fix: disable editing runtime variable if key is same as collection#6835
Conversation
WalkthroughThese changes expand immutability protections for runtime variables defined in a collection's runtimeVariables map, ensuring they're treated as read-only across both variable update operations and the editor's variable information display. Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes Poem
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing touches
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 1
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
packages/bruno-app/src/providers/ReduxStore/slices/collections/actions.js (1)
1867-1875: Fix read-only detection for falsy runtime values.The truthy check will miss runtime variables whose value is
'',0, orfalse, letting users edit a read-only runtime var. Use a key-existence check instead.🐛 Proposed fix
- if (type === 'runtime' || (collection && collection.runtimeVariables && collection.runtimeVariables[variableName])) { + if ( + type === 'runtime' + || (collection && collection.runtimeVariables + && Object.prototype.hasOwnProperty.call(collection.runtimeVariables, variableName)) + ) { toast.error('Runtime variables are set by scripts and cannot be edited'); return reject(new Error('Runtime variables are read-only')); }
🤖 Fix all issues with AI agents
In `@packages/bruno-app/src/utils/codemirror/brunoVarInfo.js`:
- Around line 255-258: The check for runtime variables uses
collection.runtimeVariables[variableName], which treats falsy values as absent;
change the detection to test key existence (e.g., use
Object.prototype.hasOwnProperty.call(collection.runtimeVariables, variableName)
or (variableName in collection.runtimeVariables)) when computing
hasRuntimeVariable and when computing isReadOnly (which references
scopeInfo.type and hasRuntimeVariable). Update the hasRuntimeVariable logic in
the same way for the other occurrences that compute runtime-variable presence
(the other places that set hasRuntimeVariable / use collection.runtimeVariables
and then set isReadOnly) so keys with falsy values are correctly detected as
present.
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (2)
packages/bruno-app/src/providers/ReduxStore/slices/collections/actions.jspackages/bruno-app/src/utils/codemirror/brunoVarInfo.js
🧰 Additional context used
📓 Path-based instructions (1)
**/*.{js,jsx,ts,tsx}
📄 CodeRabbit inference engine (CODING_STANDARDS.md)
**/*.{js,jsx,ts,tsx}: Use 2 spaces for indentation. No tabs, just spaces
Stick to single quotes for strings. For JSX/TSX attributes, use double quotes (e.g., )
Always add semicolons at the end of statements
No trailing commas
Always use parentheses around parameters in arrow functions, even for single params
For multiline constructs, put opening braces on the same line, and ensure consistency. Minimum 2 elements for multiline
No newlines inside function parentheses
Space before and after the arrow in arrow functions.() => {}is good
No space between function name and parentheses.func()notfunc ()
Semicolons go at the end of the line, not on a new line
Names for functions need to be concise and descriptive
Add in JSDoc comments to add more details to the abstractions if needed
Add in meaningful comments instead of obvious ones where complex code flow is explained properly
Files:
packages/bruno-app/src/utils/codemirror/brunoVarInfo.jspackages/bruno-app/src/providers/ReduxStore/slices/collections/actions.js
🧠 Learnings (4)
📚 Learning: 2026-01-13T13:42:21.661Z
Learnt from: sanish-bruno
Repo: usebruno/bruno PR: 6792
File: packages/bruno-converters/tests/bruno/bruno-to-postman-translations/variables.test.js:54-73
Timestamp: 2026-01-13T13:42:21.661Z
Learning: In the Bruno converters package (packages/bruno-converters), when translating Bruno variable accessors to Postman: bru.getCollectionVar, bru.getFolderVar, and bru.getRequestVar should all map to pm.variables.get() instead of using Postman's more specific scoped APIs like pm.collectionVariables.get(). The generic pm.variables.get() approach is preferred for these variable types.
Applied to files:
packages/bruno-app/src/utils/codemirror/brunoVarInfo.js
📚 Learning: 2025-12-17T21:41:24.730Z
Learnt from: naman-bruno
Repo: usebruno/bruno PR: 6407
File: packages/bruno-app/src/components/Environments/ConfirmCloseEnvironment/index.js:5-41
Timestamp: 2025-12-17T21:41:24.730Z
Learning: Do not suggest PropTypes validation for React components in the Bruno codebase. The project does not use PropTypes, so reviews should avoid proposing PropTypes and rely on the existing typing/validation approach (e.g., TypeScript or alternative runtime checks) if applicable. This guideline applies broadly to all JavaScript/JSX components in the repo.
