fix: Scope workspace user preference filter to current user

[okxint]

The patch method in WorkspaceUserPreference was filtering by key and workspace__slug only. In a workspace with multiple users, .first() could grab a different user's preference row, so updating pin/sort state would either mutate the wrong user's data or leave the current user's preference unchanged — making sidebar state look like it didn't persist after refresh.

The get method already had user=request.user on its queries. Added the same filter to patch.

Closes #9260

Summary by CodeRabbit

• Bug Fixes
  • Resolved an issue where personal workspace preferences were not properly isolated between users within the same workspace.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 647cf0d9-5043-43e6-9650-1c043f6e8d36

📥 Commits

Reviewing files that changed from the base of the PR and between 53a323d and 5704594.

📒 Files selected for processing (1)

• apps/api/plane/app/views/workspace/user_preference.py

---

📝 Walkthrough

Walkthrough

In WorkspaceUserPreferenceViewSet.patch, the WorkspaceUserPreference queryset filter is extended with user=request.user, scoping preference lookup to the requesting user. Previously the filter used only key and workspace__slug, which could match another user's record in multi-member workspaces.

Changes

Workspace User Preference Filter Fix

Layer / File(s)	Summary
Scope preference lookup to requesting user apps/api/plane/app/views/workspace/user_preference.py	user=request.user added to the WorkspaceUserPreference.objects.filter(...) call in patch, preventing cross-user preference selection when multiple members share a workspace.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐰 A rabbit hops through workspace halls,
Each preference pinned upon the walls.
One tiny filter, user-scoped tight,
Keeps every sidebar pinned just right.
No more reversions after refresh—
My burrow stays exactly fresh! 🌿

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	The PR description clearly explains the bug, root cause, and fix, but lacks structured sections matching the provided template (Type of Change, Test Scenarios, etc.).	Fill in the description template sections: mark Type of Change (appears to be Bug fix), add Test Scenarios, and follow the template structure for consistency.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the primary change: scoping the workspace user preference filter to the current user to fix a critical data scoping bug.
Linked Issues check	✅ Passed	The code change directly addresses issue #9260 by adding user=request.user filter to the patch method, matching the get method implementation and fixing the data scoping bug.
Out of Scope Changes check	✅ Passed	The single-line change is narrowly focused on fixing the specific bug documented in #9260 with no extraneous modifications or scope creep.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}