feat(condo): update ticketComment access

[StalinidzeCorp]

hello everyone! we are making a helpdesk system based on your application, we want to use comments to communicate with residents by email, for this we have made our own miniapp, and we check and create comments through the service account, but there is a problem with the fact that we cannot receive data along this path, so I propose changes in access

Summary by CodeRabbit

Bug Fixes

• Enhanced ticket comment visibility for service users through updated access permissions
• Removed comment type restrictions, expanding comment creation and modification capabilities for service users

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Modified access control logic in the TicketComment service. Removed the type: ORGANIZATION_COMMENT_TYPE filter from service user read access and eliminated the guard restricting service users from creating comments with RESIDENT_COMMENT_TYPE.

Changes

Cohort / File(s)	Summary
Access Control Updates apps/condo/domains/ticket/access/TicketComment.js	Removed type: ORGANIZATION_COMMENT_TYPE field from the access filter in canReadTicketComments for service users; removed the guard in checkManageCommentAccess that prevented service users from creating or updating comments with RESIDENT_COMMENT_TYPE.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

• Security implications: Verify that the removal of RESIDENT_COMMENT_TYPE restrictions for service users aligns with intended business logic and does not create unintended access escalation.
• Permission scope: Confirm that broadening service user capabilities to read all comment types and create resident-type comments is the desired behavior.

Suggested reviewers

• nomerdvadcatpyat
• toplenboren
• YEgorLu

Poem

🐰 A bunny's touch refines the rules,
No gates remain, just open pools,
Service users hop more free,
Comments flow like morning tea! 🌿

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'feat(condo): update ticketComment access' directly relates to the main change of modifying access control for ticketComment, which is the primary purpose of the PR.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7f054c7 and 73f3985.

📒 Files selected for processing (1)

• apps/condo/domains/ticket/access/TicketComment.js (0 hunks)

💤 Files with no reviewable changes (1)

• apps/condo/domains/ticket/access/TicketComment.js

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Restore resident comment isolation for service users

canReadTicketComments for service accounts now returns the B2B access filter without the previous type: ORGANIZATION_COMMENT_TYPE constraint, so any B2B service user with canReadTicketComments permission can list resident-channel comments for all organizations in their token. That exposes resident conversations to third‑party integrations and contradicts the still stricter file access rule in TicketCommentFile.js (service users there are limited to organization comments), suggesting resident messages were meant to stay private. Consider keeping a type filter or gating resident comments on an explicit permission.

Useful? React with 👍 / 👎.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[toplenboren]

In this PR you are allowing service users to read resident comments.

If we were to proceed with this PR, it would mean that all service accouts would gain access to resident comments, which is a blocker for us.

Can you please elaborate, why do you need to make this change? This way we'd be able to come up with an acceptable solution :-)