Skip to content

Commit

Permalink
Merge pull request #1407 from gchq/bugfix/1319-fix-acess-req-required…
Browse files Browse the repository at this point in the history
…-validation

added more validation for editing access requests
  • Loading branch information
ARADDCC002 authored Jul 22, 2024
2 parents 1524b60 + ce025f3 commit d9be9ef
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 1 deletion.
14 changes: 14 additions & 0 deletions backend/src/services/accessRequest.ts
Original file line number Diff line number Diff line change
Expand Up @@ -127,6 +127,20 @@ export async function updateAccessRequest(
throw Forbidden(auth.info, { userDn: user.dn, accessRequestId })
}

// Ensure that the AR meets the schema
const schema = await findSchemaById(accessRequest.schemaId)
try {
new Validator().validate(accessRequest.metadata, schema.jsonSchema, { throwAll: true, required: true })
} catch (error) {
if (isValidatorResultError(error)) {
throw BadReq('Access Request Metadata could not be validated against the schema.', {
schemaId: accessRequest.schemaId,
validationErrors: error.errors,
})
}
throw error
}

if (diff.metadata) {
accessRequest.metadata = diff.metadata
accessRequest.markModified('metadata')
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ import MessageAlert from 'src/MessageAlert'
import { AccessRequestInterface, EntryKind, SplitSchemaNoRender } from 'types/types'
import { entitiesIncludesCurrentUser } from 'utils/entityUtils'
import { getErrorMessage } from 'utils/fetcher'
import { getStepsData, getStepsFromSchema } from 'utils/formUtils'
import { getStepsData, getStepsFromSchema, validateForm } from 'utils/formUtils'
import { getCurrentUserRoles, hasRole } from 'utils/roles'

type EditableAccessRequestFormProps = {
Expand Down Expand Up @@ -81,6 +81,16 @@ export default function EditableAccessRequestForm({
if (schema) {
setErrorMessage('')
setIsLoading(true)

for (const step of splitSchema.steps) {
const isValid = validateForm(step)

if (!isValid) {
setIsLoading(false)
return
}
}

const data = getStepsData(splitSchema, true)
const res = await patchAccessRequest(accessRequest.modelId, accessRequest.id, data)
if (!res.ok) {
Expand Down

0 comments on commit d9be9ef

Please sign in to comment.