [ROLE.ADMIN, ROLE.MEMBER, ROLE.VIEWER], level="WORKSPACE"
+    )
     def get(self, request, slug, analytic_id):
         analytic_view = AnalyticView.objects.get(
             pk=analytic_id, workspace__slug=slug
@@ -234,10 +234,10 @@ class SavedAnalyticEndpoint(BaseAPIView):
 
 
 class ExportAnalyticsEndpoint(BaseAPIView):
-    permission_classes = [
-        WorkSpaceAdminPermission,
-    ]
 
+    @allow_permission(
+        [ROLE.ADMIN, ROLE.MEMBER, ROLE.VIEWER], level="WORKSPACE"
+    )
     def post(self, request, slug):
         x_axis = request.data.get("x_axis", False)
         y_axis = request.data.get("y_axis", False)
@@ -301,10 +301,10 @@ class ExportAnalyticsEndpoint(BaseAPIView):
 
 
 class DefaultAnalyticsEndpoint(BaseAPIView):
-    permission_classes = [
-        WorkSpaceAdminPermission,
-    ]
 
+    @allow_permission(
+        [ROLE.ADMIN, ROLE.MEMBER, ROLE.VIEWER, ROLE.GUEST], level="WORKSPACE"
+    )
     def get(self, request, slug):
         filters = issue_filters(request.GET, "GET")
         base_issues = Issue.issue_objects.filter(
@@ -380,12 +380,10 @@ class DefaultAnalyticsEndpoint(BaseAPIView):
             .order_by("-count")
         )
 
-        open_estimate_sum = open_issues_queryset.aggregate(
-            sum=Sum("point")
-        )["sum"]
-        total_estimate_sum = base_issues.aggregate(sum=Sum("point"))[
+        open_estimate_sum = open_issues_queryset.aggregate(sum=Sum("point"))[
             "sum"
         ]
+        total_estimate_sum = base_issues.aggregate(sum=Sum("point"))["sum"]
 
         return Response(
             {

apiserver/plane/app/views/api.py

@@ -45,7 +45,7 @@ class ApiTokenEndpoint(BaseAPIView):
     def get(self, request, slug, pk=None):
         if pk is None:
             api_tokens = APIToken.objects.filter(
-                user=request.user, workspace__slug=slug
+                user=request.user, workspace__slug=slug, is_service=False
             )
             serializer = APITokenReadSerializer(api_tokens, many=True)
             return Response(serializer.data, status=status.HTTP_200_OK)
@@ -61,6 +61,7 @@ class ApiTokenEndpoint(BaseAPIView):
             workspace__slug=slug,
             user=request.user,
             pk=pk,
+            is_service=False,
         )
         api_token.delete()
         return Response(status=status.HTTP_204_NO_CONTENT)
@@ -78,3 +79,44 @@ class ApiTokenEndpoint(BaseAPIView):
             serializer.save()
             return Response(serializer.data, status=status.HTTP_200_OK)
         return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
+
+
+class ServiceApiTokenEndpoint(BaseAPIView):
+    permission_classes = [
+        WorkspaceOwnerPermission,
+    ]
+
+    def post(self, request, slug):
+        workspace = Workspace.objects.get(slug=slug)
+
+        api_token = APIToken.objects.filter(
+            workspace=workspace,
+            is_service=True,
+        ).first()
+
+        if api_token:
+            return Response(
+                {
+                    "token": str(api_token.token),
+                },
+                status=status.HTTP_200_OK,
+            )
+        else:
+            # Check the user type
+            user_type = 1 if request.user.is_bot else 0
+
+            api_token = APIToken.objects.create(
+                label=str(uuid4().hex),
+                description="Service Token",
+                user=request.user,
+                workspace=workspace,
+                user_type=user_type,
+                is_service=True,
+            )
+            return Response(
+                {
+                    "token": str(api_token.token),
+                },
+                status=status.HTTP_201_CREATED,
+            )
+

apiserver/plane/app/views/cycle/archive.py

@@ -14,21 +14,18 @@ from django.db.models import (
     UUIDField,
     Value,
     When,
+    Subquery,
+    Sum,
+    FloatField,
 )
-from django.db.models.functions import Coalesce
+from django.db.models.functions import Coalesce, Cast
 from django.utils import timezone
 
 # Third party imports
 from rest_framework import status
 from rest_framework.response import Response
-from plane.app.permissions import ProjectEntityPermission
-from plane.db.models import (
-    Cycle,
-    UserFavorite,
-    Issue,
-    Label,
-    User,
-)
+from plane.app.permissions import allow_permission, ROLE
+from plane.db.models import Cycle, UserFavorite, Issue, Label, User, Project
 from plane.utils.analytics_plot import burndown_plot
 
 # Module imports
@@ -37,10 +34,6 @@ from .. import BaseAPIView
 
 class CycleArchiveUnarchiveEndpoint(BaseAPIView):
 
-    permission_classes = [
-        ProjectEntityPermission,
-    ]
-
     def get_queryset(self):
         favorite_subquery = UserFavorite.objects.filter(
             user=self.request.user,
@@ -49,6 +42,89 @@ class CycleArchiveUnarchiveEndpoint(BaseAPIView):
             project_id=self.kwargs.get("project_id"),
             workspace__slug=self.kwargs.get("slug"),
         )
+        backlog_estimate_point = (
+            Issue.issue_objects.filter(
+                estimate_point__estimate__type="points",
+                state__group="backlog",
+                issue_cycle__cycle_id=OuterRef("pk"),
+            )
+            .values("issue_cycle__cycle_id")
+            .annotate(
+                backlog_estimate_point=Sum(
+                    Cast("estimate_point__value", FloatField())
+                )
+            )
+            .values("backlog_estimate_point")[:1]
+        )
+        unstarted_estimate_point = (
+            Issue.issue_objects.filter(
+                estimate_point__estimate__type="points",
+                state__group="unstarted",
+                issue_cycle__cycle_id=OuterRef("pk"),
+            )
+            .values("issue_cycle__cycle_id")
+            .annotate(
+                unstarted_estimate_point=Sum(
+                    Cast("estimate_point__value", FloatField())
+                )
+            )
+            .values("unstarted_estimate_point")[:1]
+        )
+        started_estimate_point = (
+            Issue.issue_objects.filter(
+                estimate_point__estimate__type="points",
+                state__group="started",
+                issue_cycle__cycle_id=OuterRef("pk"),
+            )
+            .values("issue_cycle__cycle_id")
+            .annotate(
+                started_estimate_point=Sum(
+                    Cast("estimate_point__value", FloatField())
+                )
+            )
+            .values("started_estimate_point")[:1]
+        )
+        cancelled_estimate_point = (
+            Issue.issue_objects.filter(
+                estimate_point__estimate__type="points",
+                state__group="cancelled",
+                issue_cycle__cycle_id=OuterRef("pk"),
+            )
+            .values("issue_cycle__cycle_id")
+            .annotate(
+                cancelled_estimate_point=Sum(
+                    Cast("estimate_point__value", FloatField())
+                )
+            )
+            .values("cancelled_estimate_point")[:1]
+        )
+        completed_estimate_point = (
+            Issue.issue_objects.filter(
+                estimate_point__estimate__type="points",
+                state__group="completed",
+                issue_cycle__cycle_id=OuterRef("pk"),
+            )
+            .values("issue_cycle__cycle_id")
+            .annotate(
+                completed_estimate_points=Sum(
+                    Cast("estimate_point__value", FloatField())
+                )
+            )
+            .values("completed_estimate_points")[:1]
+        )
+        total_estimate_point = (
+            Issue.issue_objects.filter(
+                estimate_point__estimate__type="points",
+                issue_cycle__cycle_id=OuterRef("pk"),
+            )
+            .values("issue_cycle__cycle_id")
+            .annotate(
+                total_estimate_points=Sum(
+                    Cast("estimate_point__value", FloatField())
+                )
+            )
+            .values("total_estimate_points")[:1]
+        )
         return (
             Cycle.objects.filter(workspace__slug=self.kwargs.get("slug"))
             .filter(project_id=self.kwargs.get("project_id"))
@@ -172,24 +248,51 @@ class CycleArchiveUnarchiveEndpoint(BaseAPIView):
                     Value([], output_field=ArrayField(UUIDField())),
                 )
             )
+            .annotate(
+                backlog_estimate_points=Coalesce(
+                    Subquery(backlog_estimate_point),
+                    Value(0, output_field=FloatField()),
+                ),
+            )
+            .annotate(
+                unstarted_estimate_points=Coalesce(
+                    Subquery(unstarted_estimate_point),
+                    Value(0, output_field=FloatField()),
+                ),
+            )
+            .annotate(
+                started_estimate_points=Coalesce(
+                    Subquery(started_estimate_point),
+                    Value(0, output_field=FloatField()),
+                ),
+            )
+            .annotate(
+                cancelled_estimate_points=Coalesce(
+                    Subquery(cancelled_estimate_point),
+                    Value(0, output_field=FloatField()),
+                ),
+            )
+            .annotate(
+                completed_estimate_points=Coalesce(
+                    Subquery(completed_estimate_point),
+                    Value(0, output_field=FloatField()),
+                ),
+            )
+            .annotate(
+                total_estimate_points=Coalesce(
+                    Subquery(total_estimate_point),
+                    Value(0, output_field=FloatField()),
+                ),
+            )
             .order_by("-is_favorite", "name")
             .distinct()
         )
 
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER, ROLE.VIEWER])
     def get(self, request, slug, project_id, pk=None):
         if pk is None:
             queryset = (
-                self.get_queryset()
-                .annotate(
-                    total_issues=Count(
-                        "issue_cycle",
-                        filter=Q(
-                            issue_cycle__issue__archived_at__isnull=True,
-                            issue_cycle__issue__is_draft=False,
-                        ),
-                    )
-                )
-                .values(
+                self.get_queryset().values(
                     # necessary fields
                     "id",
                     "workspace_id",
@@ -255,7 +358,10 @@ class CycleArchiveUnarchiveEndpoint(BaseAPIView):
                     "external_id",
                     "progress_snapshot",
                     "sub_issues",
+                    "logo_props",
                     # meta fields
+                    "completed_estimate_points",
+                    "total_estimate_points",
                     "is_favorite",
                     "total_issues",
                     "cancelled_issues",
@@ -265,17 +371,114 @@ class CycleArchiveUnarchiveEndpoint(BaseAPIView):
                     "backlog_issues",
                     "assignee_ids",
                     "status",
+                    "created_by",
+                    "archived_at",
                 )
                 .first()
             )
             queryset = queryset.first()
 
-            if data is None:
-                return Response(
-                    {"error": "Cycle does not exist"},
-                    status=status.HTTP_400_BAD_REQUEST,
+            estimate_type = Project.objects.filter(
+                workspace__slug=slug,
+                pk=project_id,
+                estimate__isnull=False,
+                estimate__type="points",
+            ).exists()
+
+            data["estimate_distribution"] = {}
+            if estimate_type:
+                assignee_distribution = (
+                    Issue.issue_objects.filter(
+                        issue_cycle__cycle_id=pk,
+                        workspace__slug=slug,
+                        project_id=project_id,
+                    )
+                    .annotate(display_name=F("assignees__display_name"))
+                    .annotate(assignee_id=F("assignees__id"))
+                    .annotate(avatar=F("assignees__avatar"))
+                    .values("display_name", "assignee_id", "avatar")
+                    .annotate(
+                        total_estimates=Sum(
+                            Cast("estimate_point__value", FloatField())
+                        )
+                    )
+                    .annotate(
+                        completed_estimates=Sum(
+                            Cast("estimate_point__value", FloatField()),
+                            filter=Q(
+                                completed_at__isnull=False,
+                                archived_at__isnull=True,
+                                is_draft=False,
+                            ),
+                        )
+                    )
+                    .annotate(
+                        pending_estimates=Sum(
+                            Cast("estimate_point__value", FloatField()),
+                            filter=Q(
+                                completed_at__isnull=True,
+                                archived_at__isnull=True,
+                                is_draft=False,
+                            ),
+                        )
+                    )
+                    .order_by("display_name")
                 )
 
+                label_distribution = (
+                    Issue.issue_objects.filter(
+                        issue_cycle__cycle_id=pk,
+                        workspace__slug=slug,
+                        project_id=project_id,
+                    )
+                    .annotate(label_name=F("labels__name"))
+                    .annotate(color=F("labels__color"))
+                    .annotate(label_id=F("labels__id"))
+                    .values("label_name", "color", "label_id")
+                    .annotate(
+                        total_estimates=Sum(
+                            Cast("estimate_point__value", FloatField())
+                        )
+                    )
+                    .annotate(
+                        completed_estimates=Sum(
+                            Cast("estimate_point__value", FloatField()),
+                            filter=Q(
+                                completed_at__isnull=False,
+                                archived_at__isnull=True,
+                                is_draft=False,
+                            ),
+                        )
+                    )
+                    .annotate(
+                        pending_estimates=Sum(
+                            Cast("estimate_point__value", FloatField()),
+                            filter=Q(
+                                completed_at__isnull=True,
+                                archived_at__isnull=True,
+                                is_draft=False,
+                            ),
+                        )
+                    )
+                    .order_by("label_name")
+                )
+                data["estimate_distribution"] = {
+                    "assignees": assignee_distribution,
+                    "labels": label_distribution,
+                    "completion_chart": {},
+                }
+
+                if data["start_date"] and data["end_date"]:
+                    data["estimate_distribution"]["completion_chart"] = (
+                        burndown_plot(
+                            queryset=queryset,
+                            slug=slug,
+                            project_id=project_id,
+                            plot_type="points",
+                            cycle_id=pk,
+                        )
+                    )
+
             # Assignee Distribution
             assignee_distribution = (
                 Issue.issue_objects.filter(
@@ -298,7 +501,10 @@ class CycleArchiveUnarchiveEndpoint(BaseAPIView):
                 .annotate(
                     total_issues=Count(
                         "id",
-                        filter=Q(archived_at__isnull=True, is_draft=False),
+                        filter=Q(
+                            archived_at__isnull=True,
+                            is_draft=False,
+                        ),
                     ),
                 )
                 .annotate(
@@ -338,7 +544,10 @@ class CycleArchiveUnarchiveEndpoint(BaseAPIView):
                 .annotate(
                     total_issues=Count(
                         "id",
-                        filter=Q(archived_at__isnull=True, is_draft=False),
+                        filter=Q(
+                            archived_at__isnull=True,
+                            is_draft=False,
+                        ),
                     ),
                 )
                 .annotate(
@@ -384,6 +593,7 @@ class CycleArchiveUnarchiveEndpoint(BaseAPIView):
                 status=status.HTTP_200_OK,
             )
 
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
     def post(self, request, slug, project_id, cycle_id):
         cycle = Cycle.objects.get(
             pk=cycle_id, project_id=project_id, workspace__slug=slug
@@ -397,11 +607,18 @@ class CycleArchiveUnarchiveEndpoint(BaseAPIView):
 
         cycle.archived_at = timezone.now()
         cycle.save()
+        UserFavorite.objects.filter(
+            entity_type="cycle",
+            entity_identifier=cycle_id,
+            project_id=project_id,
+            workspace__slug=slug,
+        ).delete()
         return Response(
             {"archived_at": str(cycle.archived_at)},
             status=status.HTTP_200_OK,
         )
 
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
     def delete(self, request, slug, project_id, cycle_id):
         cycle = Cycle.objects.get(
             pk=cycle_id, project_id=project_id, workspace__slug=slug

apiserver/plane/app/views/cycle/base.py

@@ -29,15 +29,14 @@ from django.core.serializers.json import DjangoJSONEncoder
 from rest_framework import status
 from rest_framework.response import Response
 from plane.app.permissions import (
-    ProjectEntityPermission,
-    ProjectLitePermission,
+    allow_permission, ROLE
 )
 from plane.app.serializers import (
     CycleSerializer,
     CycleUserPropertiesSerializer,
     CycleWriteSerializer,
 )
-from plane.bgtasks.issue_activites_task import issue_activity
+from plane.bgtasks.issue_activities_task import issue_activity
 from plane.db.models import (
     Cycle,
     CycleIssue,
@@ -47,8 +46,10 @@ from plane.db.models import (
     Label,
     User,
     Project,
+    ProjectMember,
 )
 from plane.utils.analytics_plot import burndown_plot
+from plane.bgtasks.recent_visited_task import recent_visited_task
 
 # Module imports
 from .. import BaseAPIView, BaseViewSet
@@ -59,15 +60,6 @@ class CycleViewSet(BaseViewSet):
     serializer_class = CycleSerializer
     model = Cycle
     webhook_event = "cycle"
-    permission_classes = [
-        ProjectEntityPermission,
-    ]
-
-    def perform_create(self, serializer):
-        serializer.save(
-            project_id=self.kwargs.get("project_id"),
-            owned_by=self.request.user,
-        )
 
     def get_queryset(self):
         favorite_subquery = UserFavorite.objects.filter(
@@ -324,6 +316,7 @@ class CycleViewSet(BaseViewSet):
             .distinct()
         )
 
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER, ROLE.VIEWER, ROLE.GUEST])
     def list(self, request, slug, project_id):
         queryset = self.get_queryset().filter(archived_at__isnull=True)
         cycle_view = request.GET.get("cycle_view", "all")
@@ -384,7 +377,7 @@ class CycleViewSet(BaseViewSet):
                 data[0]["estimate_distribution"] = {}
                 if estimate_type:
                     assignee_distribution = (
-                        Issue.objects.filter(
+                        Issue.issue_objects.filter(
                             issue_cycle__cycle_id=data[0]["id"],
                             workspace__slug=slug,
                             project_id=project_id,
@@ -422,7 +415,7 @@ class CycleViewSet(BaseViewSet):
                     )
 
                     label_distribution = (
-                        Issue.objects.filter(
+                        Issue.issue_objects.filter(
                             issue_cycle__cycle_id=data[0]["id"],
                             workspace__slug=slug,
                             project_id=project_id,
@@ -476,7 +469,7 @@ class CycleViewSet(BaseViewSet):
                         )
 
                 assignee_distribution = (
-                    Issue.objects.filter(
+                    Issue.issue_objects.filter(
                         issue_cycle__cycle_id=data[0]["id"],
                         workspace__slug=slug,
                         project_id=project_id,
@@ -518,7 +511,7 @@ class CycleViewSet(BaseViewSet):
                 )
 
                 label_distribution = (
-                    Issue.objects.filter(
+                    Issue.issue_objects.filter(
                         issue_cycle__cycle_id=data[0]["id"],
                         workspace__slug=slug,
                         project_id=project_id,
@@ -610,6 +603,7 @@ class CycleViewSet(BaseViewSet):
         )
         return Response(data, status=status.HTTP_200_OK)
 
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
     def create(self, request, slug, project_id):
         if (
             request.data.get("start_date", None) is None
@@ -645,6 +639,8 @@ class CycleViewSet(BaseViewSet):
                         "progress_snapshot",
                         "logo_props",
                         # meta fields
+                        "completed_estimate_points",
+                        "total_estimate_points",
                         "is_favorite",
                         "cancelled_issues",
                         "total_issues",
@@ -654,6 +650,7 @@ class CycleViewSet(BaseViewSet):
                         "backlog_issues",
                         "assignee_ids",
                         "status",
+                        "created_by",
                     )
                     .first()
                 )
@@ -680,6 +677,7 @@ class CycleViewSet(BaseViewSet):
                 status=status.HTTP_400_BAD_REQUEST,
             )
 
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
     def partial_update(self, request, slug, project_id, pk):
         queryset = self.get_queryset().filter(
             workspace__slug=slug, project_id=project_id, pk=pk
@@ -739,6 +737,8 @@ class CycleViewSet(BaseViewSet):
                 "progress_snapshot",
                 "logo_props",
                 # meta fields
+                "completed_estimate_points",
+                "total_estimate_points",
                 "is_favorite",
                 "total_issues",
                 "cancelled_issues",
@@ -748,6 +748,7 @@ class CycleViewSet(BaseViewSet):
                 "backlog_issues",
                 "assignee_ids",
                 "status",
+                "created_by",
             ).first()
 
             # Send the model activity
@@ -764,6 +765,7 @@ class CycleViewSet(BaseViewSet):
             return Response(cycle, status=status.HTTP_200_OK)
         return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
 
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER, ROLE.VIEWER])
     def retrieve(self, request, slug, project_id, pk):
         queryset = (
             self.get_queryset().filter(archived_at__isnull=True).filter(pk=pk)
@@ -800,6 +802,8 @@ class CycleViewSet(BaseViewSet):
                 "sub_issues",
                 "logo_props",
                 # meta fields
+                "completed_estimate_points",
+                "total_estimate_points",
                 "is_favorite",
                 "total_issues",
                 "cancelled_issues",
@@ -825,7 +829,7 @@ class CycleViewSet(BaseViewSet):
         data["estimate_distribution"] = {}
         if estimate_type:
             assignee_distribution = (
-                Issue.objects.filter(
+                Issue.issue_objects.filter(
                     issue_cycle__cycle_id=pk,
                     workspace__slug=slug,
                     project_id=project_id,
@@ -863,7 +867,7 @@ class CycleViewSet(BaseViewSet):
             )
 
             label_distribution = (
-                Issue.objects.filter(
+                Issue.issue_objects.filter(
                     issue_cycle__cycle_id=pk,
                     workspace__slug=slug,
                     project_id=project_id,
@@ -918,7 +922,7 @@ class CycleViewSet(BaseViewSet):
 
         # Assignee Distribution
         assignee_distribution = (
-            Issue.objects.filter(
+            Issue.issue_objects.filter(
                 issue_cycle__cycle_id=pk,
                 workspace__slug=slug,
                 project_id=project_id,
@@ -969,7 +973,7 @@ class CycleViewSet(BaseViewSet):
 