Applied to files:
packages/bruno-app/src/utils/codemirror/brunoVarInfo.jspackages/bruno-app/src/providers/ReduxStore/slices/collections/actions.js
📚 Learning: 2026-01-09T18:25:14.640Z
Learnt from: kanakkholwal
Repo: usebruno/bruno PR: 6767
File: packages/bruno-app/src/components/ResponseExample/index.js:221-226
Timestamp: 2026-01-09T18:25:14.640Z
Learning: In the Bruno Electron renderer code (packages/bruno-app), assume window.ipcRenderer is always available and skip existence checks. Do not guard for ipcRenderer in this Electron context; use window.ipcRenderer directly (e.g., window.ipcRenderer.send(...), window.ipcRenderer.on(...)). If there are non-Electron contexts (such as test environments or non-Electron builds), add guards or mocks to avoid runtime errors there, but for the intended Electron renderer files, this pattern should be applied broadly within packages/bruno-app.
Applied to files:
packages/bruno-app/src/utils/codemirror/brunoVarInfo.jspackages/bruno-app/src/providers/ReduxStore/slices/collections/actions.js
📚 Learning: 2026-01-07T18:53:37.000Z
Learnt from: naman-bruno
Repo: usebruno/bruno PR: 6735
File: packages/bruno-electron/src/ipc/collection.js:936-939
Timestamp: 2026-01-07T18:53:37.000Z
Learning: In the bruno repository, the Redux reducer determines collection format by checking for the `opencollection` property in brunoConfig. The `version` property is not used for format detection, so having both `version` and `opencollection` properties together doesn't cause issues since `opencollection` takes precedence.
Applied to files:
packages/bruno-app/src/providers/ReduxStore/slices/collections/actions.js
🧬 Code graph analysis (1)
packages/bruno-app/src/utils/codemirror/brunoVarInfo.js (1)
packages/bruno-app/src/utils/collections/index.js (5)
collection(587-587)collection(1175-1175)collection(1177-1177)collection(1612-1612)collection(1622-1622)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)
- GitHub Check: SSL Tests - Linux
- GitHub Check: SSL Tests - Windows
- GitHub Check: Playwright E2E Tests
- GitHub Check: CLI Tests
- GitHub Check: Unit Tests
- GitHub Check: SSL Tests - macOS
✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.
| // Check if a runtime variable exists with the same name (even if scope is detected as collection/folder/environment) | ||
| const hasRuntimeVariable = collection && collection.runtimeVariables && collection.runtimeVariables[variableName]; | ||
| // Check if variable is read-only (process.env, runtime, dynamic/faker, oauth2, and undefined variables cannot be edited) | ||
| const isReadOnly = scopeInfo.type === 'process.env' || scopeInfo.type === 'runtime' || scopeInfo.type === 'dynamic' || scopeInfo.type === 'oauth2' || scopeInfo.type === 'undefined'; | ||
| const isReadOnly = scopeInfo.type === 'process.env' || scopeInfo.type === 'runtime' || scopeInfo.type === 'dynamic' || scopeInfo.type === 'oauth2' || scopeInfo.type === 'undefined' || hasRuntimeVariable; |
There was a problem hiding this comment.
Ensure runtime-variable detection works with falsy values.
collection.runtimeVariables[variableName] fails for keys with falsy values, which will mislabel scope and allow editable UI. Use a key-existence check.
🐛 Proposed fix
- const hasRuntimeVariable = collection && collection.runtimeVariables && collection.runtimeVariables[variableName];
+ const hasRuntimeVariable = collection && collection.runtimeVariables
+ && Object.prototype.hasOwnProperty.call(collection.runtimeVariables, variableName);Also applies to: 284-287, 585-589
🤖 Prompt for AI Agents
In `@packages/bruno-app/src/utils/codemirror/brunoVarInfo.js` around lines 255 -
258, The check for runtime variables uses
collection.runtimeVariables[variableName], which treats falsy values as absent;
change the detection to test key existence (e.g., use
Object.prototype.hasOwnProperty.call(collection.runtimeVariables, variableName)
or (variableName in collection.runtimeVariables)) when computing
hasRuntimeVariable and when computing isReadOnly (which references
scopeInfo.type and hasRuntimeVariable). Update the hasRuntimeVariable logic in
the same way for the other occurrences that compute runtime-variable presence
(the other places that set hasRuntimeVariable / use collection.runtimeVariables
and then set isReadOnly) so keys with falsy values are correctly detected as
present.
|
@shubh-bruno Looks good from the UI perspective. |
Description
PR fixes : #6821
Jira
Contribution Checklist:
Note: Keeping the PR small and focused helps make it easier to review and merge. If you have multiple changes you want to make, please consider submitting them as separate pull requests.
Publishing to New Package Managers
Please see here for more information.
Summary by CodeRabbit
Bug Fixes
Improvements
✏️ Tip: You can customize this high-level summary in your review settings.