fix(backend): allow users to disable apps that became private after install

[mdmohsin7]

Summary

• Users could not uninstall apps that were made private by the owner after installation, because the disable endpoint used get_available_app_by_id() which filters out private apps not owned by the requesting user
• Now checks the user's enabled apps list first — if the app is installed, the user can always disable it regardless of visibility changes
• Install count decrement is still applied when the app is accessible and public

Closes #4886

Test plan

• Backend tests pass
• Verify User B can disable an app after User A makes it private
• Verify install count is correctly decremented for public apps
• Verify 404 is still returned when trying to disable an app that isn't installed

🤖 Generated with Claude Code

[gemini-code-assist]

Code Review

The pull request correctly fixes a bug where users could not disable an app that was made private after installation. The logic is sound. However, I've identified a significant performance issue in the new implementation that could affect users with many installed apps. My review includes a suggestion to address this performance bottleneck.

[mdmohsin7]

@greptile review

[mdmohsin7]

@greptile-apps review

[greptile-apps]

Greptile Summary

This PR fixes a bug where users could not uninstall apps that had been made private by the owner after installation. The root cause was that disable_app_endpoint called get_available_app_by_id, which filters out private apps not owned by the requesting user, so the lookup returned None and a 404 was raised before the disable could happen.

The fix introduces a new is_app_enabled(uid, app_id) Redis helper (sismember on the enabled-plugins set) and uses it as the primary gate in the disable endpoint. If the app is in the user's enabled set they can always remove it; the install count decrement is then attempted only if the app is still visible via the privacy-filtered lookup.

Key changes:

• backend/database/redis_db.py: Adds is_app_enabled(uid, app_id) -> bool via Redis sismember — clean and consistent with existing helpers.
• backend/routers/apps.py: Rewrites disable_app_endpoint to check enabled status first, then conditionally decrement install count only for visible/public apps.

The implementation correctly handles the primary bug fix: users can now uninstall apps they have installed, regardless of subsequent privacy changes.

Confidence Score: 5/5

• Safe to merge. The fix correctly implements the stated goal and uses appropriate Redis helpers consistent with existing code patterns.
• The PR makes a focused, well-scoped fix to the reported issue (Users cannot uninstall apps that become private after installation #4886). The new Redis helper is minimal and correct. The endpoint logic properly checks enabled status first (solving the privacy-filter bypass) before attempting install count updates. Code quality is high, with no regressions or new issues introduced. The Redis operations are atomic on a per-operation basis, and the overall logic flow is sound.
• No files require special attention

_{Last reviewed commit: 332aaf9}