         # Label Distribution
         label_distribution = (
-            Issue.objects.filter(
+            Issue.issue_objects.filter(
                 issue_cycle__cycle_id=pk,
                 workspace__slug=slug,
                 project_id=project_id,
@@ -1025,20 +1029,42 @@ class CycleViewSet(BaseViewSet):
                 cycle_id=pk,
             )
 
+        recent_visited_task.delay(
+            slug=slug,
+            entity_name="cycle",
+            entity_identifier=pk,
+            user_id=request.user.id,
+            project_id=project_id,
+        )
         return Response(
             data,
             status=status.HTTP_200_OK,
         )
 
+    @allow_permission([ROLE.ADMIN], creator=True, model=Cycle)
     def destroy(self, request, slug, project_id, pk):
+        cycle = Cycle.objects.get(
+            workspace__slug=slug, project_id=project_id, pk=pk
+        )
+        if cycle.owned_by_id != request.user.id and not (
+            ProjectMember.objects.filter(
+                workspace__slug=slug,
+                member=request.user,
+                role=20,
+                project_id=project_id,
+                is_active=True,
+            ).exists()
+        ):
+            return Response(
+                {"error": "Only admin or owner can delete the cycle"},
+                status=status.HTTP_403_FORBIDDEN,
+            )
+
         cycle_issues = list(
             CycleIssue.objects.filter(
                 cycle_id=self.kwargs.get("pk")
             ).values_list("issue", flat=True)
         )
-        cycle = Cycle.objects.get(
-            workspace__slug=slug, project_id=project_id, pk=pk
-        )
 
         issue_activity.delay(
             type="cycle.activity.deleted",
@@ -1059,14 +1085,23 @@ class CycleViewSet(BaseViewSet):
         )
         # Delete the cycle
         cycle.delete()
+        # Delete the cycle issues
+        CycleIssue.objects.filter(
+            cycle_id=self.kwargs.get("pk"),
+        ).delete()
+        # Delete the user favorite cycle
+        UserFavorite.objects.filter(
+            user=request.user,
+            entity_type="cycle",
+            entity_identifier=pk,
+            project_id=project_id,
+        ).delete()
         return Response(status=status.HTTP_204_NO_CONTENT)
 
 
 class CycleDateCheckEndpoint(BaseAPIView):
-    permission_classes = [
-        ProjectEntityPermission,
-    ]
 
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
     def post(self, request, slug, project_id):
         start_date = request.data.get("start_date", False)
         end_date = request.data.get("end_date", False)
@@ -1110,6 +1145,7 @@ class CycleFavoriteViewSet(BaseViewSet):
             .select_related("cycle", "cycle__owned_by")
         )
 
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
     def create(self, request, slug, project_id):
         _ = UserFavorite.objects.create(
             project_id=project_id,
@@ -1119,6 +1155,7 @@ class CycleFavoriteViewSet(BaseViewSet):
         )
         return Response(status=status.HTTP_204_NO_CONTENT)
 
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
     def destroy(self, request, slug, project_id, cycle_id):
         cycle_favorite = UserFavorite.objects.get(
             project=project_id,
@@ -1127,15 +1164,13 @@ class CycleFavoriteViewSet(BaseViewSet):
             workspace__slug=slug,
             entity_identifier=cycle_id,
         )
-        cycle_favorite.delete()
+        cycle_favorite.delete(soft=False)
         return Response(status=status.HTTP_204_NO_CONTENT)
 
 
 class TransferCycleIssueEndpoint(BaseAPIView):
-    permission_classes = [
-        ProjectEntityPermission,
-    ]
 
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
     def post(self, request, slug, project_id, cycle_id):
         new_cycle_id = request.data.get("new_cycle_id", False)
 
@@ -1545,10 +1580,8 @@ class TransferCycleIssueEndpoint(BaseAPIView):
 
 
 class CycleUserPropertiesEndpoint(BaseAPIView):
-    permission_classes = [
-        ProjectLitePermission,
-    ]
 
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER, ROLE.VIEWER, ROLE.GUEST])
     def patch(self, request, slug, project_id, cycle_id):
         cycle_properties = CycleUserProperties.objects.get(
             user=request.user,
@@ -1571,6 +1604,7 @@ class CycleUserPropertiesEndpoint(BaseAPIView):
         serializer = CycleUserPropertiesSerializer(cycle_properties)
         return Response(serializer.data, status=status.HTTP_201_CREATED)
 
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER, ROLE.VIEWER, ROLE.GUEST])
     def get(self, request, slug, project_id, cycle_id):
         cycle_properties, _ = CycleUserProperties.objects.get_or_create(
             user=request.user,

apiserver/plane/app/views/cycle/issue.py

@@ -3,12 +3,7 @@ import json
 
 # Django imports
 from django.core import serializers
-from django.db.models import (
-    F,
-    Func,
-    OuterRef,
-    Q,
-)
+from django.db.models import F, Func, OuterRef, Q
 from django.utils import timezone
 from django.utils.decorators import method_decorator
 from django.views.decorators.gzip import gzip_page
@@ -17,15 +12,12 @@ from django.views.decorators.gzip import gzip_page
 from rest_framework import status
 from rest_framework.response import Response
 
-from plane.app.permissions import (
-    ProjectEntityPermission,
-)
 # Module imports
 from .. import BaseViewSet
 from plane.app.serializers import (
     CycleIssueSerializer,
 )
-from plane.bgtasks.issue_activites_task import issue_activity
+from plane.bgtasks.issue_activities_task import issue_activity
 from plane.db.models import (
     Cycle,
     CycleIssue,
@@ -44,8 +36,8 @@ from plane.utils.paginator import (
     GroupedOffsetPaginator,
     SubGroupedOffsetPaginator,
 )
+from plane.app.permissions import allow_permission, ROLE
 
-# Module imports
 
 class CycleIssueViewSet(BaseViewSet):
     serializer_class = CycleIssueSerializer
@@ -54,10 +46,6 @@ class CycleIssueViewSet(BaseViewSet):
     webhook_event = "cycle_issue"
     bulk = True
 
-    permission_classes = [
-        ProjectEntityPermission,
-    ]
-
     filterset_fields = [
         "issue__labels__id",
         "issue__assignees__id",
@@ -92,6 +80,7 @@ class CycleIssueViewSet(BaseViewSet):
         )
 
     @method_decorator(gzip_page)
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER, ROLE.VIEWER])
     def list(self, request, slug, project_id, cycle_id):
         order_by_param = request.GET.get("order_by", "created_at")
         filters = issue_filters(request.query_params, "GET")
@@ -238,6 +227,7 @@ class CycleIssueViewSet(BaseViewSet):
                 ),
             )
 
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
     def create(self, request, slug, project_id, cycle_id):
         issues = request.data.get("issues", [])
 
@@ -333,8 +323,9 @@ class CycleIssueViewSet(BaseViewSet):
         )
         return Response({"message": "success"}, status=status.HTTP_201_CREATED)
 
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
     def destroy(self, request, slug, project_id, cycle_id, issue_id):
-        cycle_issue = CycleIssue.objects.get(
+        cycle_issue = CycleIssue.objects.filter(
             issue_id=issue_id,
             workspace__slug=slug,
             project_id=project_id,

apiserver/plane/app/views/dashboard/base.py

@@ -43,6 +43,7 @@ from plane.db.models import (
     ProjectMember,
     User,
     Widget,
+    WorkspaceMember,
 )
 from plane.utils.issue_filters import issue_filters
 
@@ -51,36 +52,61 @@ from .. import BaseAPIView
 
 
 def dashboard_overview_stats(self, request, slug):
-    assigned_issues = Issue.issue_objects.filter(
-        project__project_projectmember__is_active=True,
-        project__project_projectmember__member=request.user,
+    extra_filters = {}
+    if WorkspaceMember.objects.filter(
         workspace__slug=slug,
-        assignees__in=[request.user],
-    ).count()
+        member=request.user,
+        role=5,
+        is_active=True,
+    ).exists():
+        extra_filters = {"created_by": request.user}
 
-    pending_issues_count = Issue.issue_objects.filter(
-        ~Q(state__group__in=["completed", "cancelled"]),
-        target_date__lt=timezone.now().date(),
-        project__project_projectmember__is_active=True,
-        project__project_projectmember__member=request.user,
-        workspace__slug=slug,
-        assignees__in=[request.user],
-    ).count()
+    assigned_issues = (
+        Issue.issue_objects.filter(
+            project__project_projectmember__is_active=True,
+            project__project_projectmember__member=request.user,
+            workspace__slug=slug,
+            assignees__in=[request.user],
+        )
+        .filter(**extra_filters)
+        .count()
+    )
 
-    created_issues_count = Issue.issue_objects.filter(
-        workspace__slug=slug,
-        project__project_projectmember__is_active=True,
-        project__project_projectmember__member=request.user,
-        created_by_id=request.user.id,
-    ).count()
+    pending_issues_count = (
+        Issue.issue_objects.filter(
+            ~Q(state__group__in=["completed", "cancelled"]),
+            target_date__lt=timezone.now().date(),
+            project__project_projectmember__is_active=True,
+            project__project_projectmember__member=request.user,
+            workspace__slug=slug,
+            assignees__in=[request.user],
+        )
+        .filter(**extra_filters)
+        .count()
+    )
 
-    completed_issues_count = Issue.issue_objects.filter(
-        workspace__slug=slug,
-        project__project_projectmember__is_active=True,
-        project__project_projectmember__member=request.user,
-        assignees__in=[request.user],
-        state__group="completed",
-    ).count()
+    created_issues_count = (
+        Issue.issue_objects.filter(
+            workspace__slug=slug,
+            project__project_projectmember__is_active=True,
+            project__project_projectmember__member=request.user,
+            created_by_id=request.user.id,
+        )
+        .filter(**extra_filters)
+        .count()
+    )
+
+    completed_issues_count = (
+        Issue.issue_objects.filter(
+            workspace__slug=slug,
+            project__project_projectmember__is_active=True,
+            project__project_projectmember__member=request.user,
+            assignees__in=[request.user],
+            state__group="completed",
+        )
+        .filter(**extra_filters)
+        .count()
+    )
 
     return Response(
         {
@@ -166,6 +192,14 @@ def dashboard_assigned_issues(self, request, slug):
         )
     )
 
+    if WorkspaceMember.objects.filter(
+        workspace__slug=slug,
+        member=request.user,
+        role=5,
+        is_active=True,
+    ).exists():
+        assigned_issues = assigned_issues.filter(created_by=request.user)
+
     # Priority Ordering
     priority_order = ["urgent", "high", "medium", "low", "none"]
     assigned_issues = assigned_issues.annotate(
@@ -409,6 +443,16 @@ def dashboard_created_issues(self, request, slug):
 def dashboard_issues_by_state_groups(self, request, slug):
     filters = issue_filters(request.query_params, "GET")
     state_order = ["backlog", "unstarted", "started", "completed", "cancelled"]
+    extra_filters = {}
+
+    if WorkspaceMember.objects.filter(
+        workspace__slug=slug,
+        member=request.user,
+        role=5,
+        is_active=True,
+    ).exists():
+        extra_filters = {"created_by": request.user}
+
     issues_by_state_groups = (
         Issue.issue_objects.filter(
             workspace__slug=slug,
@@ -416,7 +460,7 @@ def dashboard_issues_by_state_groups(self, request, slug):
             project__project_projectmember__member=request.user,
             assignees__in=[request.user],
         )
-        .filter(**filters)
+        .filter(**filters, **extra_filters)
         .values("state__group")
         .annotate(count=Count("id"))
     )
@@ -439,6 +483,15 @@ def dashboard_issues_by_state_groups(self, request, slug):
 def dashboard_issues_by_priority(self, request, slug):
     filters = issue_filters(request.query_params, "GET")
     priority_order = ["urgent", "high", "medium", "low", "none"]
+    extra_filters = {}
+
+    if WorkspaceMember.objects.filter(
+        workspace__slug=slug,
+        member=request.user,
+        role=5,
+        is_active=True,
+    ).exists():
+        extra_filters = {"created_by": request.user}
 
     issues_by_priority = (
         Issue.issue_objects.filter(
@@ -447,7 +500,7 @@ def dashboard_issues_by_priority(self, request, slug):
             project__project_projectmember__member=request.user,
             assignees__in=[request.user],
         )
-        .filter(**filters)
+        .filter(**filters, **extra_filters)
         .values("priority")
         .annotate(count=Count("id"))
     )

apiserver/plane/app/views/estimate/base.py

@@ -7,7 +7,11 @@ from rest_framework import status
 
 # Module imports
 from ..base import BaseViewSet, BaseAPIView
-from plane.app.permissions import ProjectEntityPermission
+from plane.app.permissions import (
+    ProjectEntityPermission,
+    allow_permission,
+    ROLE,
+)
 from plane.db.models import Project, Estimate, EstimatePoint, Issue
 from plane.app.serializers import (
     EstimateSerializer,
@@ -23,10 +27,8 @@ def generate_random_name(length=10):
 
 
 class ProjectEstimatePointEndpoint(BaseAPIView):
-    permission_classes = [
-        ProjectEntityPermission,
-    ]
 
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER, ROLE.VIEWER])
     def get(self, request, slug, project_id):
         project = Project.objects.get(workspace__slug=slug, pk=project_id)
         if project.estimate_id is not None:
@@ -189,10 +191,8 @@ class BulkEstimatePointEndpoint(BaseViewSet):
 
 
 class EstimatePointEndpoint(BaseViewSet):
-    permission_classes = [
-        ProjectEntityPermission,
-    ]
 
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
     def create(self, request, slug, project_id, estimate_id):
         #  TODO: add a key validation if the same key already exists
         if not request.data.get("key") or not request.data.get("value"):
@@ -211,6 +211,7 @@ class EstimatePointEndpoint(BaseViewSet):
         serializer = EstimatePointSerializer(estimate_point).data
         return Response(serializer, status=status.HTTP_200_OK)
 
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
     def partial_update(
         self, request, slug, project_id, estimate_id, estimate_point_id
     ):
@@ -231,6 +232,7 @@ class EstimatePointEndpoint(BaseViewSet):
         serializer.save()
         return Response(serializer.data, status=status.HTTP_200_OK)
 
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
     def destroy(
         self, request, slug, project_id, estimate_id, estimate_point_id
     ):

apiserver/plane/app/views/exporter/base.py

@@ -2,7 +2,7 @@
 from rest_framework import status
 from rest_framework.response import Response
 
-from plane.app.permissions import WorkSpaceAdminPermission
+from plane.app.permissions import allow_permission, ROLE
 from plane.app.serializers import ExporterHistorySerializer
 from plane.bgtasks.export_task import issue_export_task
 from plane.db.models import ExporterHistory, Project, Workspace
@@ -12,12 +12,10 @@ from .. import BaseAPIView
 
 
 class ExportIssuesEndpoint(BaseAPIView):
-    permission_classes = [
-        WorkSpaceAdminPermission,
-    ]
     model = ExporterHistory
     serializer_class = ExporterHistorySerializer
 
+    @allow_permission(allowed_roles=[ROLE.ADMIN, ROLE.MEMBER], level="WORKSPACE")
     def post(self, request, slug):
         # Get the workspace
         workspace = Workspace.objects.get(slug=slug)
@@ -41,6 +39,7 @@ class ExportIssuesEndpoint(BaseAPIView):
                 project=project_ids,
                 initiated_by=request.user,
                 provider=provider,
+                type="issue_exports",
             )
 
             issue_export_task.delay(
@@ -63,9 +62,13 @@ class ExportIssuesEndpoint(BaseAPIView):
                 status=status.HTTP_400_BAD_REQUEST,
             )
 
+    @allow_permission(
+        allowed_roles=[ROLE.ADMIN, ROLE.MEMBER], level="WORKSPACE"
+    )
     def get(self, request, slug):
         exporter_history = ExporterHistory.objects.filter(
-            workspace__slug=slug
+            workspace__slug=slug,
+            type="issue_exports",
         ).select_related("workspace", "initiated_by")
 
         if request.GET.get("per_page", False) and request.GET.get(

apiserver/plane/app/views/external/base.py

@@ -11,7 +11,7 @@ from rest_framework import status
 
 # Module imports
 from ..base import BaseAPIView
-from plane.app.permissions import ProjectEntityPermission, WorkspaceEntityPermission
+from plane.app.permissions import allow_permission, ROLE
 from plane.db.models import Workspace, Project
 from plane.app.serializers import (
     ProjectLiteSerializer,
@@ -21,10 +21,8 @@ from plane.license.utils.instance_value import get_configuration_value
 
 
 class GPTIntegrationEndpoint(BaseAPIView):
-    permission_classes = [
-        ProjectEntityPermission,
-    ]
 
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
     def post(self, request, slug, project_id):
         OPENAI_API_KEY, GPT_ENGINE = get_configuration_value(
             [
@@ -84,10 +82,10 @@ class GPTIntegrationEndpoint(BaseAPIView):
 
 
 class WorkspaceGPTIntegrationEndpoint(BaseAPIView):
-    permission_classes = [
-        WorkspaceEntityPermission,
-    ]
 
+    @allow_permission(
+        allowed_roles=[ROLE.ADMIN, ROLE.MEMBER], level="WORKSPACE"
+    )
     def post(self, request, slug):
         OPENAI_API_KEY, GPT_ENGINE = get_configuration_value(
             [

apiserver/plane/app/views/inbox/base.py

@@ -16,7 +16,9 @@ from rest_framework.response import Response
 
 # Module imports
 from ..base import BaseViewSet
-from plane.app.permissions import ProjectBasePermission, ProjectLitePermission
+from plane.app.permissions import (
+    allow_permission, ROLE
+)
 from plane.db.models import (
     Inbox,
     InboxIssue,
@@ -35,13 +37,10 @@ from plane.app.serializers import (
     InboxIssueDetailSerializer,
 )
 from plane.utils.issue_filters import issue_filters
-from plane.bgtasks.issue_activites_task import issue_activity
+from plane.bgtasks.issue_activities_task import issue_activity
 
 
 class InboxViewSet(BaseViewSet):
-    permission_classes = [
-        ProjectBasePermission,
-    ]
 
     serializer_class = InboxSerializer
     model = Inbox
@@ -63,6 +62,7 @@ class InboxViewSet(BaseViewSet):
             .select_related("workspace", "project")
         )
 
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
     def list(self, request, slug, project_id):
         inbox = self.get_queryset().first()
         return Response(
@@ -70,9 +70,11 @@ class InboxViewSet(BaseViewSet):
             status=status.HTTP_200_OK,
         )
 
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
     def perform_create(self, serializer):
         serializer.save(project_id=self.kwargs.get("project_id"))
 
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
     def destroy(self, request, slug, project_id, pk):
         inbox = Inbox.objects.filter(
             workspace__slug=slug, project_id=project_id, pk=pk
@@ -88,9 +90,6 @@ class InboxViewSet(BaseViewSet):
 
 
 class InboxIssueViewSet(BaseViewSet):
-    permission_classes = [
-        ProjectLitePermission,
-    ]
 
     serializer_class = InboxIssueSerializer
     model = InboxIssue
@@ -160,13 +159,15 @@ class InboxIssueViewSet(BaseViewSet):
                     ArrayAgg(
                         "issue_module__module_id",
                         distinct=True,
-                        filter=~Q(issue_module__module_id__isnull=True),
+                        filter=~Q(issue_module__module_id__isnull=True)
+                        & Q(issue_module__module__archived_at__isnull=True),
                     ),
                     Value([], output_field=ArrayField(UUIDField())),
                 ),
             )
         ).distinct()
 
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER, ROLE.VIEWER, ROLE.GUEST])
     def list(self, request, slug, project_id):
         inbox_id = Inbox.objects.filter(
             workspace__slug=slug, project_id=project_id
@@ -200,6 +201,14 @@ class InboxIssueViewSet(BaseViewSet):
         if inbox_status:
             inbox_issue = inbox_issue.filter(status__in=inbox_status)
 
+        if ProjectMember.objects.filter(
+            workspace__slug=slug,
+            project_id=project_id,
+            member=request.user,
+            role=5,
+            is_active=True,
+        ).exists():
+            inbox_issue = inbox_issue.filter(created_by=request.user)
         return self.paginate(
             request=request,
             queryset=(inbox_issue),
@@ -209,6 +218,7 @@ class InboxIssueViewSet(BaseViewSet):
             ).data,
         )
 
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER, ROLE.GUEST])
     def create(self, request, slug, project_id):
         if not request.data.get("issue", {}).get("name", False):
             return Response(
@@ -311,12 +321,13 @@ class InboxIssueViewSet(BaseViewSet):
                 serializer.errors, status=status.HTTP_400_BAD_REQUEST
             )
 
-    def partial_update(self, request, slug, project_id, issue_id):
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER, ROLE.GUEST])
+    def partial_update(self, request, slug, project_id, pk):
         inbox_id = Inbox.objects.filter(
             workspace__slug=slug, project_id=project_id
         ).first()
         inbox_issue = InboxIssue.objects.get(
-            issue_id=issue_id,
+            issue_id=pk,
             workspace__slug=slug,
             project_id=project_id,
             inbox_id=inbox_id,
@@ -457,7 +468,7 @@ class InboxIssueViewSet(BaseViewSet):
                         request.data, cls=DjangoJSONEncoder
                     ),
                     actor_id=str(request.user.id),
-                    issue_id=str(issue_id),
+                    issue_id=str(pk),
                     project_id=str(project_id),
                     current_instance=current_instance,
                     epoch=int(timezone.now().timestamp()),
@@ -492,7 +503,7 @@ class InboxIssueViewSet(BaseViewSet):
                     )
                     .get(
                         inbox_id=inbox_id.id,
-                        issue_id=issue_id,
+                        issue_id=pk,
                         project_id=project_id,
                     )
                 )
@@ -505,7 +516,12 @@ class InboxIssueViewSet(BaseViewSet):
             serializer = InboxIssueDetailSerializer(inbox_issue).data
             return Response(serializer, status=status.HTTP_200_OK)
 
