Thanks to visit codestin.com
Credit goes to github.com

Skip to content

PIMS-1625: Parcel and Building view details agency authorization #2353

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
LawrenceLau2020 merged 7 commits into from
Apr 30, 2024
Merged

PIMS-1625: Parcel and Building view details agency authorization #2353

LawrenceLau2020 merged 7 commits into from
Apr 30, 2024

Conversation

@LawrenceLau2020
Copy link
Collaborator

@LawrenceLau2020 LawrenceLau2020 commented Apr 29, 2024
edited
Loading

🎯 Summary

PIMS-1625: - Parcel and Building view details agency authorization

Adding authorization checks to prevent a user from viewing a parcel or a building not belonging to their agency.
To test you can try as a "General user" by editing the url and changing the id of the parcel or building to one that has an agency which doesn't belong to your user's agency.

🔰 Checklist

  • I have read and agree with the following checklist and am following the guidelines in our Code of Conduct document.
  • I have performed a self-review of my code.
  • I have commented my code, particularly in hard-to-understand areas.
  • I have made corresponding changes to the documentation where required.
  • I have tested my changes to the best of my ability.
  • My changes generate no new warnings.

@LawrenceLau2020 LawrenceLau2020 self-assigned this Apr 29, 2024
@github-actions
Copy link

github-actions bot commented Apr 29, 2024

🚀 Deployment Information

The Express API Image has been built with the tag: 2353. Please make sure to utilize this specific tag when promoting these changes to the TEST and PROD environments during the API deployment. For more updates please monitor Image Tags Page on Wiki.

@qlty-cloud-legacy
Copy link

qlty-cloud-legacy bot commented Apr 29, 2024
edited
Loading

Code Climate has analyzed commit d1da9cc and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 75.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 95.6%.

View more on Code Climate.

@dbarkowsky
Copy link
Collaborator

dbarkowsky commented Apr 29, 2024

Right now, it seems like this isn't checking if I'm an admin or auditor. I should be able to see properties based on that.
Isn't this why we made the checkUserAgencyPermission function under /utilities?

@LawrenceLau2020
Copy link
Collaborator Author

LawrenceLau2020 commented Apr 29, 2024

checkUserAgencyPermission

Good catch! I'll refactor these 2 gets to use that function.

dbarkowsky
dbarkowsky approved these changes Apr 30, 2024
View reviewed changes
Copy link
Collaborator

@dbarkowsky dbarkowsky left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems to be working for me.
Prevented me from retrieving details of a parcel that wasn't under my agency.

@LawrenceLau2020 LawrenceLau2020 merged commit c74bf1a into main Apr 30, 2024
@LawrenceLau2020 LawrenceLau2020 deleted the PIMS-1625 branch April 30, 2024 16:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dbarkowsky dbarkowsky dbarkowsky approved these changes

@Sharala-Perumal Sharala-Perumal Awaiting requested review from Sharala-Perumal Sharala-Perumal is a code owner

@TaylorFries TaylorFries Awaiting requested review from TaylorFries TaylorFries is a code owner

@GrahamS-Quartech GrahamS-Quartech Awaiting requested review from GrahamS-Quartech

@ManishSihag ManishSihag Awaiting requested review from ManishSihag ManishSihag is a code owner

Assignees

@LawrenceLau2020 LawrenceLau2020

Labels

Express

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@LawrenceLau2020 @dbarkowsky