Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(#9065): block offline users from using api/v1/person endpoint #9205

Merged
merged 1 commit into from
Jun 25, 2024
Merged

fix(#9065): block offline users from using api/v1/person endpoint #9205

merged 1 commit into from
Jun 25, 2024

Conversation

jkuester
Copy link
Contributor

@jkuester jkuester commented Jun 24, 2024
edited by github-actions bot
Loading

Description

Result of #9065 (comment)

Closes #9065

Basically this PR just adds a check to the REST api so that only online users (user with full DB access) can call the person endpoint.

Code review checklist

  • Readable: Concise, well named, follows the style guide, documented if necessary.
  • Documented: Configuration and user documentation on cht-docs
  • Tested: Unit and/or e2e where appropriate
  • Internationalised: All user facing text
  • Backwards compatible: Works with existing data and configuration or includes a migration. Any breaking changes documented in the release notes.

Compose URLs

If Build CI hasn't passed, these may 404:

License

The software is provided under AGPL-3.0. Contributions to this project are accepted under the same license.

@jkuester jkuester requested review from m5r and lorerod June 24, 2024 20:32
jkuester
jkuester commented Jun 24, 2024
View reviewed changes
shared-libs/cht-datasource/src/local/person.ts
@@ -17,7 +16,7 @@ export namespace v1 {
return false;
}
const hasPersonType = contactTypeUtils.isPerson(settings.getAll(), doc);
if (!hasPersonType || !isNormalizedParent(doc)) {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Decided to go ahead and drop this extra isNormalizedParent logic here before this gets released in 4.9 (as originally intended in https://github.com/medic/cht-core/pull/9177/files#r1644945012).

@jkuester
Copy link
Contributor Author

@m5r can you please merge this one you are happy with how it looks? 🙏

CC @latin-panda

lorerod
lorerod approved these changes Jun 24, 2024
View reviewed changes
Copy link
Contributor

@lorerod lorerod left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@m5r m5r merged commit 8ed110d into master Jun 25, 2024
40 checks passed
@m5r m5r deleted the 9065_block_offline_users branch June 25, 2024 06:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lorerod lorerod lorerod approved these changes

@m5r m5r Awaiting requested review from m5r

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

API Endpoint for getting person by UUID
3 participants
@jkuester @lorerod @m5r