-    def retrieve(self, request, slug, project_id, issue_id):
+    @allow_permission(
+        allowed_roles=[ROLE.ADMIN, ROLE.MEMBER, ROLE.VIEWER],
+        creator=True,
+        model=Issue,
+    )
+    def retrieve(self, request, slug, project_id, pk):
         inbox_id = Inbox.objects.filter(
             workspace__slug=slug, project_id=project_id
         ).first()
@@ -533,9 +549,7 @@ class InboxIssueViewSet(BaseViewSet):
                     Value([], output_field=ArrayField(UUIDField())),
                 ),
             )
-            .get(
-                inbox_id=inbox_id.id, issue_id=issue_id, project_id=project_id
-            )
+            .get(inbox_id=inbox_id.id, issue_id=pk, project_id=project_id)
         )
         issue = InboxIssueDetailSerializer(inbox_issue).data
         return Response(
@@ -543,38 +557,25 @@ class InboxIssueViewSet(BaseViewSet):
             status=status.HTTP_200_OK,
         )
 
-    def destroy(self, request, slug, project_id, issue_id):
+    @allow_permission(allowed_roles=[ROLE.ADMIN], creator=True, model=Issue)
+    def destroy(self, request, slug, project_id, pk):
         inbox_id = Inbox.objects.filter(
             workspace__slug=slug, project_id=project_id
         ).first()
         inbox_issue = InboxIssue.objects.get(
-            issue_id=issue_id,
+            issue_id=pk,
             workspace__slug=slug,
             project_id=project_id,
             inbox_id=inbox_id,
         )
-        # Get the project member
-        project_member = ProjectMember.objects.get(
-            workspace__slug=slug,
-            project_id=project_id,
-            member=request.user,
-            is_active=True,
-        )
-
-        if project_member.role <= 10 and str(inbox_issue.created_by_id) != str(
-            request.user.id
-        ):
-            return Response(
-                {"error": "You cannot delete inbox issue"},
-                status=status.HTTP_400_BAD_REQUEST,
-            )
 
         # Check the issue status
         if inbox_issue.status in [-2, -1, 0, 2]:
             # Delete the issue also
-            Issue.objects.filter(
-                workspace__slug=slug, project_id=project_id, pk=issue_id
-            ).delete()
+            issue = Issue.objects.filter(
+                workspace__slug=slug, project_id=project_id, pk=pk
+            ).first()
+            issue.delete()
 
         inbox_issue.delete()
         return Response(status=status.HTTP_204_NO_CONTENT)

apiserver/plane/app/views/issue/activity.py

@@ -19,7 +19,7 @@ from plane.app.serializers import (
     IssueActivitySerializer,
     IssueCommentSerializer,
 )
-from plane.app.permissions import ProjectEntityPermission
+from plane.app.permissions import ProjectEntityPermission, allow_permission, ROLE
 from plane.db.models import (
     IssueActivity,
     IssueComment,
@@ -33,6 +33,7 @@ class IssueActivityEndpoint(BaseAPIView):
     ]
 
     @method_decorator(gzip_page)
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER, ROLE.GUEST, ROLE.VIEWER])
     def get(self, request, slug, project_id, issue_id):
         filters = {}
         if request.GET.get("created_at__gt", None) is not None:

apiserver/plane/app/views/issue/archive.py

@@ -25,9 +25,9 @@ from plane.app.permissions import (
 from plane.app.serializers import (
     IssueFlatSerializer,
     IssueSerializer,
-    IssueDetailSerializer
+    IssueDetailSerializer,
 )
-from plane.bgtasks.issue_activites_task import issue_activity
+from plane.bgtasks.issue_activities_task import issue_activity
 from plane.db.models import (
     Issue,
     IssueAttachment,
@@ -46,15 +46,14 @@ from plane.utils.paginator import (
     GroupedOffsetPaginator,
     SubGroupedOffsetPaginator,
 )
+from plane.app.permissions import allow_permission, ROLE
+from plane.utils.error_codes import ERROR_CODES
 
 # Module imports
 from .. import BaseViewSet, BaseAPIView
 
 
 class IssueArchiveViewSet(BaseViewSet):
-    permission_classes = [
-        ProjectEntityPermission,
-    ]
     serializer_class = IssueFlatSerializer
     model = Issue
 
@@ -66,6 +65,7 @@ class IssueArchiveViewSet(BaseViewSet):
                 .annotate(count=Func(F("id"), function="Count"))
                 .values("count")
             )
+            .filter(deleted_at__isnull=True)
             .filter(archived_at__isnull=False)
             .filter(project_id=self.kwargs.get("project_id"))
             .filter(workspace__slug=self.kwargs.get("slug"))
@@ -97,6 +97,7 @@ class IssueArchiveViewSet(BaseViewSet):
         )
 
     @method_decorator(gzip_page)
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER, ROLE.VIEWER])
     def list(self, request, slug, project_id):
         filters = issue_filters(request.query_params, "GET")
         show_sub_issues = request.GET.get("show_sub_issues", "true")
@@ -212,6 +213,7 @@ class IssueArchiveViewSet(BaseViewSet):
                 ),
             )
 
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER, ROLE.VIEWER])
     def retrieve(self, request, slug, project_id, pk=None):
         issue = (
             self.get_queryset()
@@ -255,6 +257,7 @@ class IssueArchiveViewSet(BaseViewSet):
         serializer = IssueDetailSerializer(issue, expand=self.expand)
         return Response(serializer.data, status=status.HTTP_200_OK)
 
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
     def archive(self, request, slug, project_id, pk=None):
         issue = Issue.issue_objects.get(
             workspace__slug=slug,
@@ -293,6 +296,7 @@ class IssueArchiveViewSet(BaseViewSet):
             {"archived_at": str(issue.archived_at)}, status=status.HTTP_200_OK
         )
 
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
     def unarchive(self, request, slug, project_id, pk=None):
         issue = Issue.objects.get(
             workspace__slug=slug,
@@ -324,6 +328,7 @@ class BulkArchiveIssuesEndpoint(BaseAPIView):
         ProjectEntityPermission,
     ]
 
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
     def post(self, request, slug, project_id):
         issue_ids = request.data.get("issue_ids", [])
 
@@ -341,8 +346,10 @@ class BulkArchiveIssuesEndpoint(BaseAPIView):
             if issue.state.group not in ["completed", "cancelled"]:
                 return Response(
                     {
-                        "error_code": 4091,
-                        "error_message": "INVALID_ARCHIVE_STATE_GROUP"
+                        "error_code": ERROR_CODES[
+                            "INVALID_ARCHIVE_STATE_GROUP"
+                        ],
+                        "error_message": "INVALID_ARCHIVE_STATE_GROUP",
                     },
                     status=status.HTTP_400_BAD_REQUEST,
                 )

apiserver/plane/app/views/issue/attachment.py

@@ -13,19 +13,17 @@ from rest_framework.parsers import MultiPartParser, FormParser
 # Module imports
 from .. import BaseAPIView
 from plane.app.serializers import IssueAttachmentSerializer
-from plane.app.permissions import ProjectEntityPermission
 from plane.db.models import IssueAttachment
-from plane.bgtasks.issue_activites_task import issue_activity
+from plane.bgtasks.issue_activities_task import issue_activity
+from plane.app.permissions import allow_permission, ROLE
 
 
 class IssueAttachmentEndpoint(BaseAPIView):
     serializer_class = IssueAttachmentSerializer
-    permission_classes = [
-        ProjectEntityPermission,
-    ]
     model = IssueAttachment
     parser_classes = (MultiPartParser, FormParser)
 
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER, ROLE.GUEST])
     def post(self, request, slug, project_id, issue_id):
         serializer = IssueAttachmentSerializer(data=request.data)
         if serializer.is_valid():
@@ -47,6 +45,7 @@ class IssueAttachmentEndpoint(BaseAPIView):
             return Response(serializer.data, status=status.HTTP_201_CREATED)
         return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
 
+    @allow_permission([ROLE.ADMIN], creator=True, model=IssueAttachment)
     def delete(self, request, slug, project_id, issue_id, pk):
         issue_attachment = IssueAttachment.objects.get(pk=pk)
         issue_attachment.asset.delete(save=False)
@@ -65,6 +64,7 @@ class IssueAttachmentEndpoint(BaseAPIView):
 
         return Response(status=status.HTTP_204_NO_CONTENT)
 
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER, ROLE.GUEST, ROLE.VIEWER])
     def get(self, request, slug, project_id, issue_id):
         issue_attachments = IssueAttachment.objects.filter(
             issue_id=issue_id, workspace__slug=slug, project_id=project_id

apiserver/plane/app/views/issue/base.py

@@ -25,25 +25,23 @@ from rest_framework import status
 from rest_framework.response import Response
 
 # Module imports
-from plane.app.permissions import (
-    ProjectEntityPermission,
-    ProjectLitePermission,
-)
+from plane.app.permissions import allow_permission, ROLE
 from plane.app.serializers import (
     IssueCreateSerializer,
     IssueDetailSerializer,
-    IssuePropertySerializer,
+    IssueUserPropertySerializer,
     IssueSerializer,
 )
-from plane.bgtasks.issue_activites_task import issue_activity
+from plane.bgtasks.issue_activities_task import issue_activity
 from plane.db.models import (
     Issue,
     IssueAttachment,
     IssueLink,
-    IssueProperty,
+    IssueUserProperty,
     IssueReaction,
     IssueSubscriber,
     Project,
+    ProjectMember,
 )
 from plane.utils.grouper import (
     issue_group_values,
@@ -58,16 +56,12 @@ from plane.utils.paginator import (
 )
 from .. import BaseAPIView, BaseViewSet
 from plane.utils.user_timezone_converter import user_timezone_converter
-
-# Module imports
+from plane.bgtasks.recent_visited_task import recent_visited_task
 
 
 class IssueListEndpoint(BaseAPIView):
 
-    permission_classes = [
-        ProjectEntityPermission,
-    ]
-
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER, ROLE.VIEWER, ROLE.GUEST])
     def get(self, request, slug, project_id):
         issue_ids = request.GET.get("issues", False)
 
@@ -134,6 +128,14 @@ class IssueListEndpoint(BaseAPIView):
             sub_group_by=sub_group_by,
         )
 
+        recent_visited_task.delay(
+            slug=slug,
+            project_id=project_id,
+            entity_name="project",
+            entity_identifier=project_id,
+            user_id=request.user.id,
+        )
+
         if self.fields or self.expand:
             issues = IssueSerializer(
                 queryset, many=True, fields=self.fields, expand=self.expand
@@ -165,6 +167,7 @@ class IssueListEndpoint(BaseAPIView):
                 "link_count",
                 "is_draft",
                 "archived_at",
+                "deleted_at",
             )
             datetime_fields = ["created_at", "updated_at"]
             issues = user_timezone_converter(
@@ -183,9 +186,6 @@ class IssueViewSet(BaseViewSet):
 
     model = Issue
     webhook_event = "issue"
-    permission_classes = [
-        ProjectEntityPermission,
-    ]
 
     search_fields = [
         "name",
@@ -231,6 +231,7 @@ class IssueViewSet(BaseViewSet):
         ).distinct()
 
     @method_decorator(gzip_page)
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER, ROLE.VIEWER, ROLE.GUEST])
     def list(self, request, slug, project_id):
         filters = issue_filters(request.query_params, "GET")
         order_by_param = request.GET.get("order_by", "-created_at")
@@ -255,6 +256,22 @@ class IssueViewSet(BaseViewSet):
             sub_group_by=sub_group_by,
         )
 
+        recent_visited_task.delay(
+            slug=slug,
+            project_id=project_id,
+            entity_name="project",
+            entity_identifier=project_id,
+            user_id=request.user.id,
+        )
+        if ProjectMember.objects.filter(
+            workspace__slug=slug,
+            project_id=project_id,
+            member=request.user,
+            role=5,
+            is_active=True,
+        ).exists():
+            issue_queryset = issue_queryset.filter(created_by=request.user)
+
         if group_by:
             if sub_group_by:
                 if group_by == sub_group_by:
@@ -336,6 +353,7 @@ class IssueViewSet(BaseViewSet):
                 ),
             )
 
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
     def create(self, request, slug, project_id):
         project = Project.objects.get(pk=project_id)
 
@@ -399,6 +417,7 @@ class IssueViewSet(BaseViewSet):
                     "link_count",
                     "is_draft",
                     "archived_at",
+                    "deleted_at",
                 )
                 .first()
             )
@@ -409,6 +428,9 @@ class IssueViewSet(BaseViewSet):
             return Response(issue, status=status.HTTP_201_CREATED)
         return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
 
+    @allow_permission(
+        [ROLE.ADMIN, ROLE.MEMBER, ROLE.VIEWER], creator=True, model=Issue
+    )
     def retrieve(self, request, slug, project_id, pk=None):
         issue = (
             self.get_queryset()
@@ -435,7 +457,8 @@ class IssueViewSet(BaseViewSet):
                     ArrayAgg(
                         "issue_module__module_id",
                         distinct=True,
-                        filter=~Q(issue_module__module_id__isnull=True),
+                        filter=~Q(issue_module__module_id__isnull=True)
+                        & Q(issue_module__module__archived_at__isnull=True),
                     ),
                     Value([], output_field=ArrayField(UUIDField())),
                 ),
@@ -477,11 +500,51 @@ class IssueViewSet(BaseViewSet):
                 status=status.HTTP_404_NOT_FOUND,
             )
 
+        recent_visited_task.delay(
+            slug=slug,
+            entity_name="issue",
+            entity_identifier=pk,
+            user_id=request.user.id,
+            project_id=project_id,
+        )
+
         serializer = IssueDetailSerializer(issue, expand=self.expand)
         return Response(serializer.data, status=status.HTTP_200_OK)
 
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER, ROLE.GUEST])
     def partial_update(self, request, slug, project_id, pk=None):
-        issue = self.get_queryset().filter(pk=pk).first()
+        issue = (
+            self.get_queryset()
+            .annotate(
+                label_ids=Coalesce(
+                    ArrayAgg(
+                        "labels__id",
+                        distinct=True,
+                        filter=~Q(labels__id__isnull=True),
+                    ),
+                    Value([], output_field=ArrayField(UUIDField())),
+                ),
+                assignee_ids=Coalesce(
+                    ArrayAgg(
+                        "assignees__id",
+                        distinct=True,
+                        filter=~Q(assignees__id__isnull=True)
+                        & Q(assignees__member_project__is_active=True),
+                    ),
+                    Value([], output_field=ArrayField(UUIDField())),
+                ),
+                module_ids=Coalesce(
+                    ArrayAgg(
+                        "issue_module__module_id",
+                        distinct=True,
+                        filter=~Q(issue_module__module_id__isnull=True),
+                    ),
+                    Value([], output_field=ArrayField(UUIDField())),
+                ),
+            )
+            .filter(pk=pk)
+            .first()
+        )
 
         if not issue:
             return Response(
@@ -514,10 +577,12 @@ class IssueViewSet(BaseViewSet):
             return Response(status=status.HTTP_204_NO_CONTENT)
         return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
 
+    @allow_permission([ROLE.ADMIN], creator=True, model=Issue)
     def destroy(self, request, slug, project_id, pk=None):
         issue = Issue.objects.get(
             workspace__slug=slug, project_id=project_id, pk=pk
         )
+
         issue.delete()
         issue_activity.delay(
             type="issue.activity.deleted",
@@ -534,12 +599,10 @@ class IssueViewSet(BaseViewSet):
 
 
 class IssueUserDisplayPropertyEndpoint(BaseAPIView):
-    permission_classes = [
-        ProjectLitePermission,
-    ]
 
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER, ROLE.GUEST, ROLE.VIEWER])
     def patch(self, request, slug, project_id):
-        issue_property = IssueProperty.objects.get(
+        issue_property = IssueUserProperty.objects.get(
             user=request.user,
             project_id=project_id,
         )
@@ -554,23 +617,23 @@ class IssueUserDisplayPropertyEndpoint(BaseAPIView):
             "display_properties", issue_property.display_properties
         )
         issue_property.save()
-        serializer = IssuePropertySerializer(issue_property)
+        serializer = IssueUserPropertySerializer(issue_property)
         return Response(serializer.data, status=status.HTTP_201_CREATED)
 
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER, ROLE.GUEST, ROLE.VIEWER])
     def get(self, request, slug, project_id):
-        issue_property, _ = IssueProperty.objects.get_or_create(
+        issue_property, _ = IssueUserProperty.objects.get_or_create(
             user=request.user, project_id=project_id
         )
-        serializer = IssuePropertySerializer(issue_property)
+        serializer = IssueUserPropertySerializer(issue_property)
         return Response(serializer.data, status=status.HTTP_200_OK)
 
 
 class BulkDeleteIssuesEndpoint(BaseAPIView):
-    permission_classes = [
-        ProjectEntityPermission,
-    ]
 
+    @allow_permission([ROLE.ADMIN])
     def delete(self, request, slug, project_id):
+
         issue_ids = request.data.get("issue_ids", [])
 
         if not len(issue_ids):

apiserver/plane/app/views/issue/bulk_operations.py

@@ -1,288 +0,0 @@
-# Python imports
-import json
-from datetime import datetime
-
-# Django imports
-from django.utils import timezone
-
-# Third Party imports
-from rest_framework.response import Response
-from rest_framework import status
-
-# Module imports
-from .. import BaseAPIView
-from plane.app.permissions import (
-    ProjectEntityPermission,
-)
-from plane.db.models import (
-    Project,
-    Issue,
-    IssueLabel,
-    IssueAssignee,
-)
-from plane.bgtasks.issue_activites_task import issue_activity
-
-
-class BulkIssueOperationsEndpoint(BaseAPIView):
-    permission_classes = [
-        ProjectEntityPermission,
-    ]
-
-    def post(self, request, slug, project_id):
-        issue_ids = request.data.get("issue_ids", [])
-        if not len(issue_ids):
-            return Response(
-                {"error": "Issue IDs are required"},
-                status=status.HTTP_400_BAD_REQUEST,
-            )
-
-        # Get all the issues
-        issues = (
-            Issue.objects.filter(
-                workspace__slug=slug, project_id=project_id, pk__in=issue_ids
-            )
-            .select_related("state")
-            .prefetch_related("labels", "assignees")
-        )
-        # Current epoch
-        epoch = int(timezone.now().timestamp())
-
-        # Project details
-        project = Project.objects.get(workspace__slug=slug, pk=project_id)
-        workspace_id = project.workspace_id
-
-        # Initialize arrays
-        bulk_update_issues = []
-        bulk_issue_activities = []
-        bulk_update_issue_labels = []
-        bulk_update_issue_assignees = []
-
-        properties = request.data.get("properties", {})
-
-        if properties.get("start_date", False) and properties.get("target_date", False):
-            if (
-                datetime.strptime(properties.get("start_date"), "%Y-%m-%d").date()
-                > datetime.strptime(properties.get("target_date"), "%Y-%m-%d").date()
-            ):
-                return Response(
-                    {
-                        "error_code": 4100,
-                        "error_message": "INVALID_ISSUE_DATES",
-                    },
-                    status=status.HTTP_400_BAD_REQUEST,
-                )
-
-        for issue in issues:
-
-            # Priority
-            if properties.get("priority", False):
-                bulk_issue_activities.append(
-                    {
-                        "type": "issue.activity.updated",
-                        "requested_data": json.dumps(
-                            {"priority": properties.get("priority")}
-                        ),
-                        "current_instance": json.dumps(
-                            {"priority": (issue.priority)}
-                        ),
-                        "issue_id": str(issue.id),
-                        "actor_id": str(request.user.id),
-                        "project_id": str(project_id),
-                        "epoch": epoch,
-                    }
-                )
-                issue.priority = properties.get("priority")
-
-            # State
-            if properties.get("state_id", False):
-                bulk_issue_activities.append(
-                    {
-                        "type": "issue.activity.updated",
-                        "requested_data": json.dumps(
-                            {"state": properties.get("state")}
-                        ),
-                        "current_instance": json.dumps(
-                            {"state": str(issue.state_id)}
-                        ),
-                        "issue_id": str(issue.id),
-                        "actor_id": str(request.user.id),
-                        "project_id": str(project_id),
-                        "epoch": epoch,
-                    }
-                )
-                issue.state_id = properties.get("state_id")
-
-            # Start date
-            if properties.get("start_date", False):
-                if (
-                    issue.target_date
-                    and not properties.get("target_date", False)
-                    and issue.target_date
-                    <= datetime.strptime(
-                        properties.get("start_date"), "%Y-%m-%d"
-                    ).date()
-                ):
-                    return Response(
-                        {
-                            "error_code": 4101,
-                            "error_message": "INVALID_ISSUE_START_DATE",
-                        },
-                        status=status.HTTP_400_BAD_REQUEST,
-                    )
-                bulk_issue_activities.append(
-                    {
-                        "type": "issue.activity.updated",
-                        "requested_data": json.dumps(
-                            {"start_date": properties.get("start_date")}
-                        ),
-                        "current_instance": json.dumps(
-                            {"start_date": str(issue.start_date)}
-                        ),
-                        "issue_id": str(issue.id),
-                        "actor_id": str(request.user.id),
-                        "project_id": str(project_id),
-                        "epoch": epoch,
-                    }
-                )
-                issue.start_date = properties.get("start_date")
-
-            # Target date
-            if properties.get("target_date", False):
-                if (
-                    issue.start_date
-                    and not properties.get("start_date", False)
-                    and issue.start_date
-                    >= datetime.strptime(
-                        properties.get("target_date"), "%Y-%m-%d"
-                    ).date()
-                ):
-                    return Response(
-                        {
-                            "error_code": 4102,
-                            "error_message": "INVALID_ISSUE_TARGET_DATE",
-                        },
-                        status=status.HTTP_400_BAD_REQUEST,
-                    )
-                bulk_issue_activities.append(
-                    {
-                        "type": "issue.activity.updated",
-                        "requested_data": json.dumps(
-                            {"target_date": properties.get("target_date")}
-                        ),
-                        "current_instance": json.dumps(
-                            {"target_date": str(issue.target_date)}
-                        ),
-                        "issue_id": str(issue.id),
-                        "actor_id": str(request.user.id),
-                        "project_id": str(project_id),
-                        "epoch": epoch,
-                    }
-                )
-                issue.target_date = properties.get("target_date")
-
-            bulk_update_issues.append(issue)
-
-            # Labels
-            if properties.get("label_ids", []):
-                for label_id in properties.get("label_ids", []):
-                    bulk_update_issue_labels.append(
-                        IssueLabel(
-                            issue=issue,
-                            label_id=label_id,
-                            created_by=request.user,
-                            project_id=project_id,
-                            workspace_id=workspace_id,
-                        )
-                    )
-                bulk_issue_activities.append(
-                    {
-                        "type": "issue.activity.updated",
-                        "requested_data": json.dumps(
-                            {"label_ids": properties.get("label_ids", [])}
-                        ),
-                        "current_instance": json.dumps(
-                            {
-                                "label_ids": [
-                                    str(label.id)
-                                    for label in issue.labels.all()
-                                ]
-                            }
-                        ),
-                        "issue_id": str(issue.id),
-                        "actor_id": str(request.user.id),
-                        "project_id": str(project_id),
-                        "epoch": epoch,
-                    }
-                )
-
-            # Assignees
-            if properties.get("assignee_ids", []):
-                for assignee_id in properties.get(
-                    "assignee_ids", issue.assignees
-                ):
-                    bulk_update_issue_assignees.append(
-                        IssueAssignee(
-                            issue=issue,
-                            assignee_id=assignee_id,
-                            created_by=request.user,
-                            project_id=project_id,
-                            workspace_id=workspace_id,
-                        )
-                    )
-                bulk_issue_activities.append(
-                    {
-                        "type": "issue.activity.updated",
-                        "requested_data": json.dumps(
-                            {
-                                "assignee_ids": properties.get(
-                                    "assignee_ids", []
-                                )
-                            }
-                        ),
-                        "current_instance": json.dumps(
-                            {
-                                "assignee_ids": [
-                                    str(assignee.id)
-                                    for assignee in issue.assignees.all()
-                                ]
-                            }
-                        ),
-                        "issue_id": str(issue.id),
-                        "actor_id": str(request.user.id),
-                        "project_id": str(project_id),
-                        "epoch": epoch,
-                    }
-                )
-
-        # Bulk update all the objects
-        Issue.objects.bulk_update(
-            bulk_update_issues,
-            [
-                "priority",
-                "start_date",
-                "target_date",
-                "state",
-            ],
-            batch_size=100,
-        )
-
-        # Create new labels
-        IssueLabel.objects.bulk_create(
-            bulk_update_issue_labels,
-            ignore_conflicts=True,
-            batch_size=100,
-        )
-
-        # Create new assignees
-        IssueAssignee.objects.bulk_create(
-            bulk_update_issue_assignees,
-            ignore_conflicts=True,
-            batch_size=100,
-        )
-        # update the issue activity
-        [
-            issue_activity.delay(**activity)
-            for activity in bulk_issue_activities
-        ]
-
-        return Response(status=status.HTTP_204_NO_CONTENT)

