Allow quicker linking to products

[FyreByrd]

Changes:

• Add endpoint that takes product id and redirects to correct project page (with a # link)
• Highlight product card for relevant product in project page
• Product name in product card is now also a link

Summary by CodeRabbit

• New Features

  • Visiting a product URL now redirects into the corresponding project page anchored to that product.
  • Product titles are interactive links that jump to a product section within a project.
  • Products support URL-hash highlighting and show a prominent visual border when selected.

• Bug Fixes

  • Authentication checks consolidated to entry points for more consistent access enforcement.

• UX

  • Project links in breadcrumbs, lists, tasks and workflows now include product anchors for direct in-page navigation.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 631ac3db-18cd-4cd1-9339-23cf2d32da39

📥 Commits

Reviewing files that changed from the base of the PR and between 14ae4a6 and 5ff6bfc.

📒 Files selected for processing (1)

• src/routes/(authenticated)/directory/[id=idNumber]/+page.svelte

🚧 Files skipped from review as they are similar to previous changes (1)

• src/routes/(authenticated)/directory/[id=idNumber]/+page.svelte

---

📝 Walkthrough

Walkthrough

Adds a server-side load that authenticates and redirects /products/{id} to its containing project page anchored to the product; centralizes authentication in product files handlers; exposes product Id and anchor/highlight link behavior in ProductCard; updates multiple project links to include product hash fragments.

Changes

Cohort / File(s)	Summary
Product redirect load src/routes/(authenticated)/products/[id]/+page.server.ts	New load export: requires authentication, queries for the project containing the product ID (select OwnerId, OrganizationId, GroupId, Id), returns 404 if not found, loads user groups, checks read permission, and issues a localized 303 redirect to the project page with product anchor.
Product files auth src/routes/(authenticated)/products/[id]/files/+page.server.ts	Moved locals.security.requireAuthenticated() to the start of load and actions.page, removing later redundant checks to centralize authentication enforcement.
ProductCard & directory view src/routes/(authenticated)/projects/[id=idNumber]/ProductCard.svelte, src/routes/(authenticated)/directory/[id=idNumber]/+page.svelte	Include project.Id in Props.select; derive highlighted product from URL hash; set container id to product.Id and add highlight styling when matched; render product name as a link to the project anchor when permitted.
Anchor fragment updates (links) src/routes/(authenticated)/products/[id]/files/+page.svelte, src/routes/(authenticated)/tasks/+page.svelte, src/routes/(authenticated)/tasks/[product_id]/+page.svelte, src/routes/(authenticated)/workflow-instances/+page.svelte, src/routes/(authenticated)/workflow-instances/[product_id]/+page.svelte	Updated breadcrumb and project links to append product hash fragments (e.g., /projects/{projectId}#{productId}) so links navigate to specific product anchors within project pages.
Manifest package.json	Minor manifest changes recorded (small line changes).

Sequence Diagram(s)

sequenceDiagram
    participant User as User/Browser
    participant Server as Server Load Handler
    participant Auth as Security
    participant DB as Database
    participant Perm as Permission Checker
    participant Redirect as Response

    User->>Server: GET /products/{productId}
    Server->>Auth: requireAuthenticated()
    Auth-->>Server: authenticated
    Server->>DB: find project containing productId (select OwnerId, OrganizationId, GroupId, Id)
    DB-->>Server: project or null
    alt project not found
        Server->>Redirect: return 404
    else project found
        Server->>DB: load user's groups for project.GroupId
        DB-->>Server: groups
        Server->>Perm: validate read access (groups, project)
        Perm-->>Server: access granted
        Server->>Redirect: 303 -> localized /projects/{project.Id}#{productId}
    end
    Redirect-->>User: redirect response

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• Show link to BuildEngine in ProductCard and ProductDetails #1453: Edits ProductCard.svelte (Props/select and link/anchor behavior) overlapping with these changes.
• Redesign Product Card #1450: Also modifies ProductCard.svelte UI and action-related behavior; likely to conflict or overlap.
• Store AppBuilder Version in ProductBuilds #1353: Modifies src/routes/(authenticated)/products/[id]/files/+page.server.ts, related to authentication/query changes.

Suggested reviewers

• chrisvire
• 7dev7urandom

Poem

🐰 I hopped through code to stitch a trail,
Anchors set so users won't fail,
A highlight blink, a gentle hop,
From product page to project top,
Hooray — a smooth, delightful trail!

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly describes the main feature added: enabling quicker navigation to products via direct linking with anchors. This matches the PR's core objective of adding endpoint redirects and highlighting product cards.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feature/product-link

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/routes/`(authenticated)/products/[id]/files/+page.server.ts:
- Line 10: The POST/page action currently looks up the product before
authenticating; move the authentication check to run first by calling
locals.security.requireAuthenticated() at the very start of the page action
(e.g., inside export const actions = { page: async ({ locals, params, request })
=> { ... } }) so the handler denies unauthenticated requests before any product
lookup (keep the existing product fetch logic like getProductById or similar
unchanged, only reorder so requireAuthenticated() is invoked before product
retrieval).

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 6a8ad441-69cb-4f40-a01f-6f024af7ac27

📥 Commits

Reviewing files that changed from the base of the PR and between 12cdd9c and acca445.

📒 Files selected for processing (4)

• src/routes/(authenticated)/products/[id]/+page.server.ts
• src/routes/(authenticated)/products/[id]/+page.svelte
• src/routes/(authenticated)/products/[id]/files/+page.server.ts
• src/routes/(authenticated)/projects/[id=idNumber]/ProductCard.svelte

[FyreByrd]

There may be some more locations where the links could be updated to include the product id

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/routes/`(authenticated)/directory/[id=idNumber]/+page.svelte:
- Around line 99-106: The product name is being rendered twice because the
unconditional "{product.ProductDefinition.Name}" after the if/else block
duplicates the conditional rendering; remove the trailing unconditional render
so the name is only shown once (keep the conditional block that uses
canViewProject(data.project) and
localizeHref(`/projects/${data.project.Id}#${product.Id}`) and delete the extra
{product.ProductDefinition.Name} line).

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 1cf96149-b044-4456-83a0-9200c6e71b21

📥 Commits

Reviewing files that changed from the base of the PR and between 1c403fd and 14ae4a6.

📒 Files selected for processing (10)

• src/routes/(authenticated)/directory/[id=idNumber]/+page.svelte
• src/routes/(authenticated)/products/[id]/+page.server.ts
• src/routes/(authenticated)/products/[id]/+page.svelte
• src/routes/(authenticated)/products/[id]/files/+page.server.ts
• src/routes/(authenticated)/products/[id]/files/+page.svelte
• src/routes/(authenticated)/projects/[id=idNumber]/ProductCard.svelte
• src/routes/(authenticated)/tasks/+page.svelte
• src/routes/(authenticated)/tasks/[product_id]/+page.svelte
• src/routes/(authenticated)/workflow-instances/+page.svelte
• src/routes/(authenticated)/workflow-instances/[product_id]/+page.svelte

🚧 Files skipped from review as they are similar to previous changes (1)

• src/routes/(authenticated)/projects/[id=idNumber]/ProductCard.svelte

[chrisvire]

👍