fix: validate user group exists in UpdateUser (fixes #5236)

[mshzy]

fix: validate user group exists in UpdateUser (fixes #5236)

Add group existence validation in UpdateUser to prevent writing
non-existent group names to the database.

• Add IsUserUsableGroup() helper to setting/user_usable_group.go
• Validate updatedUser.Group in controller/user.go UpdateUser handler
• Return error with descriptive message when group does not exist

Summary by CodeRabbit

• Bug Fixes

  • Improved validation for user group assignments to prevent non-existent groups from being set when updating user accounts.

• New Features

  • Added a capability to check which groups are available for users, strengthening group-assignment checks and error reporting.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 25ee6c2d-e5ca-4263-bb20-c08e22f9c0b2

📥 Commits

Reviewing files that changed from the base of the PR and between 426b765 and d2fdc0c.

📒 Files selected for processing (1)

• controller/user.go

---

Walkthrough

Adds a thread-safe group existence check and an early guard in UpdateUser: the handler now rejects non-empty unknown group names (using ratio_setting) before applying updates.

Changes

User Group Validation

Layer / File(s)	Summary
User group validation function and enforcement setting/user_usable_group.go, controller/user.go	Adds IsUserUsableGroup (thread-safe lookup of userUsableGroups) and an import plus an early-guard in UpdateUser that returns MsgInvalidParams when a non-empty updatedUser.Group is not present in ratio_setting, preventing invalid group names from being persisted.

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐰 I hop through code with careful paws,
I check each group against the laws,
With read-locks snug and errors clear,
No phantom group shall linger here.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 25.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: adding validation for user group existence in the UpdateUser endpoint.
Linked Issues check	✅ Passed	The PR implementation fully addresses the linked issue #5236 by validating group existence before writing to the database using ratio_setting.ContainsGroupRatio.
Out of Scope Changes check	✅ Passed	All changes are directly scoped to the issue requirements: group validation in UpdateUser and the supporting helper function.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@controller/user.go`:
- Around line 594-597: The current validation uses setting.IsUserUsableGroup
which checks the description map and can allow groups that lack ratio/channel
config; change the guard to validate updatedUser.Group against the authoritative
ratio-setting map returned by ratio_setting.GetGroupRatioCopy() (the same source
used in controller/group.go and channel selection). Specifically, replace the
IsUserUsableGroup check with a lookup in the map from GetGroupRatioCopy() and
return the same ApiErrorI18n if the group key is missing or empty so only groups
with configured ratios/channels are accepted.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: f52e9527-276f-4a64-aaba-99f2d277d41e

📥 Commits

Reviewing files that changed from the base of the PR and between 7aaa533 and 426b765.

📒 Files selected for processing (2)

• controller/user.go
• setting/user_usable_group.go