apiserver/plane/app/views/issue/comment.py

@@ -16,22 +16,19 @@ from plane.app.serializers import (
     IssueCommentSerializer,
     CommentReactionSerializer,
 )
-from plane.app.permissions import ProjectLitePermission
+from plane.app.permissions import ProjectLitePermission, allow_permission, ROLE
 from plane.db.models import (
     IssueComment,
     ProjectMember,
     CommentReaction,
 )
-from plane.bgtasks.issue_activites_task import issue_activity
+from plane.bgtasks.issue_activities_task import issue_activity
 
 
 class IssueCommentViewSet(BaseViewSet):
     serializer_class = IssueCommentSerializer
     model = IssueComment
     webhook_event = "issue_comment"
-    permission_classes = [
-        ProjectLitePermission,
-    ]
 
     filterset_fields = [
         "issue__id",
@@ -66,6 +63,7 @@ class IssueCommentViewSet(BaseViewSet):
             .distinct()
         )
 
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER, ROLE.GUEST, ROLE.VIEWER])
     def create(self, request, slug, project_id, issue_id):
         serializer = IssueCommentSerializer(data=request.data)
         if serializer.is_valid():
@@ -90,6 +88,11 @@ class IssueCommentViewSet(BaseViewSet):
             return Response(serializer.data, status=status.HTTP_201_CREATED)
         return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
 
+    @allow_permission(
+        allowed_roles=[ROLE.ADMIN, ROLE.MEMBER],
+        creator=True,
+        model=IssueComment,
+    )
     def partial_update(self, request, slug, project_id, issue_id, pk):
         issue_comment = IssueComment.objects.get(
             workspace__slug=slug,
@@ -121,6 +124,9 @@ class IssueCommentViewSet(BaseViewSet):
             return Response(serializer.data, status=status.HTTP_200_OK)
         return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
 
+    @allow_permission(
+        allowed_roles=[ROLE.ADMIN], creator=True, model=IssueComment
+    )
     def destroy(self, request, slug, project_id, issue_id, pk):
         issue_comment = IssueComment.objects.get(
             workspace__slug=slug,

apiserver/plane/app/views/issue/draft.py

@@ -32,7 +32,7 @@ from plane.app.serializers import (
     IssueFlatSerializer,
     IssueSerializer,
 )
-from plane.bgtasks.issue_activites_task import issue_activity
+from plane.bgtasks.issue_activities_task import issue_activity
 from plane.db.models import (
     Issue,
     IssueAttachment,
@@ -40,6 +40,7 @@ from plane.db.models import (
     IssueReaction,
     IssueSubscriber,
     Project,
+    ProjectMember,
 )
 from plane.utils.grouper import (
     issue_group_values,
@@ -67,6 +68,7 @@ class IssueDraftViewSet(BaseViewSet):
             Issue.objects.filter(project_id=self.kwargs.get("project_id"))
             .filter(workspace__slug=self.kwargs.get("slug"))
             .filter(is_draft=True)
+            .filter(deleted_at__isnull=True)
             .select_related("workspace", "project", "state", "parent")
             .prefetch_related("assignees", "labels", "issue_module__module")
             .annotate(cycle_id=F("issue_cycle__cycle_id"))
@@ -380,6 +382,19 @@ class IssueDraftViewSet(BaseViewSet):
         issue = Issue.objects.get(
             workspace__slug=slug, project_id=project_id, pk=pk
         )
+        if issue.created_by_id != request.user.id and (
+            not ProjectMember.objects.filter(
+                workspace__slug=slug,
+                member=request.user,
+                role=20,
+                project_id=project_id,
+                is_active=True,
+            ).exists()
+        ):
+            return Response(
+                {"error": "Only admin or creator can delete the issue"},
+                status=status.HTTP_403_FORBIDDEN,
+            )
         issue.delete()
         issue_activity.delay(
             type="issue_draft.activity.deleted",

apiserver/plane/app/views/issue/label.py

@@ -11,9 +11,7 @@ from rest_framework import status
 # Module imports
 from .. import BaseViewSet, BaseAPIView
 from plane.app.serializers import LabelSerializer
-from plane.app.permissions import (
-    ProjectMemberPermission,
-)
+from plane.app.permissions import allow_permission, ProjectBasePermission, ROLE
 from plane.db.models import (
     Project,
     Label,
@@ -25,7 +23,7 @@ class LabelViewSet(BaseViewSet):
     serializer_class = LabelSerializer
     model = Label
     permission_classes = [
-        ProjectMemberPermission,
+        ProjectBasePermission,
     ]
 
     def get_queryset(self):
@@ -45,6 +43,7 @@ class LabelViewSet(BaseViewSet):
     @invalidate_cache(
         path="/api/workspaces/:slug/labels/", url_params=True, user=False
     )
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
     def create(self, request, slug, project_id):
         try:
             serializer = LabelSerializer(data=request.data)
@@ -67,17 +66,20 @@ class LabelViewSet(BaseViewSet):
     @invalidate_cache(
         path="/api/workspaces/:slug/labels/", url_params=True, user=False
     )
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
     def partial_update(self, request, *args, **kwargs):
         return super().partial_update(request, *args, **kwargs)
 
     @invalidate_cache(
         path="/api/workspaces/:slug/labels/", url_params=True, user=False
     )
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
     def destroy(self, request, *args, **kwargs):
         return super().destroy(request, *args, **kwargs)
 
 
 class BulkCreateIssueLabelsEndpoint(BaseAPIView):
+    @allow_permission([ROLE.ADMIN])
     def post(self, request, slug, project_id):
         label_data = request.data.get("label_data", [])
         project = Project.objects.get(pk=project_id)

apiserver/plane/app/views/issue/link.py

@@ -14,7 +14,7 @@ from .. import BaseViewSet
 from plane.app.serializers import IssueLinkSerializer
 from plane.app.permissions import ProjectEntityPermission
 from plane.db.models import IssueLink
-from plane.bgtasks.issue_activites_task import issue_activity
+from plane.bgtasks.issue_activities_task import issue_activity
 
 
 class IssueLinkViewSet(BaseViewSet):

apiserver/plane/app/views/issue/reaction.py

@@ -14,7 +14,7 @@ from .. import BaseViewSet
 from plane.app.serializers import IssueReactionSerializer
 from plane.app.permissions import ProjectLitePermission
 from plane.db.models import IssueReaction
-from plane.bgtasks.issue_activites_task import issue_activity
+from plane.bgtasks.issue_activities_task import issue_activity
 
 
 class IssueReactionViewSet(BaseViewSet):

apiserver/plane/app/views/issue/relation.py

@@ -27,7 +27,7 @@ from plane.db.models import (
     IssueAttachment,
     IssueLink,
 )
-from plane.bgtasks.issue_activites_task import issue_activity
+from plane.bgtasks.issue_activities_task import issue_activity
 
 
 class IssueRelationViewSet(BaseViewSet):
@@ -37,24 +37,6 @@ class IssueRelationViewSet(BaseViewSet):
         ProjectEntityPermission,
     ]
 
-    def get_queryset(self):
-        return self.filter_queryset(
-            super()
-            .get_queryset()
-            .filter(workspace__slug=self.kwargs.get("slug"))
-            .filter(project_id=self.kwargs.get("project_id"))
-            .filter(issue_id=self.kwargs.get("issue_id"))
-            .filter(
-                project__project_projectmember__member=self.request.user,
-                project__project_projectmember__is_active=True,
-                project__archived_at__isnull=True,
-            )
-            .select_related("project")
-            .select_related("workspace")
-            .select_related("issue")
-            .distinct()
-        )
-
     def list(self, request, slug, project_id, issue_id):
         issue_relations = (
             IssueRelation.objects.filter(
@@ -98,11 +80,7 @@ class IssueRelationViewSet(BaseViewSet):
         ).values_list("issue_id", flat=True)
 
         queryset = (
-            Issue.issue_objects.filter(
-                workspace__slug=slug,
-                project_id=project_id,
-            )
-            .filter(workspace__slug=self.kwargs.get("slug"))
+            Issue.issue_objects.filter(workspace__slug=slug)
             .select_related("workspace", "project", "state", "parent")
             .prefetch_related("assignees", "labels", "issue_module__module")
             .annotate(cycle_id=F("issue_cycle__cycle_id"))

apiserver/plane/app/views/issue/sub_issue.py

@@ -30,7 +30,7 @@ from plane.db.models import (
     IssueLink,
     IssueAttachment,
 )
-from plane.bgtasks.issue_activites_task import issue_activity
+from plane.bgtasks.issue_activities_task import issue_activity
 from plane.utils.user_timezone_converter import user_timezone_converter
 from collections import defaultdict
 

apiserver/plane/app/views/module/archive.py

@@ -12,7 +12,8 @@ from django.db.models import (
     Subquery,
     UUIDField,
     Value,
-    Sum
+    Sum,
+    FloatField,
 )
 from django.db.models.functions import Coalesce, Cast
 from django.utils import timezone
@@ -44,8 +45,8 @@ class ModuleArchiveUnarchiveEndpoint(BaseAPIView):
     def get_queryset(self):
         favorite_subquery = UserFavorite.objects.filter(
             user=self.request.user,
-            entity_identifier=OuterRef("pk"),
             entity_type="module",
+            entity_identifier=OuterRef("pk"),
             project_id=self.kwargs.get("project_id"),
             workspace__slug=self.kwargs.get("slug"),
         )
@@ -102,8 +103,93 @@ class ModuleArchiveUnarchiveEndpoint(BaseAPIView):
             .annotate(cnt=Count("pk"))
             .values("cnt")
         )
+        completed_estimate_point = (
+            Issue.issue_objects.filter(
+                estimate_point__estimate__type="points",
+                state__group="completed",
+                issue_module__module_id=OuterRef("pk"),
+            )
+            .values("issue_module__module_id")
+            .annotate(
+                completed_estimate_points=Sum(
+                    Cast("estimate_point__value", FloatField())
+                )
+            )
+            .values("completed_estimate_points")[:1]
+        )
+
+        total_estimate_point = (
+            Issue.issue_objects.filter(
+                estimate_point__estimate__type="points",
+                issue_module__module_id=OuterRef("pk"),
+            )
+            .values("issue_module__module_id")
+            .annotate(
+                total_estimate_points=Sum(
+                    Cast("estimate_point__value", FloatField())
+                )
+            )
+            .values("total_estimate_points")[:1]
+        )
+        backlog_estimate_point = (
+            Issue.issue_objects.filter(
+                estimate_point__estimate__type="points",
+                state__group="backlog",
+                issue_module__module_id=OuterRef("pk"),
+            )
+            .values("issue_module__module_id")
+            .annotate(
+                backlog_estimate_point=Sum(
+                    Cast("estimate_point__value", FloatField())
+                )
+            )
+            .values("backlog_estimate_point")[:1]
+        )
+        unstarted_estimate_point = (
+            Issue.issue_objects.filter(
+                estimate_point__estimate__type="points",
+                state__group="unstarted",
+                issue_module__module_id=OuterRef("pk"),
+            )
+            .values("issue_module__module_id")
+            .annotate(
+                unstarted_estimate_point=Sum(
+                    Cast("estimate_point__value", FloatField())
+                )
+            )
+            .values("unstarted_estimate_point")[:1]
+        )
+        started_estimate_point = (
+            Issue.issue_objects.filter(
+                estimate_point__estimate__type="points",
+                state__group="started",
+                issue_module__module_id=OuterRef("pk"),
+            )
+            .values("issue_module__module_id")
+            .annotate(
+                started_estimate_point=Sum(
+                    Cast("estimate_point__value", FloatField())
+                )
+            )
+            .values("started_estimate_point")[:1]
+        )
+        cancelled_estimate_point = (
+            Issue.issue_objects.filter(
+                estimate_point__estimate__type="points",
+                state__group="cancelled",
+                issue_module__module_id=OuterRef("pk"),
+            )
+            .values("issue_module__module_id")
+            .annotate(
+                cancelled_estimate_point=Sum(
+                    Cast("estimate_point__value", FloatField())
+                )
+            )
+            .values("cancelled_estimate_point")[:1]
+        )
         return (
             Module.objects.filter(workspace__slug=self.kwargs.get("slug"))
+            .filter(project_id=self.kwargs.get("project_id"))
             .filter(archived_at__isnull=False)
             .annotate(is_favorite=Exists(favorite_subquery))
             .select_related("workspace", "project", "lead")
@@ -152,6 +238,42 @@ class ModuleArchiveUnarchiveEndpoint(BaseAPIView):
                     Value(0, output_field=IntegerField()),
                 )
             )
+            .annotate(
+                backlog_estimate_points=Coalesce(
+                    Subquery(backlog_estimate_point),
+                    Value(0, output_field=FloatField()),
+                ),
+            )
+            .annotate(
+                unstarted_estimate_points=Coalesce(
+                    Subquery(unstarted_estimate_point),
+                    Value(0, output_field=FloatField()),
+                ),
+            )
+            .annotate(
+                started_estimate_points=Coalesce(
+                    Subquery(started_estimate_point),
+                    Value(0, output_field=FloatField()),
+                ),
+            )
+            .annotate(
+                cancelled_estimate_points=Coalesce(
+                    Subquery(cancelled_estimate_point),
+                    Value(0, output_field=FloatField()),
+                ),
+            )
+            .annotate(
+                completed_estimate_points=Coalesce(
+                    Subquery(completed_estimate_point),
+                    Value(0, output_field=FloatField()),
+                ),
+            )
+            .annotate(
+                total_estimate_points=Coalesce(
+                    Subquery(total_estimate_point),
+                    Value(0, output_field=FloatField()),
+                ),
+            )
             .annotate(
                 member_ids=Coalesce(
                     ArrayAgg(
@@ -232,7 +354,7 @@ class ModuleArchiveUnarchiveEndpoint(BaseAPIView):
             data["estimate_distribution"] = {}
 
             if estimate_type:
-                label_distribution = (
+                assignee_distribution = (
                     Issue.issue_objects.filter(
                         issue_module__module_id=pk,
                         workspace__slug=slug,
@@ -252,12 +374,12 @@ class ModuleArchiveUnarchiveEndpoint(BaseAPIView):
                     )
                     .annotate(
                         total_estimates=Sum(
-                            Cast("estimate_point__value", IntegerField())
+                            Cast("estimate_point__value", FloatField())
                         ),
                     )
                     .annotate(
                         completed_estimates=Sum(
-                            Cast("estimate_point__value", IntegerField()),
+                            Cast("estimate_point__value", FloatField()),
                             filter=Q(
                                 completed_at__isnull=False,
                                 archived_at__isnull=True,
@@ -267,7 +389,7 @@ class ModuleArchiveUnarchiveEndpoint(BaseAPIView):
                     )
                     .annotate(
                         pending_estimates=Sum(
-                            Cast("estimate_point__value", IntegerField()),
+                            Cast("estimate_point__value", FloatField()),
                             filter=Q(
                                 completed_at__isnull=True,
                                 archived_at__isnull=True,
@@ -278,7 +400,7 @@ class ModuleArchiveUnarchiveEndpoint(BaseAPIView):
                     .order_by("first_name", "last_name")
                 )
 
-                assignee_distribution = (
+                label_distribution = (
                     Issue.issue_objects.filter(
                         issue_module__module_id=pk,
                         workspace__slug=slug,
@@ -290,12 +412,12 @@ class ModuleArchiveUnarchiveEndpoint(BaseAPIView):
                     .values("label_name", "color", "label_id")
                     .annotate(
                         total_estimates=Sum(
-                            Cast("estimate_point__value", IntegerField())
+                            Cast("estimate_point__value", FloatField())
                         ),
                     )
                     .annotate(
                         completed_estimates=Sum(
-                            Cast("estimate_point__value", IntegerField()),
+                            Cast("estimate_point__value", FloatField()),
                             filter=Q(
                                 completed_at__isnull=False,
                                 archived_at__isnull=True,
@@ -305,7 +427,7 @@ class ModuleArchiveUnarchiveEndpoint(BaseAPIView):
                     )
                     .annotate(
                         pending_estimates=Sum(
-                            Cast("estimate_point__value", IntegerField()),
+                            Cast("estimate_point__value", FloatField()),
                             filter=Q(
                                 completed_at__isnull=True,
                                 archived_at__isnull=True,
@@ -315,8 +437,8 @@ class ModuleArchiveUnarchiveEndpoint(BaseAPIView):
                     )
                     .order_by("label_name")
                 )
-                data["estimate_distribution"]["assignee"] = assignee_distribution
-                data["estimate_distribution"]["label"] = label_distribution
+                data["estimate_distribution"]["assignees"] = assignee_distribution
+                data["estimate_distribution"]["labels"] = label_distribution
 
                 if modules and modules.start_date and modules.target_date:
                     data["estimate_distribution"]["completion_chart"] = (
@@ -328,6 +450,7 @@ class ModuleArchiveUnarchiveEndpoint(BaseAPIView):
                             module_id=pk,
                         )
                     )
+
             assignee_distribution = (
                 Issue.issue_objects.filter(
                     issue_module__module_id=pk,
@@ -353,7 +476,7 @@ class ModuleArchiveUnarchiveEndpoint(BaseAPIView):
                             archived_at__isnull=True,
                             is_draft=False,
                         ),
-                    )
+                    ),
                 )
                 .annotate(
                     completed_issues=Count(
@@ -425,8 +548,6 @@ class ModuleArchiveUnarchiveEndpoint(BaseAPIView):
                 "labels": label_distribution,
                 "completion_chart": {},
             }
-
-            # Fetch the modules
             if modules and modules.start_date and modules.target_date:
                 data["distribution"]["completion_chart"] = burndown_plot(
                     queryset=modules,
@@ -454,6 +575,12 @@ class ModuleArchiveUnarchiveEndpoint(BaseAPIView):
             )
         module.archived_at = timezone.now()
         module.save()
+        UserFavorite.objects.filter(
+            entity_type="module",
+            entity_identifier=module_id,
+            project_id=project_id,
+            workspace__slug=slug,
+        ).delete()
         return Response(
             {"archived_at": str(module.archived_at)},
             status=status.HTTP_200_OK,

apiserver/plane/app/views/module/base.py

@@ -30,8 +30,10 @@ from rest_framework.response import Response
 # Module imports
 from plane.app.permissions import (
     ProjectEntityPermission,
-    ProjectLitePermission,
+    allow_permission,
+    ROLE,
 )
+
 from plane.app.serializers import (
     ModuleDetailSerializer,
     ModuleLinkSerializer,
@@ -39,7 +41,7 @@ from plane.app.serializers import (
     ModuleUserPropertiesSerializer,
     ModuleWriteSerializer,
 )
-from plane.bgtasks.issue_activites_task import issue_activity
+from plane.bgtasks.issue_activities_task import issue_activity
 from plane.db.models import (
     Issue,
     Module,
@@ -53,13 +55,11 @@ from plane.utils.analytics_plot import burndown_plot
 from plane.utils.user_timezone_converter import user_timezone_converter
 from plane.bgtasks.webhook_task import model_activity
 from .. import BaseAPIView, BaseViewSet
+from plane.bgtasks.recent_visited_task import recent_visited_task
 
 
 class ModuleViewSet(BaseViewSet):
     model = Module
-    permission_classes = [
-        ProjectEntityPermission,
-    ]
     webhook_event = "module"
 
     def get_serializer_class(self):
@@ -317,6 +317,8 @@ class ModuleViewSet(BaseViewSet):
             .order_by("-is_favorite", "-created_at")
         )
 
