fix: room join from another team

[konsalex]

Fix the broken user-flow where users join from a newly created team, if they are invited from another team.

Summary by CodeRabbit

• New Features

  • Enhanced room access error handling with specific, user-friendly error messages for access denial scenarios.

• Bug Fixes

  • Improved room access validation logic for more accurate permission checks.

• Documentation

  • Updated API documentation to include additional error status codes and response formats for room access endpoint.

[netlify]

✅ Deploy Preview for hoppdocs ready!

Name	Link
🔨 Latest commit	e1d10c7
🔍 Latest deploy log	https://app.netlify.com/projects/hoppdocs/deploys/6a0f71c24cf28a0008d6b80d
😎 Deploy Preview	https://deploy-preview-319--hoppdocs.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR refactors room access authorization from team relation comparison to direct TeamID pointer equality checking, updating the error response from 401 Unauthorized to 403 Forbidden. The OpenAPI specification and auto-generated TypeScript types are updated to document new error responses (402 for subscription expiry, 403 for team mismatch, 404 for room not found), and the frontend React component adds status-specific error UI handling for these scenarios.

Changes

Room Access Authorization and Error Handling

Layer / File(s)	Summary
Backend authorization logic backend/internal/handlers/handlers.go	GetRoom authorization check now compares TeamID pointer values directly (with nil handling) instead of team relations, returning 403 Forbidden instead of 401 Unauthorized on access denial.
API specification and generated types backend/api-files/openapi.yaml, tauri/src/openapi.d.ts, web-app/src/openapi.d.ts	OpenAPI spec documents new response codes (402 with error JSON, 403 with Error schema, 404 with plain text), and auto-generated TypeScript types in both Tauri and web-app clients are updated to reflect these contract changes.
Frontend error handling and UI web-app/src/pages/Room.tsx	RoomJoinError component added to inspect fetch error status and render status-specific error messages (403/404/402) with unified "Go to Dashboard" action; room join failure path refactored to use this component. Screen-share label apostrophe also corrected.

Sequence Diagram

sequenceDiagram
    participant User as User
    participant RoomComponent as Room Component
    participant RoomJoinError as RoomJoinError
    participant Dashboard as Dashboard
    User->>RoomComponent: Join room with token/server URL
    RoomComponent->>RoomComponent: Fetch room data
    RoomComponent-->>RoomComponent: Error (402/403/404)
    RoomComponent->>RoomJoinError: Pass error object
    RoomJoinError->>RoomJoinError: Check error.response.status
    alt Status 403
        RoomJoinError-->>User: Team membership error
    else Status 404
        RoomJoinError-->>User: Room not found
    else Status 402
        RoomJoinError-->>User: Trial/subscription expired
    else Generic
        RoomJoinError-->>User: Unable to join room
    end
    User->>Dashboard: Click Go to Dashboard

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~22 minutes

Possibly related PRs

• gethopp/hopp#256: Overlaps on backend/internal/handlers/handlers.go's AuthHandler.GetRoom authorization logic; both PRs modify access control and error responses for the same endpoint (this PR adds TeamID comparison returning 403, related PR adds subscription gating returning 402).

Suggested reviewers

• iparaskev

Poem

🐰 A rabbit hops through room access gates,
Where TeamIDs must align just right,
403 says "not your team, my mate,"
404 says "room's out of sight."
Error handlers catch them all with grace,
And guide lost travelers back to base. 🏠

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 25.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly summarizes the main change: fixing room joining logic for users from different teams, which is reflected in all modified files.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch room-page-invite-non-team

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 golangci-lint (2.12.2)

level=error msg="[linters_context] typechecking error: pattern ./...: directory prefix . does not contain main module or its selected dependencies"

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@web-app/src/pages/Room.tsx`:
- Around line 128-130: The current conditional in Room.tsx that shows "You don't
have access..." when error is truthy is misleading for non-auth issues; update
the message logic in the render (the <p> that reads the error variable) to use a
neutral fallback like "Unable to join the room. Please try again or contact
support." while still surfacing specific error details when available (e.g.,
check error.message or a specific status field on the error object) so the UI
does not imply access denial for network/server errors.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 42481ea4-f083-4d35-9f37-c992ed523fd5

📥 Commits

Reviewing files that changed from the base of the PR and between a30da51 and e1d10c7.

📒 Files selected for processing (5)

• backend/api-files/openapi.yaml
• backend/internal/handlers/handlers.go
• tauri/src/openapi.d.ts
• web-app/src/openapi.d.ts
• web-app/src/pages/Room.tsx