feat(surveys): add permission check on committee Create Survey CTA click

[MRashad26]

Summary

• Stale permission guard on Create Survey CTA: The committee surveys tab shows the "Create Survey" button based on canEdit() — derived from committee.writer at page-load time. If the member's role is downgraded from Manager to Member after the page loads, the stale signal still shows the button.
• Click handler with fresh permission check: Both Create Survey buttons (table-actions slot and empty-state) now call onCreateSurvey(), which fetches fresh committee permissions via getCommittee() before navigating. On denial, redirects to the lens-appropriate overview (/foundation/overview or /project/overview) with _notice=surveys so AppComponent.initAccessDeniedToast() shows the "Access Denied" toast — consistent with the writerGuard denial flow and lens-aware (unlike the equivalent fix in feat(meetings): add access-denied toast and fix meeting coordinator permissions #992 for meetings).
• The writerGuard on /surveys/create remains as the final safety net for direct URL access.

Changed files

File	Change
committee-surveys.component.ts	Inject CommitteeService, LensService, Router; add onCreateSurvey() click handler with fresh permission check and lens-aware deny redirect
committee-surveys.component.html	Replace [routerLink] + [queryParams] on both Create Survey buttons with (click)="onCreateSurvey()"

References

• Same pattern as committee-votes (PR feat(votes): add permission check on committee Create Vote CTA click #997) and committee-meetings (PR feat(meetings): add access-denied toast and fix meeting coordinator permissions #992)
• JIRA: LFXV2-2252

Test plan

• Log in as a committee Manager — Create Survey button is visible and clicking it navigates to /surveys/create with committee_uid and project query params
• Downgrade the member to Member role without refreshing the page — Create Survey button remains visible (stale canEdit()) but clicking it redirects to the project overview with an "Access Denied" toast
• Repeat the above under the foundation lens — redirect should go to /foundation/overview, not /project/overview
• As a user with no committee write access navigating directly to /surveys/create?committee_uid=... — writerGuard blocks and shows the toast

[coderabbitai]

Walkthrough

Both "Create Survey" buttons in committee-surveys.component.html are switched from [routerLink]/[queryParams] to (click)="onCreateSurvey()". The new onCreateSurvey() method in the component injects Router, committeeService, and lensService, fetches fresh committee data, and either navigates to /surveys/create or redirects to an overview route with a denial notice based on fresh.writer.

Changes

Permission-gated Create Survey navigation

Layer / File(s)	Summary
Permission check and navigation logic apps/lfx-one/src/app/modules/committees/components/committee-surveys/committee-surveys.component.ts, apps/lfx-one/src/app/modules/committees/components/committee-surveys/committee-surveys.component.html	Adds Router, committeeService, and lensService injections; implements onCreateSurvey() that fetches fresh committee data, redirects with _notice=surveys (and optional project) when fresh.writer !== true or on error, and otherwise navigates to /surveys/create with createSurveyQueryParams(); both template buttons replaced with (click)="onCreateSurvey()".

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• linuxfoundation/lfx-self-serve#952: Introduces createSurveyQueryParams() with the committee project query param that onCreateSurvey() now calls when navigating to /surveys/create.
• linuxfoundation/lfx-self-serve#992: Establishes the writerGuard/access-denied redirect flow for write-guarded routes that onCreateSurvey()'s _notice=surveys denial redirect complements.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main change: adding a permission check to the Create Survey button click handler.
Description check	✅ Passed	The description is well-structured and directly related to the changeset, explaining the problem, solution, and testing approach.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/LFXV2-2252-committee-survey-permission-check

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

ESLint install failed. For unrecoverable errors, disable the tool in CodeRabbit configuration.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

Adds a “fresh permission” check to the Committee Surveys tab’s Create Survey CTA so that stale, page-load-time canEdit() state can’t incorrectly allow navigation when committee write access has been revoked mid-session. This aligns the UX with the existing writerGuard denial flow by redirecting with _notice=surveys for the Access Denied toast, and makes the redirect lens-aware (foundation vs project).

Changes:

• Introduces onCreateSurvey() that re-fetches committee permissions via CommitteeService.getCommittee() before routing to /surveys/create.
• On denied/errored permission refresh, redirects to /foundation/overview or /project/overview with _notice=surveys (and project when available) to trigger the standard Access Denied toast.
• Replaces [routerLink] navigation on both Create Survey buttons with the new click handler.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File	Description
apps/lfx-one/src/app/modules/committees/components/committee-surveys/committee-surveys.component.ts	Adds fresh committee permission check on CTA click and lens-aware denial redirect before navigating to survey creation.
apps/lfx-one/src/app/modules/committees/components/committee-surveys/committee-surveys.component.html	Routes Create Survey CTAs through (click)="onCreateSurvey()" instead of direct routerLink navigation.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[coderabbitai]

🧹 Nitpick comments (1)

apps/lfx-one/src/app/modules/committees/components/committee-surveys/committee-surveys.component.ts (1)

47-70: Button double-click during permission check — consistent with meetings component pattern.

The onCreateSurvey() method implements the same permission check pattern as the onScheduleMeeting() method in the meetings component, and both lack loading state protection. While multiple API calls won't cause functional issues (Angular Router handles duplicate navigations gracefully), consider adding a loading signal to disable the button during the check for better UX consistency.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@apps/lfx-one/src/app/modules/committees/components/committee-surveys/committee-surveys.component.ts`
around lines 47 - 70, The onCreateSurvey method lacks loading state protection,
allowing users to trigger multiple API calls by double-clicking the button
during the permission check. Add a loading signal (similar to the meetings
component's onScheduleMeeting pattern) that is set to true before initiating the
getCommittee call and set to false in both the next and error callback handlers.
Bind this loading signal to disable the create survey button to prevent
duplicate submissions during the permission verification.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In
`@apps/lfx-one/src/app/modules/committees/components/committee-surveys/committee-surveys.component.ts`:
- Around line 47-70: The onCreateSurvey method lacks loading state protection,
allowing users to trigger multiple API calls by double-clicking the button
during the permission check. Add a loading signal (similar to the meetings
component's onScheduleMeeting pattern) that is set to true before initiating the
getCommittee call and set to false in both the next and error callback handlers.
Bind this loading signal to disable the create survey button to prevent
duplicate submissions during the permission verification.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 29baa182-25ea-4fbb-84d3-b3921f65a3a1

📥 Commits

Reviewing files that changed from the base of the PR and between c2fea04 and 38154af.

📒 Files selected for processing (2)

• apps/lfx-one/src/app/modules/committees/components/committee-surveys/committee-surveys.component.html
• apps/lfx-one/src/app/modules/committees/components/committee-surveys/committee-surveys.component.ts

[github-actions]

🚀 Deployment Status

Your branch has been deployed to: https://ui-pr-1000.dev.v2.cluster.linuxfound.info

Deployment Details:

• Environment: Development
• Namespace: ui-pr-1000
• ArgoCD App: ui-pr-1000

The deployment will be automatically removed when this PR is closed.