+    allow_permission([ROLE.ADMIN, ROLE.MEMBER, ROLE.VIEWER])
+
     def create(self, request, slug, project_id):
         project = Project.objects.get(workspace__slug=slug, pk=project_id)
         serializer = ModuleWriteSerializer(
@@ -379,6 +381,8 @@ class ModuleViewSet(BaseViewSet):
             return Response(module, status=status.HTTP_201_CREATED)
         return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
 
+    allow_permission([ROLE.ADMIN, ROLE.MEMBER, ROLE.VIEWER, ROLE.GUEST])
+
     def list(self, request, slug, project_id):
         queryset = self.get_queryset().filter(archived_at__isnull=True)
         if self.fields:
@@ -426,6 +430,8 @@ class ModuleViewSet(BaseViewSet):
             )
         return Response(modules, status=status.HTTP_200_OK)
 
+    allow_permission([ROLE.ADMIN, ROLE.MEMBER, ROLE.VIEWER])
+
     def retrieve(self, request, slug, project_id, pk):
         queryset = (
             self.get_queryset()
@@ -443,6 +449,12 @@ class ModuleViewSet(BaseViewSet):
             )
         )
 
+        if not queryset.exists():
+            return Response(
+                {"error": "Module not found"},
+                status=status.HTTP_404_NOT_FOUND,
+            )
+
         estimate_type = Project.objects.filter(
             workspace__slug=slug,
             pk=project_id,
@@ -554,7 +566,7 @@ class ModuleViewSet(BaseViewSet):
                 )
 
         assignee_distribution = (
-            Issue.objects.filter(
+            Issue.issue_objects.filter(
                 issue_module__module_id=pk,
                 workspace__slug=slug,
                 project_id=project_id,
@@ -604,7 +616,7 @@ class ModuleViewSet(BaseViewSet):
         )
 
         label_distribution = (
-            Issue.objects.filter(
+            Issue.issue_objects.filter(
                 issue_module__module_id=pk,
                 workspace__slug=slug,
                 project_id=project_id,
@@ -659,11 +671,20 @@ class ModuleViewSet(BaseViewSet):
                 module_id=pk,
             )
 
+        recent_visited_task.delay(
+            slug=slug,
+            entity_name="module",
+            entity_identifier=pk,
+            user_id=request.user.id,
+            project_id=project_id,
+        )
+
         return Response(
             data,
             status=status.HTTP_200_OK,
         )
 
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
     def partial_update(self, request, slug, project_id, pk):
         module = self.get_queryset().filter(pk=pk)
 
@@ -733,10 +754,12 @@ class ModuleViewSet(BaseViewSet):
             return Response(module, status=status.HTTP_200_OK)
         return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
 
+    @allow_permission([ROLE.ADMIN], creator=True, model=Module)
     def destroy(self, request, slug, project_id, pk):
         module = Module.objects.get(
             workspace__slug=slug, project_id=project_id, pk=pk
         )
+
         module_issues = list(
             ModuleIssue.objects.filter(module_id=pk).values_list(
                 "issue", flat=True
@@ -757,6 +780,18 @@ class ModuleViewSet(BaseViewSet):
             for issue in module_issues
         ]
         module.delete()
+        # Delete the module issues
+        ModuleIssue.objects.filter(
+            module=pk,
+            project_id=project_id,
+        ).delete()
+        # Delete the user favorite module
+        UserFavorite.objects.filter(
+            user=request.user,
+            entity_type="module",
+            entity_identifier=pk,
+            project_id=project_id,
+        ).delete()
         return Response(status=status.HTTP_204_NO_CONTENT)
 
 
@@ -820,15 +855,13 @@ class ModuleFavoriteViewSet(BaseViewSet):
             entity_type="module",
             entity_identifier=module_id,
         )
-        module_favorite.delete()
+        module_favorite.delete(soft=False)
         return Response(status=status.HTTP_204_NO_CONTENT)
 
 
 class ModuleUserPropertiesEndpoint(BaseAPIView):
-    permission_classes = [
-        ProjectLitePermission,
-    ]
 
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER, ROLE.VIEWER, ROLE.GUEST])
     def patch(self, request, slug, project_id, module_id):
         module_properties = ModuleUserProperties.objects.get(
             user=request.user,
@@ -851,6 +884,7 @@ class ModuleUserPropertiesEndpoint(BaseAPIView):
         serializer = ModuleUserPropertiesSerializer(module_properties)
         return Response(serializer.data, status=status.HTTP_201_CREATED)
 
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER, ROLE.VIEWER, ROLE.GUEST])
     def get(self, request, slug, project_id, module_id):
         module_properties, _ = ModuleUserProperties.objects.get_or_create(
             user=request.user,

apiserver/plane/app/views/module/issue.py

@@ -17,13 +17,11 @@ from django.views.decorators.gzip import gzip_page
 from rest_framework import status
 from rest_framework.response import Response
 
-from plane.app.permissions import (
-    ProjectEntityPermission,
-)
+from plane.app.permissions import allow_permission, ROLE
 from plane.app.serializers import (
     ModuleIssueSerializer,
 )
-from plane.bgtasks.issue_activites_task import issue_activity
+from plane.bgtasks.issue_activities_task import issue_activity
 from plane.db.models import (
     Issue,
     IssueAttachment,
@@ -46,6 +44,7 @@ from plane.utils.paginator import (
 # Module imports
 from .. import BaseViewSet
 
+
 class ModuleIssueViewSet(BaseViewSet):
     serializer_class = ModuleIssueSerializer
     model = ModuleIssue
@@ -57,10 +56,6 @@ class ModuleIssueViewSet(BaseViewSet):
         "issue__assignees__id",
     ]
 
-    permission_classes = [
-        ProjectEntityPermission,
-    ]
-
     def get_queryset(self):
         return (
             Issue.issue_objects.filter(
@@ -96,6 +91,7 @@ class ModuleIssueViewSet(BaseViewSet):
         ).distinct()
 
     @method_decorator(gzip_page)
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER, ROLE.VIEWER])
     def list(self, request, slug, project_id, module_id):
         filters = issue_filters(request.query_params, "GET")
         issue_queryset = self.get_queryset().filter(**filters)
@@ -203,6 +199,7 @@ class ModuleIssueViewSet(BaseViewSet):
                 ),
             )
 
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
     # create multiple issues inside a module
     def create_module_issues(self, request, slug, project_id, module_id):
         issues = request.data.get("issues", [])
@@ -244,13 +241,13 @@ class ModuleIssueViewSet(BaseViewSet):
         ]
         return Response({"message": "success"}, status=status.HTTP_201_CREATED)
 
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
     # add multiple module inside an issue and remove multiple modules from an issue
     def create_issue_modules(self, request, slug, project_id, issue_id):
         modules = request.data.get("modules", [])
         removed_modules = request.data.get("removed_modules", [])
         project = Project.objects.get(pk=project_id)
 
-
         if modules:
             _ = ModuleIssue.objects.bulk_create(
                 [
@@ -284,7 +281,7 @@ class ModuleIssueViewSet(BaseViewSet):
             ]
 
         for module_id in removed_modules:
-            module_issue = ModuleIssue.objects.get(
+            module_issue = ModuleIssue.objects.filter(
                 workspace__slug=slug,
                 project_id=project_id,
                 module_id=module_id,
@@ -297,7 +294,7 @@ class ModuleIssueViewSet(BaseViewSet):
                 issue_id=str(issue_id),
                 project_id=str(project_id),
                 current_instance=json.dumps(
-                    {"module_name": module_issue.module.name}
+                    {"module_name": module_issue.first().module.name}
                 ),
                 epoch=int(timezone.now().timestamp()),
                 notification=True,
@@ -307,8 +304,9 @@ class ModuleIssueViewSet(BaseViewSet):
 
         return Response({"message": "success"}, status=status.HTTP_201_CREATED)
 
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
     def destroy(self, request, slug, project_id, module_id, issue_id):
-        module_issue = ModuleIssue.objects.get(
+        module_issue = ModuleIssue.objects.filter(
             workspace__slug=slug,
             project_id=project_id,
             module_id=module_id,
@@ -321,7 +319,7 @@ class ModuleIssueViewSet(BaseViewSet):
             issue_id=str(issue_id),
             project_id=str(project_id),
             current_instance=json.dumps(
-                {"module_name": module_issue.module.name}
+                {"module_name": module_issue.first().module.name}
             ),
             epoch=int(timezone.now().timestamp()),
             notification=True,

apiserver/plane/app/views/notification/base.py

@@ -1,5 +1,5 @@
 # Django imports
-from django.db.models import Exists, OuterRef, Q
+from django.db.models import Exists, OuterRef, Q, Case, When, BooleanField
 from django.utils import timezone
 
 # Third party imports
@@ -19,6 +19,7 @@ from plane.db.models import (
     WorkspaceMember,
 )
 from plane.utils.paginator import BasePaginator
+from plane.app.permissions import allow_permission, ROLE
 
 # Module imports
 from ..base import BaseAPIView, BaseViewSet
@@ -39,6 +40,10 @@ class NotificationViewSet(BaseViewSet, BasePaginator):
             .select_related("workspace", "project," "triggered_by", "receiver")
         )
 
+    @allow_permission(
+        allowed_roles=[ROLE.ADMIN, ROLE.MEMBER, ROLE.VIEWER, ROLE.GUEST],
+        level="WORKSPACE",
+    )
     def list(self, request, slug):
         # Get query parameters
         snoozed = request.GET.get("snoozed", "false")
@@ -60,6 +65,13 @@ class NotificationViewSet(BaseViewSet, BasePaginator):
             )
             .filter(entity_name="issue")
             .annotate(is_inbox_issue=Exists(inbox_issue))
+            .annotate(
+                is_mentioned_notification=Case(
+                    When(sender__icontains="mentioned", then=True),
+                    default=False,
+                    output_field=BooleanField(),
+                )
+            )
             .select_related("workspace", "project", "triggered_by", "receiver")
             .order_by("snoozed_till", "-created_at")
         )
@@ -161,6 +173,10 @@ class NotificationViewSet(BaseViewSet, BasePaginator):
         serializer = NotificationSerializer(notifications, many=True)
         return Response(serializer.data, status=status.HTTP_200_OK)
 
+    @allow_permission(
+        allowed_roles=[ROLE.ADMIN, ROLE.MEMBER, ROLE.VIEWER, ROLE.GUEST],
+        level="WORKSPACE",
+    )
     def partial_update(self, request, slug, pk):
         notification = Notification.objects.get(
             workspace__slug=slug, pk=pk, receiver=request.user
@@ -178,6 +194,10 @@ class NotificationViewSet(BaseViewSet, BasePaginator):
             return Response(serializer.data, status=status.HTTP_200_OK)
         return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
 
+    @allow_permission(
+        allowed_roles=[ROLE.ADMIN, ROLE.MEMBER, ROLE.VIEWER, ROLE.GUEST],
+        level="WORKSPACE",
+    )
     def mark_read(self, request, slug, pk):
         notification = Notification.objects.get(
             receiver=request.user, workspace__slug=slug, pk=pk
@@ -187,6 +207,9 @@ class NotificationViewSet(BaseViewSet, BasePaginator):
         serializer = NotificationSerializer(notification)
         return Response(serializer.data, status=status.HTTP_200_OK)
 
+    @allow_permission(
+        allowed_roles=[ROLE.ADMIN, ROLE.MEMBER], level="WORKSPACE"
+    )
     def mark_unread(self, request, slug, pk):
         notification = Notification.objects.get(
             receiver=request.user, workspace__slug=slug, pk=pk
@@ -196,6 +219,9 @@ class NotificationViewSet(BaseViewSet, BasePaginator):
         serializer = NotificationSerializer(notification)
         return Response(serializer.data, status=status.HTTP_200_OK)
 
+    @allow_permission(
+        allowed_roles=[ROLE.ADMIN, ROLE.MEMBER], level="WORKSPACE"
+    )
     def archive(self, request, slug, pk):
         notification = Notification.objects.get(
             receiver=request.user, workspace__slug=slug, pk=pk
@@ -205,6 +231,9 @@ class NotificationViewSet(BaseViewSet, BasePaginator):
         serializer = NotificationSerializer(notification)
         return Response(serializer.data, status=status.HTTP_200_OK)
 
+    @allow_permission(
+        allowed_roles=[ROLE.ADMIN, ROLE.MEMBER], level="WORKSPACE"
+    )
     def unarchive(self, request, slug, pk):
         notification = Notification.objects.get(
             receiver=request.user, workspace__slug=slug, pk=pk
@@ -216,6 +245,10 @@ class NotificationViewSet(BaseViewSet, BasePaginator):
 
 
 class UnreadNotificationEndpoint(BaseAPIView):
+    @allow_permission(
+        allowed_roles=[ROLE.ADMIN, ROLE.MEMBER, ROLE.VIEWER, ROLE.GUEST],
+        level="WORKSPACE",
+    )
     def get(self, request, slug):
         # Watching Issues Count
         unread_notifications_count = (
@@ -253,6 +286,9 @@ class UnreadNotificationEndpoint(BaseAPIView):
 
 
 class MarkAllReadNotificationViewSet(BaseViewSet):
+    @allow_permission(
+        allowed_roles=[ROLE.ADMIN, ROLE.MEMBER], level="WORKSPACE"
+    )
     def create(self, request, slug):
         snoozed = request.data.get("snoozed", False)
         archived = request.data.get("archived", False)

apiserver/plane/app/views/page/base.py

@@ -19,7 +19,7 @@ from rest_framework import status
 from rest_framework.response import Response
 
 
-from plane.app.permissions import ProjectEntityPermission
+from plane.app.permissions import allow_permission, ROLE
 from plane.app.serializers import (
     PageLogSerializer,
     PageSerializer,
@@ -33,11 +33,13 @@ from plane.db.models import (
     ProjectMember,
     ProjectPage,
 )
-
+from plane.utils.error_codes import ERROR_CODES
 # Module imports
 from ..base import BaseAPIView, BaseViewSet
 
 from plane.bgtasks.page_transaction_task import page_transaction
+from plane.bgtasks.page_version_task import page_version
+from plane.bgtasks.recent_visited_task import recent_visited_task
 
 
 def unarchive_archive_page_and_descendants(page_id, archived_at):
@@ -59,9 +61,6 @@ def unarchive_archive_page_and_descendants(page_id, archived_at):
 class PageViewSet(BaseViewSet):
     serializer_class = PageSerializer
     model = Page
-    permission_classes = [
-        ProjectEntityPermission,
-    ]
     search_fields = [
         "name",
     ]
@@ -121,6 +120,7 @@ class PageViewSet(BaseViewSet):
             .distinct()
         )
 
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
     def create(self, request, slug, project_id):
         serializer = PageSerializer(
             data=request.data,
@@ -142,6 +142,7 @@ class PageViewSet(BaseViewSet):
             return Response(serializer.data, status=status.HTTP_201_CREATED)
         return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
 
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
     def partial_update(self, request, slug, project_id, pk):
         try:
             page = Page.objects.get(
@@ -207,6 +208,7 @@ class PageViewSet(BaseViewSet):
                 status=status.HTTP_400_BAD_REQUEST,
             )
 
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER, ROLE.VIEWER])
     def retrieve(self, request, slug, project_id, pk=None):
         page = self.get_queryset().filter(pk=pk).first()
         if page is None:
@@ -220,11 +222,19 @@ class PageViewSet(BaseViewSet):
             ).values_list("entity_identifier", flat=True)
             data = PageDetailSerializer(page).data
             data["issue_ids"] = issue_ids
+            recent_visited_task.delay(
+                slug=slug,
+                entity_name="page",
+                entity_identifier=pk,
+                user_id=request.user.id,
+                project_id=project_id,
+            )
             return Response(
                 data,
                 status=status.HTTP_200_OK,
             )
 
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
     def lock(self, request, slug, project_id, pk):
         page = Page.objects.filter(
             pk=pk, workspace__slug=slug, projects__id=project_id
@@ -234,6 +244,7 @@ class PageViewSet(BaseViewSet):
         page.save()
         return Response(status=status.HTTP_204_NO_CONTENT)
 
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
     def unlock(self, request, slug, project_id, pk):
         page = Page.objects.filter(
             pk=pk, workspace__slug=slug, projects__id=project_id
@@ -244,11 +255,36 @@ class PageViewSet(BaseViewSet):
 
         return Response(status=status.HTTP_204_NO_CONTENT)
 
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
+    def access(self, request, slug, project_id, pk):
+        access = request.data.get("access", 0)
+        page = Page.objects.filter(
+            pk=pk, workspace__slug=slug, projects__id=project_id
+        ).first()
+
+        # Only update access if the page owner is the requesting user
+        if (
+            page.access != request.data.get("access", page.access)
+            and page.owned_by_id != request.user.id
+        ):
+            return Response(
+                {
+                    "error": "Access cannot be updated since this page is owned by someone else"
+                },
+                status=status.HTTP_400_BAD_REQUEST,
+            )
+
+        page.access = access
+        page.save()
+        return Response(status=status.HTTP_204_NO_CONTENT)
+
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER, ROLE.VIEWER])
     def list(self, request, slug, project_id):
         queryset = self.get_queryset()
         pages = PageSerializer(queryset, many=True).data
         return Response(pages, status=status.HTTP_200_OK)
 
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
     def archive(self, request, slug, project_id, pk):
         page = Page.objects.get(
             pk=pk, workspace__slug=slug, projects__id=project_id
@@ -269,6 +305,13 @@ class PageViewSet(BaseViewSet):
                 status=status.HTTP_400_BAD_REQUEST,
             )
 
+        UserFavorite.objects.filter(
+            entity_type="page",
+            entity_identifier=pk,
+            project_id=project_id,
+            workspace__slug=slug,
+        ).delete()
+
         unarchive_archive_page_and_descendants(pk, datetime.now())
 
         return Response(
@@ -276,6 +319,7 @@ class PageViewSet(BaseViewSet):
             status=status.HTTP_200_OK,
         )
 
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
     def unarchive(self, request, slug, project_id, pk):
         page = Page.objects.get(
             pk=pk, workspace__slug=slug, projects__id=project_id
@@ -305,48 +349,53 @@ class PageViewSet(BaseViewSet):
 
         return Response(status=status.HTTP_204_NO_CONTENT)
 
+    @allow_permission([ROLE.ADMIN], creator=True, model=Page)
     def destroy(self, request, slug, project_id, pk):
         page = Page.objects.get(
             pk=pk, workspace__slug=slug, projects__id=project_id
         )
 
-        # only the owner and admin can delete the page
-        if (
-            ProjectMember.objects.filter(
-                project_id=project_id,
-                member=request.user,
-                is_active=True,
-                role__gt=20,
-            ).exists()
-            or request.user.id != page.owned_by_id
-        ):
-            return Response(
-                {"error": "Only the owner and admin can delete the page"},
-                status=status.HTTP_400_BAD_REQUEST,
-            )
-
         if page.archived_at is None:
             return Response(
                 {"error": "The page should be archived before deleting"},
                 status=status.HTTP_400_BAD_REQUEST,
             )
 
+        if page.owned_by_id != request.user.id and (
+            not ProjectMember.objects.filter(
+                workspace__slug=slug,
+                member=request.user,
+                role=20,
+                project_id=project_id,
+                is_active=True,
+            ).exists()
+        ):
+            return Response(
+                {"error": "Only admin or owner can delete the page"},
+                status=status.HTTP_403_FORBIDDEN,
+            )
+
         # remove parent from all the children
         _ = Page.objects.filter(
             parent_id=pk, projects__id=project_id, workspace__slug=slug
         ).update(parent=None)
 
         page.delete()
+        # Delete the user favorite page
+        UserFavorite.objects.filter(
+            project=project_id,
+            workspace__slug=slug,
+            entity_identifier=pk,
+            entity_type="page",
+        ).delete()
         return Response(status=status.HTTP_204_NO_CONTENT)
 
 
 class PageFavoriteViewSet(BaseViewSet):
-    permission_classes = [
-        ProjectEntityPermission,
-    ]
 
     model = UserFavorite
 
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
     def create(self, request, slug, project_id, pk):
         _ = UserFavorite.objects.create(
             project_id=project_id,
@@ -356,6 +405,7 @@ class PageFavoriteViewSet(BaseViewSet):
         )
         return Response(status=status.HTTP_204_NO_CONTENT)
 
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
     def destroy(self, request, slug, project_id, pk):
         page_favorite = UserFavorite.objects.get(
             project=project_id,
@@ -364,14 +414,11 @@ class PageFavoriteViewSet(BaseViewSet):
             entity_identifier=pk,
             entity_type="page",
         )
-        page_favorite.delete()
+        page_favorite.delete(soft=False)
         return Response(status=status.HTTP_204_NO_CONTENT)
 
 
 class PageLogEndpoint(BaseAPIView):
-    permission_classes = [
-        ProjectEntityPermission,
-    ]
 
     serializer_class = PageLogSerializer
     model = PageLog
@@ -411,9 +458,6 @@ class PageLogEndpoint(BaseAPIView):
 
 
 class SubPagesEndpoint(BaseAPIView):
-    permission_classes = [
-        ProjectEntityPermission,
-    ]
 
