Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[#60518] validate enterprise action in backend #17644

Merged
merged 1 commit into from
Jan 21, 2025
Merged

[#60518] validate enterprise action in backend #17644

merged 1 commit into from
Jan 21, 2025

Conversation

Kharonus
Copy link
Member

Ticket

OP#60519

What are you trying to accomplish?

  • if UI is tricked, update of subject generation must still be controlled by enterprise guard

What approach did you choose and why?

  • validate pattern update against enterprise action before parsing it

@Kharonus Kharonus requested a review from a team January 17, 2025 13:30
@Kharonus Kharonus self-assigned this Jan 17, 2025
@Kharonus Kharonus mentioned this pull request Jan 17, 2025
Merged
@Kharonus Kharonus force-pushed the implementation/60518-validate-enterprise-token-on-backend-side branch from 99fb480 to f3f2206 Compare January 17, 2025 13:38
NobodysNightmare
NobodysNightmare requested changes Jan 20, 2025
View reviewed changes
Copy link
Contributor

@NobodysNightmare NobodysNightmare left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd have expected to find this validation logic on a contract, though I also find it acceptable on the update service. Just a surprise for me. Is this because updating types is different or would you also have implemented it like this on a model that follows all our usual patterns? (create service, update service, contracts, etc)

🟡 Should we have specs for the new validation?

app/services/update_type_service.rb Outdated Show resolved Hide resolved
app/services/update_type_service.rb Outdated Show resolved Hide resolved
@Kharonus
Copy link
Member Author

Added some unit tests

@Kharonus
[#60518] validate enterprise action in backend
71f99d2 
- https://community.openproject.org/work_packages/60518
- if UI is tricked, the update is guarded by an enterprise action,
  prevent persistence
- added unit tests for pattern validation
@Kharonus Kharonus force-pushed the implementation/60518-validate-enterprise-token-on-backend-side branch from f96e564 to 71f99d2 Compare January 21, 2025 11:55
@Kharonus Kharonus merged commit 48ba0f6 into dev Jan 21, 2025
11 checks passed
@Kharonus Kharonus deleted the implementation/60518-validate-enterprise-token-on-backend-side branch January 21, 2025 12:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@NobodysNightmare NobodysNightmare NobodysNightmare approved these changes

Assignees

@Kharonus Kharonus

Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Kharonus @NobodysNightmare