Feat/aut 4535/auto open editor by link

[pnal]

Ticket:

https://oat-sa.atlassian.net/browse/AUT-4535

What's Changed

• Allow to automatically trigger an action upon selected item (by direct link)

Screenshare.-.2026-04-07.5_27_53.PM.mp4

Please tick the appropriate points

• Ticket attached or not required
• Breaking change
• Configuration change
• Release version change
• Tests are running successfully (old and new ones) on my local machine (if applicable)
• New code is respecting code style rules
• New code is respecting best practices
• New code is not subject to concurrency issues (if applicable)
• Feature is working correctly on my local machine (if applicable)
• Acceptance criteria are respected
• Pull request title and description are meaningful

TODO

• Unit tests
• E2E tests
• Update with packages

How to test

• Open Item manager
• Select an item
• In address bar modify to add a param like: &autoAction=item-preview
• Submit or open the address in other window
• Check that an action started

Summary by CodeRabbit

• New Features
  • URL-driven action execution: actions can be automatically triggered via URL parameters when authoring mode is enabled, running immediately at editor startup after UI initialization to streamline workflows and reduce manual steps.

[coderabbitai]

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (2)

• views/js/loader/taoItems.min.js is excluded by !**/*.min.js
• views/js/loader/taoItems.min.js.map is excluded by !**/*.map, !**/*.min.js.map

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

⚙️ Run configuration

Configuration used: Path: https://raw.githubusercontent.com/oat-sa/tao-code-quality/main/coderabbit/php/authoring/v1/.coderabbit.yaml (via .coderabbit.yaml)

Review profile: CHILL

Plan: Pro

Run ID: f4e13517-0e6f-4f01-93b9-6ee7a390d4df

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

📝 Walkthrough

Walkthrough

The edit item controller now parses the page URL and, during start(), reads the autoAction query parameter; if present and authoring is enabled and the action exists, it immediately executes that action. The change adds a dependency on util/url and conditional auto-action execution.

Changes

Cohort / File(s)	Summary
URL-driven Action Execution views/js/controller/items/edit.js	Added util/url dependency and logic in start() to parse autoAction from the URL and invoke actions.exec(autoAction) when config.isAuthoringEnabled is true and the action exists.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly relates to the main change: adding URL-driven auto-action execution via the autoAction query parameter to automatically open/trigger actions in the editor by link.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/AUT-4535/auto-open-editor-by-link

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Front-end summary Node 18

💯 Total	✅ Passed	⏭️ Skipped	❌ Failed
29	29	0	0

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@views/js/controller/items/edit.js`:
- Around line 72-76: Validate and constrain autoAction before executing: replace
the direct call to actions.exec(autoAction) with logic that builds an explicit
allowlist (e.g., const allowed = ['save','publish','preview']), ensure
config.isAuthoringEnabled still true, then verify the parsedUrl.query.autoAction
value is present in that allowlist and corresponds to a callable/enabled action
on the actions object (e.g., typeof actions[autoAction] === 'function' or
actions.hasOwnProperty(autoAction'), and if available check
actions[autoAction].enabled === true or call actions.isEnabled(autoAction));
only then call actions.exec(autoAction); otherwise ignore or log a warning.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: https://raw.githubusercontent.com/oat-sa/tao-code-quality/main/coderabbit/php/authoring/v1/.coderabbit.yaml (via .coderabbit.yaml)

Review profile: CHILL

Plan: Pro

Run ID: 249e99d5-abce-45d1-8bab-de5a8ead54ab

📥 Commits

Reviewing files that changed from the base of the PR and between 38b5ab3 and a804abd.

📒 Files selected for processing (1)

• views/js/controller/items/edit.js

[Karol-Stelmaczonek]

• New code is covered by tests (if applicable)
• Tests are running successfully (old and new ones) on my local machine (if applicable)
• New code is respecting code style rules
• New code is respecting best practices
• New code is not subject to concurrency issues (if applicable)
• Feature is working correctly on my local machine (if applicable)
• Acceptance criteria are respected
• Pull request title and description are meaningful

[coderabbitai]

♻️ Duplicate comments (1)

views/js/controller/items/edit.js (1)

72-75: ⚠️ Potential issue | 🟠 Major

Use action-specific enablement checks instead of a global authoring gate.

At Line 74, config.isAuthoringEnabled is used for every autoAction. This can block valid non-authoring actions (e.g., preview) and does not ensure the selected action is currently enabled.

Proposed fix

-            const parsedUrl = urlUtil.parse(window.location.href);
-            const autoAction = parsedUrl.query.autoAction;
-            if (autoAction && config.isAuthoringEnabled && actions.getBy(autoAction)) {
-                actions.exec(autoAction);
-            }
+            const parsedUrl = urlUtil.parse(window.location.href);
+            const autoAction = parsedUrl?.query?.autoAction;
+            const targetAction = typeof autoAction === 'string' ? actions.getBy(autoAction) : null;
+
+            if (targetAction && !targetAction.state.disabled) {
+                actions.exec(autoAction);
+            }

As per coding guidelines, "Implement proper input validation and sanitization." and "Follow the principle of least privilege for user permissions."

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@views/js/controller/items/edit.js` around lines 72 - 75, The code currently
blocks autoAction execution with a global config.isAuthoringEnabled gate;
instead retrieve the action via actions.getBy(autoAction) and run the
action-specific enablement check (e.g., call action.isEnabled(), action.enabled,
or action.isAllowedForCurrentUser()) before calling actions.exec(autoAction);
only consult config.isAuthoringEnabled if the resolved action explicitly
requires authoring (e.g., action.requiresAuthoring) and include a presence check
on parsedUrl.query.autoAction to avoid executing unknown actions.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@views/js/controller/items/edit.js`:
- Around line 72-75: The code currently blocks autoAction execution with a
global config.isAuthoringEnabled gate; instead retrieve the action via
actions.getBy(autoAction) and run the action-specific enablement check (e.g.,
call action.isEnabled(), action.enabled, or action.isAllowedForCurrentUser())
before calling actions.exec(autoAction); only consult config.isAuthoringEnabled
if the resolved action explicitly requires authoring (e.g.,
action.requiresAuthoring) and include a presence check on
parsedUrl.query.autoAction to avoid executing unknown actions.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: https://raw.githubusercontent.com/oat-sa/tao-code-quality/main/coderabbit/php/authoring/v1/.coderabbit.yaml (via .coderabbit.yaml)

Review profile: CHILL

Plan: Pro

Run ID: 7366a587-24ad-433e-a075-83c098e582f8

📥 Commits

Reviewing files that changed from the base of the PR and between a804abd and c392c78.

📒 Files selected for processing (1)

• views/js/controller/items/edit.js

[github-actions]

Version

Target Version	13.1.0
Last version	13.0.8

There are 0 BREAKING CHANGE, 1 feature, 1 fix