     @method_decorator(gzip_page)
     def get(self, request, slug, project_id, page_id):
@@ -432,10 +476,8 @@ class SubPagesEndpoint(BaseAPIView):
 
 
 class PagesDescriptionViewSet(BaseViewSet):
-    permission_classes = [
-        ProjectEntityPermission,
-    ]
 
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER, ROLE.VIEWER])
     def retrieve(self, request, slug, project_id, pk):
         page = (
             Page.objects.filter(
@@ -444,6 +486,11 @@ class PagesDescriptionViewSet(BaseViewSet):
             .filter(Q(owned_by=self.request.user) | Q(access=0))
             .first()
         )
+        if page is None:
+            return Response(
+                {"error": "Page not found"},
+                status=404,
+            )
         binary_data = page.description_binary
 
         def stream_data():
@@ -460,6 +507,7 @@ class PagesDescriptionViewSet(BaseViewSet):
         )
         return response
 
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER, ROLE.VIEWER, ROLE.GUEST])
     def partial_update(self, request, slug, project_id, pk):
         page = (
             Page.objects.filter(
@@ -469,28 +517,62 @@ class PagesDescriptionViewSet(BaseViewSet):
             .first()
         )
 
+        if page is None:
+            return Response(
+                {"error": "Page not found"},
+                status=404,
+            )
+
         if page.is_locked:
             return Response(
-                {"error": "Page is locked"},
-                status=471,
+                {
+                    "error_code": ERROR_CODES["PAGE_LOCKED"],
+                    "error_message": "PAGE_LOCKED",
+                },
+                status=status.HTTP_400_BAD_REQUEST,
             )
 
         if page.archived_at:
             return Response(
-                {"error": "Page is archived"},
-                status=472,
+                {
+                    "error_code": ERROR_CODES["PAGE_ARCHIVED"],
+                    "error_message": "PAGE_ARCHIVED",
+                },
+                status=status.HTTP_400_BAD_REQUEST,
             )
 
+        # Serialize the existing instance
+        existing_instance = json.dumps(
+            {
+                "description_html": page.description_html,
+            },
+            cls=DjangoJSONEncoder,
+        )
+
+        # Get the base64 data from the request
         base64_data = request.data.get("description_binary")
 
+        # If base64 data is provided
         if base64_data:
             # Decode the base64 data to bytes
             new_binary_data = base64.b64decode(base64_data)
-
+            # capture the page transaction
+            if request.data.get("description_html"):
+                page_transaction.delay(
+                    new_value=request.data,
+                    old_value=existing_instance,
+                    page_id=pk,
+                )
             # Store the updated binary data
             page.description_binary = new_binary_data
             page.description_html = request.data.get("description_html")
             page.save()
+            # Return a success response
+            page_version.delay(
+                page_id=page.id,
+                existing_instance=existing_instance,
+                user_id=request.user.id,
+            )
             return Response({"message": "Updated successfully"})
         else:
             return Response({"error": "No binary data provided"})

apiserver/plane/app/views/page/version.py

@@ -0,0 +1,39 @@
+# Third party imports
+from rest_framework import status
+from rest_framework.response import Response
+
+# Module imports
+from plane.db.models import PageVersion
+from ..base import BaseAPIView
+from plane.app.serializers import (
+    PageVersionSerializer,
+    PageVersionDetailSerializer,
+)
+from plane.app.permissions import allow_permission, ROLE
+
+
+class PageVersionEndpoint(BaseAPIView):
+
+    @allow_permission(
+        allowed_roles=[ROLE.ADMIN, ROLE.MEMBER, ROLE.VIEWER, ROLE.GUEST]
+    )
+    def get(self, request, slug, project_id, page_id, pk=None):
+        # Check if pk is provided
+        if pk:
+            # Return a single page version
+            page_version = PageVersion.objects.get(
+                workspace__slug=slug,
+                page_id=page_id,
+                pk=pk,
+            )
+            # Serialize the page version
+            serializer = PageVersionDetailSerializer(page_version)
+            return Response(serializer.data, status=status.HTTP_200_OK)
+        # Return all page versions
+        page_versions = PageVersion.objects.filter(
+            workspace__slug=slug,
+            page_id=page_id,
+        )
+        # Serialize the page versions
+        serializer = PageVersionSerializer(page_versions, many=True)
+        return Response(serializer.data, status=status.HTTP_200_OK)

apiserver/plane/app/views/project/base.py

@@ -31,15 +31,16 @@ from plane.app.serializers import (
 )
 
 from plane.app.permissions import (
-    ProjectBasePermission,
     ProjectMemberPermission,
+    allow_permission,
+    ROLE,
 )
 from plane.db.models import (
     UserFavorite,
     Cycle,
     Inbox,
     DeployBoard,
-    IssueProperty,
+    IssueUserProperty,
     Issue,
     Module,
     Project,
@@ -47,9 +48,11 @@ from plane.db.models import (
     ProjectMember,
     State,
     Workspace,
+    WorkspaceMember,
 )
 from plane.utils.cache import cache_response
 from plane.bgtasks.webhook_task import model_activity
+from plane.bgtasks.recent_visited_task import recent_visited_task
 
 
 class ProjectViewSet(BaseViewSet):
@@ -57,10 +60,6 @@ class ProjectViewSet(BaseViewSet):
     model = Project
     webhook_event = "project"
 
-    permission_classes = [
-        ProjectBasePermission,
-    ]
-
     def get_queryset(self):
         sort_order = ProjectMember.objects.filter(
             member=self.request.user,
@@ -155,6 +154,10 @@ class ProjectViewSet(BaseViewSet):
             .distinct()
         )
 
+    @allow_permission(
+        allowed_roles=[ROLE.ADMIN, ROLE.MEMBER, ROLE.VIEWER, ROLE.GUEST],
+        level="WORKSPACE",
+    )
     def list(self, request, slug):
         fields = [
             field
@@ -173,11 +176,27 @@ class ProjectViewSet(BaseViewSet):
                     projects, many=True
                 ).data,
             )
+
+        if WorkspaceMember.objects.filter(
+            member=request.user,
+            workspace__slug=slug,
+            is_active=True,
+            role__in=[5, 10],
+        ).exists():
+            projects = projects.filter(
+                project_projectmember__member=self.request.user,
+                project_projectmember__is_active=True,
+            )
+
         projects = ProjectListSerializer(
             projects, many=True, fields=fields if fields else None
         ).data
         return Response(projects, status=status.HTTP_200_OK)
 
+    @allow_permission(
+        allowed_roles=[ROLE.ADMIN, ROLE.MEMBER, ROLE.VIEWER, ROLE.GUEST],
+        level="WORKSPACE",
+    )
     def retrieve(self, request, slug, pk):
         project = (
             self.get_queryset()
@@ -246,9 +265,18 @@ class ProjectViewSet(BaseViewSet):
                 status=status.HTTP_404_NOT_FOUND,
             )
 
+        recent_visited_task.delay(
+            slug=slug,
+            project_id=pk,
+            entity_name="project",
+            entity_identifier=pk,
+            user_id=request.user.id,
+        )
+
         serializer = ProjectListSerializer(project)
         return Response(serializer.data, status=status.HTTP_200_OK)
 
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER], level="WORKSPACE")
     def create(self, request, slug):
         try:
             workspace = Workspace.objects.get(slug=slug)
@@ -266,7 +294,7 @@ class ProjectViewSet(BaseViewSet):
                     role=20,
                 )
                 # Also create the issue property for the user
-                _ = IssueProperty.objects.create(
+                _ = IssueUserProperty.objects.create(
                     project_id=serializer.data["id"],
                     user=request.user,
                 )
@@ -280,7 +308,7 @@ class ProjectViewSet(BaseViewSet):
                         role=20,
                     )
                     # Also create the issue property for the user
-                    IssueProperty.objects.create(
+                    IssueUserProperty.objects.create(
                         project_id=serializer.data["id"],
                         user_id=serializer.data["project_lead"],
                     )
@@ -342,6 +370,7 @@ class ProjectViewSet(BaseViewSet):
                     .first()
                 )
 
+                # Create the model activity
                 model_activity.delay(
                     model_name="project",
                     model_id=str(project.id),
@@ -377,6 +406,7 @@ class ProjectViewSet(BaseViewSet):
                 status=status.HTTP_410_GONE,
             )
 
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER], level="WORKSPACE")
     def partial_update(self, request, slug, pk=None):
         try:
             workspace = Workspace.objects.get(slug=slug)
@@ -458,19 +488,21 @@ class ProjectViewSet(BaseViewSet):
 
 class ProjectArchiveUnarchiveEndpoint(BaseAPIView):
 
-    permission_classes = [
-        ProjectBasePermission,
-    ]
-
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
     def post(self, request, slug, project_id):
         project = Project.objects.get(pk=project_id, workspace__slug=slug)
         project.archived_at = timezone.now()
         project.save()
+        UserFavorite.objects.filter(
+            workspace__slug=slug,
+            project=project_id,
+        ).delete()
         return Response(
             {"archived_at": str(project.archived_at)},
             status=status.HTTP_200_OK,
         )
 
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
     def delete(self, request, slug, project_id):
         project = Project.objects.get(pk=project_id, workspace__slug=slug)
         project.archived_at = None
@@ -479,10 +511,7 @@ class ProjectArchiveUnarchiveEndpoint(BaseAPIView):
 
 
 class ProjectIdentifierEndpoint(BaseAPIView):
-    permission_classes = [
-        ProjectBasePermission,
-    ]
-
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER], level="WORKSPACE")
     def get(self, request, slug):
         name = request.GET.get("name", "").strip().upper()
 
@@ -501,6 +530,7 @@ class ProjectIdentifierEndpoint(BaseAPIView):
             status=status.HTTP_200_OK,
         )
 
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER], level="WORKSPACE")
     def delete(self, request, slug):
         name = request.data.get("name", "").strip().upper()
 
@@ -598,7 +628,7 @@ class ProjectFavoritesViewSet(BaseViewSet):
             user=request.user,
             workspace__slug=slug,
         )
-        project_favorite.delete()
+        project_favorite.delete(soft=False)
         return Response(status=status.HTTP_204_NO_CONTENT)
 
 

apiserver/plane/app/views/project/invite.py

@@ -25,7 +25,7 @@ from plane.db.models import (
     ProjectMemberInvite,
     User,
     WorkspaceMember,
-    IssueProperty,
+    IssueUserProperty,
 )
 
 
@@ -179,9 +179,9 @@ class UserProjectInvitationsViewset(BaseViewSet):
             ignore_conflicts=True,
         )
 
-        IssueProperty.objects.bulk_create(
+        IssueUserProperty.objects.bulk_create(
             [
-                IssueProperty(
+                IssueUserProperty(
                     project_id=project_id,
                     user=request.user,
                     workspace=workspace,

apiserver/plane/app/views/project/member.py

@@ -22,18 +22,17 @@ from plane.db.models import (
     ProjectMember,
     Workspace,
     TeamMember,
-    IssueProperty,
+    IssueUserProperty,
+    WorkspaceMember,
 )
 from plane.bgtasks.project_add_user_email_task import project_add_user_email
 from plane.utils.host import base_host
+from plane.app.permissions.base import allow_permission, ROLE
 
 
 class ProjectMemberViewSet(BaseViewSet):
     serializer_class = ProjectMemberAdminSerializer
     model = ProjectMember
-    permission_classes = [
-        ProjectMemberPermission,
-    ]
 
     def get_permissions(self):
         if self.action == "leave":
@@ -65,6 +64,7 @@ class ProjectMemberViewSet(BaseViewSet):
             .select_related("workspace", "workspace__owner")
         )
 
+    @allow_permission([ROLE.ADMIN])
     def create(self, request, slug, project_id):
         # Get the list of members to be added to the project and their roles i.e. the user_id and the role
         members = request.data.get("members", [])
@@ -88,6 +88,23 @@ class ProjectMemberViewSet(BaseViewSet):
             member.get("member_id"): member.get("role") for member in members
         }
 
+        # check the workspace role of the new user
+        for member in member_roles:
+            workspace_member_role = WorkspaceMember.objects.get(
+                workspace__slug=slug,
+                member=member,
+                is_active=True,
+            ).role
+            if workspace_member_role in [5, 10] and member_roles.get(
+                member
+            ) in [15, 20]:
+                return Response(
+                    {
+                        "error": "You cannot add a user with role higher than the workspace role"
+                    },
+                    status=status.HTTP_400_BAD_REQUEST,
+                )
+
         # Update roles in the members array based on the member_roles dictionary and set is_active to True
         for project_member in ProjectMember.objects.filter(
             project_id=project_id,
@@ -136,7 +153,7 @@ class ProjectMemberViewSet(BaseViewSet):
             )
             # Create a new issue property
             bulk_issue_props.append(
-                IssueProperty(
+                IssueUserProperty(
                     user_id=member.get("member_id"),
                     project_id=project_id,
                     workspace_id=project.workspace_id,
@@ -150,7 +167,7 @@ class ProjectMemberViewSet(BaseViewSet):
             ignore_conflicts=True,
         )
 
-        _ = IssueProperty.objects.bulk_create(
+        _ = IssueUserProperty.objects.bulk_create(
             bulk_issue_props, batch_size=10, ignore_conflicts=True
         )
 
@@ -172,6 +189,7 @@ class ProjectMemberViewSet(BaseViewSet):
         # Return the serialized data
         return Response(serializer.data, status=status.HTTP_201_CREATED)
 
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER, ROLE.VIEWER, ROLE.GUEST])
     def list(self, request, slug, project_id):
         # Get the list of project members for the project
         project_members = ProjectMember.objects.filter(
@@ -186,6 +204,7 @@ class ProjectMemberViewSet(BaseViewSet):
         )
         return Response(serializer.data, status=status.HTTP_200_OK)
 
+    @allow_permission([ROLE.ADMIN])
     def partial_update(self, request, slug, project_id, pk):
         project_member = ProjectMember.objects.get(
             pk=pk,
@@ -205,6 +224,22 @@ class ProjectMemberViewSet(BaseViewSet):
             member=request.user,
             is_active=True,
         )
+
+        workspace_role = WorkspaceMember.objects.get(
+            workspace__slug=slug,
+            member=project_member.member,
+            is_active=True,
+        ).role
+        if workspace_role in [5, 10] and int(
+            request.data.get("role", project_member.role)
+        ) in [15, 20]:
+            return Response(
+                {
+                    "error": "You cannot add a user with role higher than the workspace role"
+                },
+                status=status.HTTP_400_BAD_REQUEST,
+            )
+
         if (
             "role" in request.data
             and int(request.data.get("role", project_member.role))
@@ -226,6 +261,7 @@ class ProjectMemberViewSet(BaseViewSet):
             return Response(serializer.data, status=status.HTTP_200_OK)
         return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
 
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER])
     def destroy(self, request, slug, project_id, pk):
         project_member = ProjectMember.objects.get(
             workspace__slug=slug,
@@ -262,6 +298,7 @@ class ProjectMemberViewSet(BaseViewSet):
         project_member.save()
         return Response(status=status.HTTP_204_NO_CONTENT)
 
+    @allow_permission([ROLE.ADMIN, ROLE.MEMBER, ROLE.VIEWER, ROLE.GUEST])
     def leave(self, request, slug, project_id):
         project_member = ProjectMember.objects.get(
             workspace__slug=slug,
@@ -323,7 +360,7 @@ class AddTeamToProjectEndpoint(BaseAPIView):
                 )
             )
             issue_props.append(
-                IssueProperty(
+                IssueUserProperty(
                     project_id=project_id,
                     user_id=member,
                     workspace=workspace,
@@ -335,7 +372,7 @@ class AddTeamToProjectEndpoint(BaseAPIView):
             project_members, batch_size=10, ignore_conflicts=True
         )
 
-        _ = IssueProperty.objects.bulk_create(
+        _ = IssueUserProperty.objects.bulk_create(
             issue_props, batch_size=10, ignore_conflicts=True
         )
 

apiserver/plane/app/views/search/issue.py

@@ -1,5 +1,4 @@
 # Python imports
-import re
 
 # Django imports
 from django.db.models import Q
@@ -10,15 +9,7 @@ from rest_framework.response import Response
 
 # Module imports
 from .base import BaseAPIView
-from plane.db.models import (
-    Workspace,
-    Project,
-    Issue,
-    Cycle,
-    Module,
-    Page,
-    IssueView,
-)
+from plane.db.models import Issue, ProjectMember
 from plane.utils.issue_search import search_issues
 
 
@@ -59,8 +50,14 @@ class IssueSearchEndpoint(BaseAPIView):
             issue = Issue.issue_objects.get(pk=issue_id)
             issues = issues.filter(
                 ~Q(pk=issue_id),
-                ~Q(issue_related__issue=issue),
-                ~Q(issue_relation__related_issue=issue),
+                ~Q(
+                    issue_related__issue=issue,
+                    issue_related__deleted_at__isnull=True,
+                ),
+                ~Q(
+                    issue_relation__related_issue=issue,
+                    issue_related__deleted_at__isnull=True,
+                ),
             )
         if sub_issue == "true" and issue_id:
             issue = Issue.issue_objects.get(pk=issue_id)
@@ -76,6 +73,16 @@ class IssueSearchEndpoint(BaseAPIView):
 
         if target_date == "none":
             issues = issues.filter(target_date__isnull=True)
+        
+        if ProjectMember.objects.filter(
+            project_id=project_id,
+            member=self.request.user,
+            is_active=True,
+            role=5
+        ).exists():
+            issues = issues.filter(
+                created_by=self.request.user
+        )
 
         return Response(
             issues.values(

apiserver/plane/app/views/view/base.py

@@ -13,15 +13,16 @@ from django.db.models import (
 from django.db.models.functions import Coalesce
 from django.utils.decorators import method_decorator
 from django.views.decorators.gzip import gzip_page
-from rest_framework import status
 from django.db import transaction
 
 # Third party imports
+from rest_framework import status
 from rest_framework.response import Response
 
+# Module imports
 from plane.app.permissions import (
-    ProjectEntityPermission,
-    WorkspaceEntityPermission,
+    allow_permission,
+    ROLE,
 )
 from plane.app.serializers import (
     IssueViewSerializer,
@@ -46,10 +47,8 @@ from plane.utils.paginator import (
     GroupedOffsetPaginator,
     SubGroupedOffsetPaginator,
 )
-
-# Module imports
+from plane.bgtasks.recent_visited_task import recent_visited_task
 from .. import BaseViewSet
-
 from plane.db.models import (
     UserFavorite,
 )
@@ -58,9 +57,6 @@ from plane.db.models import (
 class WorkspaceViewViewSet(BaseViewSet):
     serializer_class = IssueViewSerializer
     model = IssueView
-    permission_classes = [
-        WorkspaceEntityPermission,
-    ]
 
     def perform_create(self, serializer):
         workspace = Workspace.objects.get(slug=self.kwargs.get("slug"))
@@ -78,6 +74,32 @@ class WorkspaceViewViewSet(BaseViewSet):
             .distinct()
         )
 
+    @allow_permission(
+        allowed_roles=[ROLE.ADMIN, ROLE.MEMBER, ROLE.VIEWER, ROLE.GUEST],
+        level="WORKSPACE",
+    )
+    def list(self, request, slug):
+        queryset = self.get_queryset()
+        fields = [
+            field
+            for field in request.GET.get("fields", "").split(",")
+            if field
+        ]
+        if WorkspaceMember.objects.filter(
+            workspace__slug=slug,
+            member=request.user,
+            role=5,
+            is_active=True,
+        ).exists():
+            queryset = queryset.filter(owned_by=request.user)
+        views = IssueViewSerializer(
+            queryset, many=True, fields=fields if fields else None
+        ).data
+        return Response(views, status=status.HTTP_200_OK)
+
+    @allow_permission(
+        allowed_roles=[], level="WORKSPACE", creator=True, model=IssueView
+    )
     def partial_update(self, request, slug, pk):
         with transaction.atomic():
             workspace_view = IssueView.objects.select_for_update().get(
@@ -111,11 +133,33 @@ class WorkspaceViewViewSet(BaseViewSet):
                 serializer.errors, status=status.HTTP_400_BAD_REQUEST
             )
 
+    def retrieve(self, request, slug, pk):
+        issue_view = self.get_queryset().filter(pk=pk).first()
+        serializer = IssueViewSerializer(issue_view)
+        recent_visited_task.delay(
+            slug=slug,
+            project_id=None,
+            entity_name="view",
+            entity_identifier=pk,
+            user_id=request.user.id,
+        )
+        return Response(
+            serializer.data,
+            status=status.HTTP_200_OK,
+        )
+
+    @allow_permission(
+        allowed_roles=[],
+        level="WORKSPACE",
+        creator=True,
+        model=IssueView,
+    )
     def destroy(self, request, slug, pk):
         workspace_view = IssueView.objects.get(
             pk=pk,
             workspace__slug=slug,
         )
+
         workspace_member = WorkspaceMember.objects.filter(
             workspace__slug=slug,
             member=request.user,
@@ -127,6 +171,13 @@ class WorkspaceViewViewSet(BaseViewSet):
             or workspace_view.owned_by == request.user
         ):
             workspace_view.delete()
+            # Delete the user favorite view
+            UserFavorite.objects.filter(
+                workspace__slug=slug,
+                entity_identifier=pk,
+                project__isnull=True,
+                entity_type="view",
+            ).delete()
         else:
             return Response(
                 {"error": "Only admin or owner can delete the view"},
@@ -136,10 +187,6 @@ class WorkspaceViewViewSet(BaseViewSet):
 
 
 class WorkspaceViewIssuesViewSet(BaseViewSet):
-    permission_classes = [
-        WorkspaceEntityPermission,
-    ]
-
     def get_queryset(self):
         return (
             Issue.issue_objects.annotate(
@@ -202,7 +249,8 @@ class WorkspaceViewIssuesViewSet(BaseViewSet):
                     ArrayAgg(
                         "issue_module__module_id",
                         distinct=True,
-                        filter=~Q(issue_module__module_id__isnull=True),
+                        filter=~Q(issue_module__module_id__isnull=True)
+                        & Q(issue_module__module__archived_at__isnull=True),
                     ),
                     Value([], output_field=ArrayField(UUIDField())),
                 ),
@@ -210,6 +258,10 @@ class WorkspaceViewIssuesViewSet(BaseViewSet):
         )
 
     @method_decorator(gzip_page)
+    @allow_permission(
+        allowed_roles=[ROLE.ADMIN, ROLE.MEMBER, ROLE.VIEWER, ROLE.GUEST],
+        level="WORKSPACE",
+    )
     def list(self, request, slug):
         filters = issue_filters(request.query_params, "GET")
         order_by_param = request.GET.get("order_by", "-created_at")
@@ -220,6 +272,16 @@ class WorkspaceViewIssuesViewSet(BaseViewSet):
             .annotate(cycle_id=F("issue_cycle__cycle_id"))
         )
 
+        if WorkspaceMember.objects.filter(
+            workspace__slug=slug,
+            member=request.user,
+            role=5,
+            is_active=True,
+        ).exists():
+            issue_queryset = issue_queryset.filter(
+                created_by=request.user,
+            )
+
         # Issue queryset
         issue_queryset, order_by_param = order_issue_queryset(
             issue_queryset=issue_queryset,
@@ -326,9 +388,6 @@ class WorkspaceViewIssuesViewSet(BaseViewSet):
 class IssueViewViewSet(BaseViewSet):
     serializer_class = IssueViewSerializer
     model = IssueView
-    permission_classes = [
-        ProjectEntityPermission,
-    ]
 
     def perform_create(self, serializer):
         serializer.save(
@@ -362,8 +421,20 @@ class IssueViewViewSet(BaseViewSet):
             .distinct()
         )
 
+    allow_permission(
+        allowed_roles=[ROLE.ADMIN, ROLE.MEMBER, ROLE.VIEWER, ROLE.GUEST]
+    )
+
     def list(self, request, slug, project_id):
         queryset = self.get_queryset()
+        if ProjectMember.objects.filter(
+            workspace__slug=slug,
+            project_id=project_id,
+            member=request.user,
+            role=5,
+            is_active=True,
+        ).exists():
+            queryset = queryset.filter(owned_by=request.user)
         fields = [
             field
             for field in request.GET.get("fields", "").split(",")
@@ -374,6 +445,29 @@ class IssueViewViewSet(BaseViewSet):
         ).data
         return Response(views, status=status.HTTP_200_OK)
 
+    allow_permission(
+        allowed_roles=[ROLE.ADMIN, ROLE.MEMBER, ROLE.VIEWER, ROLE.GUEST]
+    )
+
+    def retrieve(self, request, slug, project_id, pk):
+        issue_view = (
+            self.get_queryset().filter(pk=pk, project_id=project_id).first()
+        )
+        serializer = IssueViewSerializer(issue_view)
+        recent_visited_task.delay(
+            slug=slug,
+            project_id=project_id,
+            entity_name="view",
+            entity_identifier=pk,
+            user_id=request.user.id,
+        )
+        return Response(
+            serializer.data,
+            status=status.HTTP_200_OK,
+        )
+
+    allow_permission(allowed_roles=[], creator=True, model=IssueView)
+
     def partial_update(self, request, slug, project_id, pk):
         with transaction.atomic():
             issue_view = IssueView.objects.select_for_update().get(
@@ -406,21 +500,32 @@ class IssueViewViewSet(BaseViewSet):
                 serializer.errors, status=status.HTTP_400_BAD_REQUEST
             )
 
+    allow_permission(allowed_roles=[ROLE.ADMIN], creator=True, model=IssueView)
+
     def destroy(self, request, slug, project_id, pk):
         project_view = IssueView.objects.get(
             pk=pk,
             project_id=project_id,
             workspace__slug=slug,
         )
-        project_member = ProjectMember.objects.filter(
-            workspace__slug=slug,
-            project_id=project_id,
-            member=request.user,
-            role=20,
-            is_active=True,
-        )
-        if project_member.exists() or project_view.owned_by == request.user:
+        if (
+            ProjectMember.objects.filter(
+                workspace__slug=slug,
+                project_id=project_id,
+                member=request.user,
+                role=20,
+                is_active=True,
+            ).exists()
+            or project_view.owned_by_id == request.user.id
+        ):
             project_view.delete()
+            # Delete the user favorite view
+            UserFavorite.objects.filter(
+                project_id=project_id,
+                workspace__slug=slug,
+                entity_identifier=pk,
+                entity_type="view",
+            ).delete()
         else:
             return Response(
                 {"error": "Only admin or owner can delete the view"},
@@ -441,6 +546,8 @@ class IssueViewFavoriteViewSet(BaseViewSet):
             .select_related("view")
         )
 
+    allow_permission([ROLE.ADMIN, ROLE.MEMBER])
+
     def create(self, request, slug, project_id):
         _ = UserFavorite.objects.create(
             user=request.user,
@@ -450,6 +557,8 @@ class IssueViewFavoriteViewSet(BaseViewSet):
         )
         return Response(status=status.HTTP_204_NO_CONTENT)
 
+    allow_permission([ROLE.ADMIN, ROLE.MEMBER])
+
     def destroy(self, request, slug, project_id, view_id):
         view_favorite = UserFavorite.objects.get(
             project=project_id,
@@ -458,5 +567,5 @@ class IssueViewFavoriteViewSet(BaseViewSet):
             entity_type="view",
             entity_identifier=view_id,
         )
-        view_favorite.delete()
+        view_favorite.delete(soft=False)
         return Response(status=status.HTTP_204_NO_CONTENT)

apiserver/plane/app/views/webhook/base.py

@@ -9,15 +9,13 @@ from rest_framework.response import Response
 from plane.db.models import Webhook, WebhookLog, Workspace
 from plane.db.models.webhook import generate_token
 from ..base import BaseAPIView
-from plane.app.permissions import WorkspaceOwnerPermission
+from plane.app.permissions import allow_permission, ROLE
 from plane.app.serializers import WebhookSerializer, WebhookLogSerializer
 
 
 class WebhookEndpoint(BaseAPIView):
-    permission_classes = [
-        WorkspaceOwnerPermission,
-    ]
 
+    @allow_permission(allowed_roles=[ROLE.ADMIN], level="WORKSPACE")
     def post(self, request, slug):
         workspace = Workspace.objects.get(slug=slug)
         try:
@@ -40,6 +38,7 @@ class WebhookEndpoint(BaseAPIView):
                 )
             raise IntegrityError
 
+    @allow_permission(allowed_roles=[ROLE.ADMIN], level="WORKSPACE")
     def get(self, request, slug, pk=None):
         if pk is None:
             webhooks = Webhook.objects.filter(workspace__slug=slug)
@@ -79,6 +78,7 @@ class WebhookEndpoint(BaseAPIView):
             )
             return Response(serializer.data, status=status.HTTP_200_OK)
 
+    @allow_permission(allowed_roles=[ROLE.ADMIN], level="WORKSPACE")
     def patch(self, request, slug, pk):
         webhook = Webhook.objects.get(workspace__slug=slug, pk=pk)
         serializer = WebhookSerializer(
@@ -104,6 +104,7 @@ class WebhookEndpoint(BaseAPIView):
             return Response(serializer.data, status=status.HTTP_200_OK)
         return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
 
+    @allow_permission(allowed_roles=[ROLE.ADMIN], level="WORKSPACE")
     def delete(self, request, slug, pk):
         webhook = Webhook.objects.get(pk=pk, workspace__slug=slug)
         webhook.delete()
@@ -111,10 +112,8 @@ class WebhookEndpoint(BaseAPIView):
 
 
 class WebhookSecretRegenerateEndpoint(BaseAPIView):
-    permission_classes = [
-        WorkspaceOwnerPermission,
-    ]
 
+    @allow_permission(allowed_roles=[ROLE.ADMIN], level="WORKSPACE")
     def post(self, request, slug, pk):
         webhook = Webhook.objects.get(workspace__slug=slug, pk=pk)
         webhook.secret_key = generate_token()
@@ -124,10 +123,8 @@ class WebhookSecretRegenerateEndpoint(BaseAPIView):
 
 
 class WebhookLogsEndpoint(BaseAPIView):
-    permission_classes = [
-        WorkspaceOwnerPermission,
-    ]
 
+    @allow_permission(allowed_roles=[ROLE.ADMIN], level="WORKSPACE")
     def get(self, request, slug, webhook_id):
         webhook_logs = WebhookLog.objects.filter(
             workspace__slug=slug, webhook_id=webhook_id

apiserver/plane/app/views/workspace/favorite.py

@@ -0,0 +1,97 @@
+# Third party modules
+from rest_framework import status
+from rest_framework.response import Response
+
+# Django modules
+from django.db.models import Q
+
+# Module imports
+from plane.app.views.base import BaseAPIView
+from plane.db.models import UserFavorite, Workspace
+from plane.app.serializers import UserFavoriteSerializer
+from plane.app.permissions import allow_permission, ROLE
+
+
+class WorkspaceFavoriteEndpoint(BaseAPIView):
+
+    @allow_permission(
+        allowed_roles=[ROLE.ADMIN, ROLE.MEMBER], level="WORKSPACE"
+    )
+    def get(self, request, slug):
+        # the second filter is to check if the user is a member of the project
+        favorites = UserFavorite.objects.filter(
+            user=request.user,
+            workspace__slug=slug,
+            parent__isnull=True,
+        ).filter(
+            Q(project__isnull=True)
+            | (
+                Q(project__isnull=False)
+                & Q(project__project_projectmember__member=request.user)
+                & Q(project__project_projectmember__is_active=True)
+            )
+        )
+        serializer = UserFavoriteSerializer(favorites, many=True)
+        return Response(serializer.data, status=status.HTTP_200_OK)
+
+    @allow_permission(
+        allowed_roles=[ROLE.ADMIN, ROLE.MEMBER], level="WORKSPACE"
+    )
+    def post(self, request, slug):
+        workspace = Workspace.objects.get(slug=slug)
+        serializer = UserFavoriteSerializer(data=request.data)
+        if serializer.is_valid():
+            serializer.save(
+                user_id=request.user.id,
+                workspace=workspace,
+                project_id=request.data.get("project_id", None),
+            )
+            return Response(serializer.data, status=status.HTTP_200_OK)
+        return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
+
+    @allow_permission(
+        allowed_roles=[ROLE.ADMIN, ROLE.MEMBER], level="WORKSPACE"
+    )
+    def patch(self, request, slug, favorite_id):
+        favorite = UserFavorite.objects.get(
+            user=request.user, workspace__slug=slug, pk=favorite_id
+        )
+        serializer = UserFavoriteSerializer(
+            favorite, data=request.data, partial=True
+        )
+        if serializer.is_valid():
+            serializer.save()
+            return Response(serializer.data, status=status.HTTP_200_OK)
+        return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST)
+
+    @allow_permission(
+        allowed_roles=[ROLE.ADMIN, ROLE.MEMBER], level="WORKSPACE"
+    )
+    def delete(self, request, slug, favorite_id):
+        favorite = UserFavorite.objects.get(
+            user=request.user, workspace__slug=slug, pk=favorite_id
+        )
+        favorite.delete(soft=False)
+        return Response(status=status.HTTP_204_NO_CONTENT)
+
+
+class WorkspaceFavoriteGroupEndpoint(BaseAPIView):
+
+    @allow_permission(
+        allowed_roles=[ROLE.ADMIN, ROLE.MEMBER], level="WORKSPACE"
+    )
+    def get(self, request, slug, favorite_id):
+        favorites = UserFavorite.objects.filter(
+            user=request.user,
+            workspace__slug=slug,
+            parent_id=favorite_id,
+        ).filter(
+            Q(project__isnull=True)
+            | (
+                Q(project__isnull=False)
+                & Q(project__project_projectmember__member=request.user)
+                & Q(project__project_projectmember__is_active=True)
+            )
+        )
+        serializer = UserFavoriteSerializer(favorites, many=True)
+        return Response(serializer.data, status=status.HTTP_200_OK)

apiserver/plane/app/views/workspace/label.py

@@ -13,7 +13,7 @@ class WorkspaceLabelsEndpoint(BaseAPIView):
     permission_classes = [
         WorkspaceViewerPermission,
     ]
-
+    
     @cache_response(60 * 60 * 2)
     def get(self, request, slug):
         labels = Label.objects.filter(

apiserver/plane/authentication/adapter/oauth.py

@@ -100,10 +100,8 @@ class OauthAdapter(Adapter):
         account, created = Account.objects.update_or_create(
             user=user,
             provider=self.provider,
+            provider_account_id=self.user_data.get("user").get("provider_id"),
             defaults={
-                "provider_account_id": self.user_data.get("user").get(
-                    "provider_id"
-                ),
                 "access_token": self.token_data.get("access_token"),
                 "refresh_token": self.token_data.get("refresh_token", None),
                 "access_token_expired_at": self.token_data.get(

apiserver/plane/authentication/utils/redirection_path.py

@@ -3,7 +3,7 @@ from plane.db.models import Profile, Workspace, WorkspaceMemberInvite
 
 def get_redirection_path(user):
     # Handle redirections
-    profile = Profile.objects.get(user=user)
+    profile, _ = Profile.objects.get_or_create(user=user)
 
     # Redirect to onboarding if the user is not onboarded yet
     if not profile.is_onboarded:

apiserver/plane/authentication/views/app/magic.py

@@ -29,6 +29,7 @@ from plane.authentication.adapter.error import (
     AuthenticationException,
     AUTHENTICATION_ERROR_CODES,
 )
+from plane.authentication.rate_limit import AuthenticationThrottle
 
 
 class MagicGenerateEndpoint(APIView):
@@ -37,6 +38,10 @@ class MagicGenerateEndpoint(APIView):
         AllowAny,
     ]
 
+    throttle_classes = [
+        AuthenticationThrottle,
+    ]
+
     def post(self, request):
         # Check if instance is configured
         instance = Instance.objects.first()
@@ -120,7 +125,7 @@ class MagicSignInEndpoint(View):
                 callback=post_user_auth_workflow,
             )
             user = provider.authenticate()
-            profile = Profile.objects.get(user=user)
+            profile, _ = Profile.objects.get_or_create(user=user)
             # Login the user and record his device info
             user_login(request=request, user=user, is_app=True)
             if user.is_password_autoset and profile.is_onboarded:

apiserver/plane/bgtasks/deletion_task.py

@@ -0,0 +1,161 @@
+# Django imports
+from django.utils import timezone
+from django.apps import apps
+from django.conf import settings
+from django.core.exceptions import ObjectDoesNotExist
+
+# Third party imports
+from celery import shared_task
+
+
+@shared_task
+def soft_delete_related_objects(
+    app_label, model_name, instance_pk, using=None
+):
+    model_class = apps.get_model(app_label, model_name)
+    instance = model_class.all_objects.get(pk=instance_pk)
+    related_fields = instance._meta.get_fields()
+    for field in related_fields:
+        if field.one_to_many or field.one_to_one:
+            try:
+                if field.one_to_many:
+                    related_objects = getattr(instance, field.name).all()
+                elif field.one_to_one:
+                    related_object = getattr(instance, field.name)
+                    related_objects = (
+                        [related_object] if related_object is not None else []
+                    )
+                for obj in related_objects:
+                    if obj:
+                        obj.deleted_at = timezone.now()
+                        obj.save(using=using)
+            except ObjectDoesNotExist:
+                pass
+
+
+# @shared_task
+def restore_related_objects(app_label, model_name, instance_pk, using=None):
+    pass
+
+
+@shared_task
+def hard_delete():
+
+    from plane.db.models import (
+        Workspace,
+        Project,
+        Cycle,
+        Module,
+        Issue,
+        Page,
+        IssueView,
+        Label,
+        State,
+        IssueActivity,
+        IssueComment,
+        IssueLink,
+        IssueReaction,
+        UserFavorite,
+        ModuleIssue,
+        CycleIssue,
+        Estimate,
+        EstimatePoint,
+    )
+
+    days = settings.HARD_DELETE_AFTER_DAYS
+    # check delete workspace
+    _ = Workspace.all_objects.filter(
+        deleted_at__lt=timezone.now() - timezone.timedelta(days=days)
+    ).delete()
+
+    # check delete project
+    _ = Project.all_objects.filter(
+        deleted_at__lt=timezone.now() - timezone.timedelta(days=days)
+    ).delete()
+
+    # check delete cycle
+    _ = Cycle.all_objects.filter(
+        deleted_at__lt=timezone.now() - timezone.timedelta(days=days)
+    ).delete()
+
+    # check delete module
+    _ = Module.all_objects.filter(
+        deleted_at__lt=timezone.now() - timezone.timedelta(days=days)
+    ).delete()
+
+    # check delete issue
+    _ = Issue.all_objects.filter(
+        deleted_at__lt=timezone.now() - timezone.timedelta(days=days)
+    ).delete()
+
+    # check delete page
+    _ = Page.all_objects.filter(
+        deleted_at__lt=timezone.now() - timezone.timedelta(days=days)
+    ).delete()
+
+    # check delete view
+    _ = IssueView.all_objects.filter(
+        deleted_at__lt=timezone.now() - timezone.timedelta(days=days)
+    ).delete()
+
+    # check delete label
+    _ = Label.all_objects.filter(
+        deleted_at__lt=timezone.now() - timezone.timedelta(days=days)
+    ).delete()
+
+    # check delete state
+    _ = State.all_objects.filter(
+        deleted_at__lt=timezone.now() - timezone.timedelta(days=days)
+    ).delete()
+
+    _ = IssueActivity.all_objects.filter(
+        deleted_at__lt=timezone.now() - timezone.timedelta(days=days)
+    ).delete()
+
+    _ = IssueComment.all_objects.filter(
+        deleted_at__lt=timezone.now() - timezone.timedelta(days=days)
+    ).delete()
+
+    _ = IssueLink.all_objects.filter(
+        deleted_at__lt=timezone.now() - timezone.timedelta(days=days)
+    ).delete()
+
+    _ = IssueReaction.all_objects.filter(
+        deleted_at__lt=timezone.now() - timezone.timedelta(days=days)
+    ).delete()
+
+    _ = UserFavorite.all_objects.filter(
+        deleted_at__lt=timezone.now() - timezone.timedelta(days=days)
+    ).delete()
+
+    _ = ModuleIssue.all_objects.filter(
+        deleted_at__lt=timezone.now() - timezone.timedelta(days=days)
+    ).delete()
+
+    _ = CycleIssue.all_objects.filter(
+        deleted_at__lt=timezone.now() - timezone.timedelta(days=days)
+    ).delete()
+
+    _ = Estimate.all_objects.filter(
+        deleted_at__lt=timezone.now() - timezone.timedelta(days=days)
+    ).delete()
+
+    _ = EstimatePoint.all_objects.filter(
+        deleted_at__lt=timezone.now() - timezone.timedelta(days=days)
+    ).delete()
+
+    # at last, check for every thing which ever is left and delete it
+    # Get all Django models
+    all_models = apps.get_models()
+
+    # Iterate through all models
+    for model in all_models:
+        # Check if the model has a 'deleted_at' field
+        if hasattr(model, "deleted_at"):
+            # Get all instances where 'deleted_at' is greater than 30 days ago
+            _ = model.all_objects.filter(
+                deleted_at__lt=timezone.now()
+                - timezone.timedelta(days=days)
+            ).delete()
+
+    return

apiserver/plane/bgtasks/issue_activities_task.py

@@ -582,17 +582,19 @@ def create_issue_activity(
     issue_activities,
     epoch,
 ):
-    issue_activities.append(
-        IssueActivity(
-            issue_id=issue_id,
-            project_id=project_id,
-            workspace_id=workspace_id,
-            comment="created the issue",
-            verb="created",
-            actor_id=actor_id,
-            epoch=epoch,
-        )
+    issue = Issue.objects.get(pk=issue_id)
+    issue_activity = IssueActivity.objects.create(
+        issue_id=issue_id,
+        project_id=project_id,
+        workspace_id=workspace_id,
+        comment="created the issue",
+        verb="created",
+        actor_id=actor_id,
+        epoch=epoch,
     )
+    issue_activity.created_at = issue.created_at
+    issue_activity.actor_id = issue.created_by_id
+    issue_activity.save(update_fields=["created_at", "actor_id"])
     requested_data = (
         json.loads(requested_data) if requested_data is not None else None
     )
@@ -670,6 +672,7 @@ def delete_issue_activity(
         IssueActivity(
             project_id=project_id,
             workspace_id=workspace_id,
+            issue_id=issue_id,
             comment="deleted the issue",
             verb="deleted",
             actor_id=actor_id,
@@ -877,7 +880,6 @@ def delete_cycle_issue_activity(
     cycle_name = requested_data.get("cycle_name", "")
     cycle = Cycle.objects.filter(pk=cycle_id).first()
     issues = requested_data.get("issues")
-
     for issue in issues:
         current_issue = Issue.objects.filter(pk=issue).first()
         if issue:
@@ -1391,6 +1393,7 @@ def create_issue_relation_activity(
                     workspace_id=workspace_id,
                     comment=f"added {requested_data.get('relation_type')} relation",
                     old_identifier=related_issue,
+                    epoch=epoch,
                 )
             )
             issue = Issue.objects.get(pk=issue_id)
@@ -1694,34 +1697,21 @@ def issue_activity(
         )
         # Post the updates to segway for integrations and webhooks
         if len(issue_activities_created):
-            # Don't send activities if the actor is a bot
-            try:
-                if settings.PROXY_BASE_URL:
-                    for issue_activity in issue_activities_created:
-                        headers = {"Content-Type": "application/json"}
-                        issue_activity_json = json.dumps(
-                            IssueActivitySerializer(issue_activity).data,
-                            cls=DjangoJSONEncoder,
-                        )
-                        _ = requests.post(
-                            f"{settings.PROXY_BASE_URL}/hooks/workspaces/{str(issue_activity.workspace_id)}/projects/{str(issue_activity.project_id)}/issues/{str(issue_activity.issue_id)}/issue-activity-hooks/",
-                            json=issue_activity_json,
-                            headers=headers,
-                        )
-            except Exception as e:
-                log_exception(e)
-
             for activity in issue_activities_created:
                 webhook_activity.delay(
                     event=(
                         "issue_comment"
                         if activity.field == "comment"
-                        else "inbox_issue" if inbox else "issue"
+                        else "inbox_issue"
+                        if inbox
+                        else "issue"
                     ),
                     event_id=(
                         activity.issue_comment_id
                         if activity.field == "comment"
-                        else inbox if inbox else activity.issue_id
+                        else inbox
+                        if inbox
+                        else activity.issue_id
                     ),
                     verb=activity.verb,
                     field=(

apiserver/plane/bgtasks/issue_automation_task.py

@@ -10,7 +10,7 @@ from django.db.models import Q
 from django.utils import timezone
 
 # Module imports
-from plane.bgtasks.issue_activites_task import issue_activity
+from plane.bgtasks.issue_activities_task import issue_activity
 from plane.db.models import Issue, Project, State
 from plane.utils.exception_logger import log_exception
 

apiserver/plane/bgtasks/notification_task.py

@@ -221,7 +221,6 @@ def notifications(
             else None
         )
         if type not in [
-            "issue.activity.deleted",
             "cycle.activity.created",
             "cycle.activity.deleted",
             "module.activity.created",

apiserver/plane/bgtasks/page_version_task.py

@@ -0,0 +1,44 @@
+# Python imports
+import json
+
+# Third party imports
+from celery import shared_task
+
+# Module imports
+from plane.db.models import Page, PageVersion
+
+
+@shared_task
+def page_version(
+    page_id,
+    existing_instance,
+    user_id,
+):
+    # Get the page
+    page = Page.objects.get(id=page_id)
+
+    # Get the current instance
+    current_instance = (
+        json.loads(existing_instance) if existing_instance is not None else {}
+    )
+
+    # Create a version if description_html is updated
+    if current_instance.get("description_html") != page.description_html:
+        # Create a new page version
+        PageVersion.objects.create(
+            page_id=page_id,
+            workspace_id=page.workspace_id,
+            description_html=page.description_html,
+            description_binary=page.description_binary,
+            owned_by_id=user_id,
+            last_saved_at=page.updated_at,
+        )
+
+        # If page versions are greater than 20 delete the oldest one
+        if PageVersion.objects.filter(page_id=page_id).count() > 20:
+            # Delete the old page version
+            PageVersion.objects.filter(page_id=page_id).order_by(
+                "last_saved_at"
+            ).first().delete()
+
+    return

apiserver/plane/bgtasks/recent_visited_task.py

@@ -0,0 +1,61 @@
+# Python imports
+from django.utils import timezone
+
+# Third party imports
+from celery import shared_task
+
+# Module imports
+from plane.db.models import UserRecentVisit, Workspace
+from plane.utils.exception_logger import log_exception
+
+
+@shared_task
+def recent_visited_task(
+    entity_name, entity_identifier, user_id, project_id, slug
+):
+    try:
+        workspace = Workspace.objects.get(slug=slug)
+        recent_visited = UserRecentVisit.objects.filter(
+            entity_name=entity_name,
+            entity_identifier=entity_identifier,
+            user_id=user_id,
+            project_id=project_id,
+            workspace_id=workspace.id,
+        ).first()
+
+        if recent_visited:
+            recent_visited.visited_at = timezone.now()
+            recent_visited.save(update_fields=["visited_at"])
+        else:
+
+            recent_visited_count = UserRecentVisit.objects.filter(
+                user_id=user_id, workspace_id=workspace.id
+            ).count()
+            if recent_visited_count == 20:
+                recent_visited = (
+                    UserRecentVisit.objects.filter(
+                        user_id=user_id, workspace_id=workspace.id
+                    )
+                    .order_by("created_at")
+                    .first()
+                )
+                recent_visited.delete()
+
+            recent_activity = UserRecentVisit.objects.create(
+                entity_name=entity_name,
+                entity_identifier=entity_identifier,
+                user_id=user_id,
+                visited_at=timezone.now(),
+                project_id=project_id,
+                workspace_id=workspace.id,
+            )
+            recent_activity.created_by_id = user_id
+            recent_activity.updated_by_id = user_id
+            recent_activity.save(
+                update_fields=["created_by_id", "updated_by_id"]
+            )
+
+        return
+    except Exception as e:
+        log_exception(e)
+        return

apiserver/plane/celery.py

@@ -36,6 +36,10 @@ app.conf.beat_schedule = {
         "task": "plane.bgtasks.api_logs_task.delete_api_logs",
         "schedule": crontab(hour=0, minute=0),
     },
+    "check-every-day-to-delete-hard-delete": {
+        "task": "plane.bgtasks.deletion_task.hard_delete",
+        "schedule": crontab(hour=0, minute=0),
+    },
 }
 
 # Load task modules from all registered Django app configs.

apiserver/plane/db/management/commands/clear_cache.py

@@ -6,8 +6,23 @@ from django.core.management import BaseCommand
 class Command(BaseCommand):
     help = "Clear Cache before starting the server to remove stale values"
 
+    def add_arguments(self, parser):
+        # Positional argument
+        parser.add_argument(
+            "--key", type=str, nargs="?", help="Key to clear cache"
+        )
+
     def handle(self, *args, **options):
         try:
+            if options["key"]:
+                cache.delete(options["key"])
+                self.stdout.write(
+                    self.style.SUCCESS(
+                        f"Cache Cleared for key: {options['key']}"
+                    )
+                )
+                return
+
             cache.clear()
             self.stdout.write(self.style.SUCCESS("Cache Cleared"))
             return

apiserver/plane/db/migrations/0052_auto_20231220_1141.py

@@ -161,7 +161,7 @@ class Migration(migrations.Migration):
             options={
                 "verbose_name": "Workspace User Property",
                 "verbose_name_plural": "Workspace User Property",
-                "db_table": "Workspace_user_properties",
+                "db_table": "workspace_user_properties",
                 "ordering": ("-created_at",),
                 "unique_together": {("workspace", "user")},
             },

apiserver/plane/db/migrations/0070_apitoken_is_service_exporterhistory_filters_and_more.py

@@ -0,0 +1,106 @@
+# Generated by Django 4.2.11 on 2024-07-10 13:59
+
+from django.conf import settings
+from django.db import migrations, models
+import django.db.models.deletion
+import django.utils.timezone
+import uuid
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('db', '0069_alter_account_provider_and_more'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='apitoken',
+            name='is_service',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='exporterhistory',
+            name='filters',
+            field=models.JSONField(blank=True, null=True),
+        ),
+        migrations.AddField(
+            model_name='exporterhistory',
+            name='name',
+            field=models.CharField(blank=True, max_length=255, null=True, verbose_name='Exporter Name'),
+        ),
+        migrations.AddField(
+            model_name='exporterhistory',
+            name='type',
+            field=models.CharField(choices=[('issue_exports', 'Issue Exports'), ('issue_worklogs', 'Issue Worklogs')], default='issue_exports', max_length=50),
+        ),
+        migrations.AddField(
+            model_name='project',
+            name='is_time_tracking_enabled',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='project',
+            name='start_date',
+            field=models.DateTimeField(blank=True, null=True),
+        ),
+        migrations.AddField(
+            model_name='project',
+            name='target_date',
+            field=models.DateTimeField(blank=True, null=True),
+        ),
+        migrations.CreateModel(
+            name='PageVersion',
+            fields=[
+                ('created_at', models.DateTimeField(auto_now_add=True, verbose_name='Created At')),
+                ('updated_at', models.DateTimeField(auto_now=True, verbose_name='Last Modified At')),
+                ('id', models.UUIDField(db_index=True, default=uuid.uuid4, editable=False, primary_key=True, serialize=False, unique=True)),
+                ('last_saved_at', models.DateTimeField(default=django.utils.timezone.now)),
+                ('description_binary', models.BinaryField(null=True)),
+                ('description_html', models.TextField(blank=True, default='<p></p>')),
+                ('description_stripped', models.TextField(blank=True, null=True)),
+                ('description_json', models.JSONField(blank=True, default=dict)),
+                ('created_by', models.ForeignKey(null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='%(class)s_created_by', to=settings.AUTH_USER_MODEL, verbose_name='Created By')),
+                ('owned_by', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='page_versions', to=settings.AUTH_USER_MODEL)),
+                ('page', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='page_versions', to='db.page')),
+                ('updated_by', models.ForeignKey(null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='%(class)s_updated_by', to=settings.AUTH_USER_MODEL, verbose_name='Last Modified By')),
+                ('workspace', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='page_versions', to='db.workspace')),
+            ],
+            options={
+                'verbose_name': 'Page Version',
+                'verbose_name_plural': 'Page Versions',
+                'db_table': 'page_versions',
+                'ordering': ('-created_at',),
+            },
+        ),
+        migrations.CreateModel(
+            name='IssueType',
+            fields=[
+                ('created_at', models.DateTimeField(auto_now_add=True, verbose_name='Created At')),
+                ('updated_at', models.DateTimeField(auto_now=True, verbose_name='Last Modified At')),
+                ('id', models.UUIDField(db_index=True, default=uuid.uuid4, editable=False, primary_key=True, serialize=False, unique=True)),
+                ('name', models.CharField(max_length=255)),
+                ('description', models.TextField(blank=True)),
+                ('logo_props', models.JSONField(default=dict)),
+                ('sort_order', models.FloatField(default=65535)),
+                ('is_default', models.BooleanField(default=True)),
+                ('weight', models.PositiveIntegerField(default=0)),
+                ('created_by', models.ForeignKey(null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='%(class)s_created_by', to=settings.AUTH_USER_MODEL, verbose_name='Created By')),
+                ('project', models.ForeignKey(null=True, on_delete=django.db.models.deletion.CASCADE, related_name='project_%(class)s', to='db.project')),
+                ('updated_by', models.ForeignKey(null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='%(class)s_updated_by', to=settings.AUTH_USER_MODEL, verbose_name='Last Modified By')),
+                ('workspace', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='workspace_%(class)s', to='db.workspace')),
+            ],
+            options={
+                'verbose_name': 'Issue Type',
+                'verbose_name_plural': 'Issue Types',
+                'db_table': 'issue_types',
+                'ordering': ('sort_order',),
+                'unique_together': {('project', 'name')},
+            },
+        ),
+        migrations.AddField(
+            model_name='issue',
+            name='type',
+            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='issue_type', to='db.issuetype'),
+        ),
+    ]

apiserver/plane/db/migrations/0071_rename_issueproperty_issueuserproperty_and_more.py

@@ -0,0 +1,44 @@
+# Generated by Django 4.2.11 on 2024-07-15 06:07
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("db", "0070_apitoken_is_service_exporterhistory_filters_and_more"),
+    ]
+
+    operations = [
+        migrations.RenameModel(
+            old_name="IssueProperty",
+            new_name="IssueUserProperty",
+        ),
+        migrations.AlterModelOptions(
+            name="issueuserproperty",
+            options={
+                "ordering": ("-created_at",),
+                "verbose_name": "Issue User Property",
+                "verbose_name_plural": "Issue User Properties",
+            },
+        ),
+        migrations.AlterModelTable(
+            name="issueuserproperty",
+            table="issue_user_properties",
+        ),
+        migrations.AddField(
+            model_name="issuetype",
+            name="is_active",
+            field=models.BooleanField(default=True),
+        ),
+        migrations.AddField(
+            model_name="project",
+            name="is_issue_type_enabled",
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AlterField(
+            model_name="issuetype",
+            name="is_default",
+            field=models.BooleanField(default=False),
+        ),
+    ]

apiserver/plane/db/migrations/0072_issueattachment_external_id_and_more.py

@@ -0,0 +1,145 @@
+# Generated by Django 4.2.14 on 2024-07-22 13:22
+from django.db import migrations, models
+from django.conf import settings
+import django.db.models.deletion
+import uuid
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("db", "0071_rename_issueproperty_issueuserproperty_and_more"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="issueattachment",
+            name="external_id",
+            field=models.CharField(blank=True, max_length=255, null=True),
+        ),
+        migrations.AddField(
+            model_name="issueattachment",
+            name="external_source",
+            field=models.CharField(blank=True, max_length=255, null=True),
+        ),
+        migrations.CreateModel(
+            name="UserRecentVisit",
+            fields=[
+                (
+                    "created_at",
+                    models.DateTimeField(
+                        auto_now_add=True, verbose_name="Created At"
+                    ),
+                ),
+                (
+                    "updated_at",
+                    models.DateTimeField(
+                        auto_now=True, verbose_name="Last Modified At"
+                    ),
+                ),
+                (
+                    "id",
+                    models.UUIDField(
+                        db_index=True,
+                        default=uuid.uuid4,
+                        editable=False,
+                        primary_key=True,
+                        serialize=False,
+                        unique=True,
+                    ),
+                ),
+                ("entity_identifier", models.UUIDField(null=True)),
+                (
+                    "entity_name",
+                    models.CharField(
+                        choices=[
+                            ("VIEW", "View"),
+                            ("PAGE", "Page"),
+                            ("ISSUE", "Issue"),
+                            ("CYCLE", "Cycle"),
+                            ("MODULE", "Module"),
+                            ("PROJECT", "Project"),
+                        ],
+                        max_length=30,
+                    ),
+                ),
+                ("visited_at", models.DateTimeField(auto_now=True)),
+                (
+                    "created_by",
+                    models.ForeignKey(
+                        null=True,
+                        on_delete=django.db.models.deletion.SET_NULL,
+                        related_name="%(class)s_created_by",
+                        to=settings.AUTH_USER_MODEL,
+                        verbose_name="Created By",
+                    ),
+                ),
+                (
+                    "project",
+                    models.ForeignKey(
+                        null=True,
+                        on_delete=django.db.models.deletion.CASCADE,
+                        related_name="project_%(class)s",
+                        to="db.project",
+                    ),
+                ),
+                (
+                    "updated_by",
+                    models.ForeignKey(
+                        null=True,
+                        on_delete=django.db.models.deletion.SET_NULL,
+                        related_name="%(class)s_updated_by",
+                        to=settings.AUTH_USER_MODEL,
+                        verbose_name="Last Modified By",
+                    ),
+                ),
+                (
+                    "user",
+                    models.ForeignKey(
+                        on_delete=django.db.models.deletion.CASCADE,
+                        related_name="user_recent_visit",
+                        to=settings.AUTH_USER_MODEL,
+                    ),
+                ),
+                (
+                    "workspace",
+                    models.ForeignKey(
+                        on_delete=django.db.models.deletion.CASCADE,
+                        related_name="workspace_%(class)s",
+                        to="db.workspace",
+                    ),
+                ),
+            ],
+            options={
+                "verbose_name": "User Recent Visit",
+                "verbose_name_plural": "User Recent Visits",
+                "db_table": "user_recent_visits",
+                "ordering": ("-created_at",),
+            },
+        ),
+        migrations.RemoveField(
+            model_name="project",
+            name="start_date",
+        ),
+        migrations.RemoveField(
+            model_name="project",
+            name="target_date",
+        ),
+        migrations.AlterField(
+            model_name="issuesequence",
+            name="sequence",
+            field=models.PositiveBigIntegerField(db_index=True, default=1),
+        ),
+        migrations.AlterField(
+            model_name="project",
+            name="identifier",
+            field=models.CharField(
+                db_index=True, max_length=12, verbose_name="Project Identifier"
+            ),
+        ),
+        migrations.AlterField(
+            model_name="projectidentifier",
+            name="name",
+            field=models.CharField(db_index=True, max_length=12),
+        ),
+    ]

apiserver/plane/db/migrations/0074_deploy_board_and_project_issues.py

@@ -0,0 +1,203 @@
+# Generated by Django 4.2.11 on 2024-08-13 16:21
+
+from django.conf import settings
+from django.db import migrations, models
+import django.db.models.deletion
+import uuid
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("db", "0073_alter_commentreaction_unique_together_and_more"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="deployboard",
+            name="is_activity_enabled",
+            field=models.BooleanField(default=True),
+        ),
+        migrations.AddField(
+            model_name="fileasset",
+            name="is_archived",
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AlterField(
+            model_name="userfavorite",
+            name="sequence",
+            field=models.FloatField(default=65535),
+        ),
+        migrations.CreateModel(
+            name="ProjectIssueType",
+            fields=[
+                (
+                    "created_at",
+                    models.DateTimeField(
+                        auto_now_add=True, verbose_name="Created At"
+                    ),
+                ),
+                (
+                    "updated_at",
+                    models.DateTimeField(
+                        auto_now=True, verbose_name="Last Modified At"
+                    ),
+                ),
+                (
+                    "deleted_at",
+                    models.DateTimeField(
+                        blank=True, null=True, verbose_name="Deleted At"
+                    ),
+                ),
+                (
+                    "id",
+                    models.UUIDField(
+                        db_index=True,
+                        default=uuid.uuid4,
+                        editable=False,
+                        primary_key=True,
+                        serialize=False,
+                        unique=True,
+                    ),
+                ),
+                ("level", models.PositiveIntegerField(default=0)),
+                ("is_default", models.BooleanField(default=False)),
+            ],
+            options={
+                "verbose_name": "Project Issue Type",
+                "verbose_name_plural": "Project Issue Types",
+                "db_table": "project_issue_types",
+                "ordering": ("project", "issue_type"),
+            },
+        ),
+        migrations.AlterModelOptions(
+            name="issuetype",
+            options={
+                "verbose_name": "Issue Type",
+                "verbose_name_plural": "Issue Types",
+            },
+        ),
+        migrations.RemoveConstraint(
+            model_name="issuetype",
+            name="issue_type_unique_name_project_when_deleted_at_null",
+        ),
+        migrations.AlterUniqueTogether(
+            name="issuetype",
+            unique_together=set(),
+        ),
+        migrations.AlterField(
+            model_name="issuetype",
+            name="workspace",
+            field=models.ForeignKey(
+                on_delete=django.db.models.deletion.CASCADE,
+                related_name="issue_types",
+                to="db.workspace",
+            ),
+        ),
+        migrations.AlterUniqueTogether(
+            name="issuetype",
+            unique_together={("workspace", "name", "deleted_at")},
+        ),
+        migrations.AddConstraint(
+            model_name="issuetype",
+            constraint=models.UniqueConstraint(
+                condition=models.Q(("deleted_at__isnull", True)),
+                fields=("name", "workspace"),
+                name="issue_type_unique_name_workspace_when_deleted_at_null",
+            ),
+        ),
+        migrations.AddField(
+            model_name="projectissuetype",
+            name="created_by",
+            field=models.ForeignKey(
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name="%(class)s_created_by",
+                to=settings.AUTH_USER_MODEL,
+                verbose_name="Created By",
+            ),
+        ),
+        migrations.AddField(
+            model_name="projectissuetype",
+            name="issue_type",
+            field=models.ForeignKey(
+                on_delete=django.db.models.deletion.CASCADE,
+                related_name="project_issue_types",
+                to="db.issuetype",
+            ),
+        ),
+        migrations.AddField(
+            model_name="projectissuetype",
+            name="project",
+            field=models.ForeignKey(
+                on_delete=django.db.models.deletion.CASCADE,
+                related_name="project_%(class)s",
+                to="db.project",
+            ),
+        ),
+        migrations.AddField(
+            model_name="projectissuetype",
+            name="updated_by",
+            field=models.ForeignKey(
+                null=True,
+                on_delete=django.db.models.deletion.SET_NULL,
+                related_name="%(class)s_updated_by",
+                to=settings.AUTH_USER_MODEL,
+                verbose_name="Last Modified By",
+            ),
+        ),
+        migrations.AddField(
+            model_name="projectissuetype",
+            name="workspace",
+            field=models.ForeignKey(
+                on_delete=django.db.models.deletion.CASCADE,
+                related_name="workspace_%(class)s",
+                to="db.workspace",
+            ),
+        ),
+        migrations.RemoveField(
+            model_name="issuetype",
+            name="is_default",
+        ),
+        migrations.RemoveField(
+            model_name="issuetype",
+            name="project",
+        ),
+        migrations.RemoveField(
+            model_name="issuetype",
+            name="sort_order",
+        ),
+        migrations.RemoveField(
+            model_name="issuetype",
+            name="weight",
+        ),
+        migrations.AddConstraint(
+            model_name="projectissuetype",
+            constraint=models.UniqueConstraint(
+                condition=models.Q(("deleted_at__isnull", True)),
+                fields=("project", "issue_type"),
+                name="project_issue_type_unique_project_issue_type_when_deleted_at_null",
+            ),
+        ),
+        migrations.AlterUniqueTogether(
+            name="projectissuetype",
+            unique_together={("project", "issue_type", "deleted_at")},
+        ),
+        migrations.AddField(
+            model_name="issuetype",
+            name="is_default",
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name="issuetype",
+            name="level",
+            field=models.PositiveIntegerField(default=0),
+        ),
+        migrations.AlterUniqueTogether(
+            name="issuetype",
+            unique_together=set(),
+        ),
+        migrations.RemoveConstraint(
+            model_name="issuetype",
+            name="issue_type_unique_name_workspace_when_deleted_at_null",
+        ),
+    ]