[issue_tracker] Add ExternalIssueID field with permission control (#9795) #10254
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…es#9795) This commit adds an ExternalIssueID field to the issue_tracker module, allowing administrators to link LORIS issues to external issue trackers (e.g., GitHub, Jira). Changes: - Add externalIssueID column to issues table (varchar 255) - Add externalIssueID to issues_history fieldChanged enum for tracking - Create new permission: issue_tracker_external_id - Backend: Hide field from GET response if user lacks permission - Backend: Validate POST requests to prevent unauthorized edits - Frontend: Conditionally render field based on permission - Frontend: Restrict editing to users with specific permission - Update CommentList to display externalIssueID changes in history - Update raisinbread test data with new column and permission Security: - Users without issue_tracker_external_id permission cannot view the field - Frontend prevents editing by checking hasExternalIdPermission - Backend validates POST data and strips externalIssueID if unauthorized - Prevents bypass attempts via direct API calls [issue_tracker] Update documentation for External Issue ID feature (aces#9795) - Add CHANGELOG entry for External Issue ID field - Update test plan with test cases for External Issue ID visibility and editing - Add test cases for permission-based access control - Add security test for backend validation
github-actions
bot
added
Language: SQL
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Brief summary of changes
This PR adds an External Issue ID field to the issue_tracker module, allowing administrators to link LORIS issues to external issue trackers (e.g., GitHub, Jira).
Key Features:
externalIssueIDfield (varchar 255) in theissuestableissue_tracker_external_idpermissionImplementation Details:
Database: Added column to
issuestable and updatedissues_historyenumBackend: Permission checks in GET (hide field) and POST (validate edits) endpoints
Frontend: Conditional rendering and editing based on user permission
Migration: SQL patch for existing databases (2026-01-04-Add_ExternalIssueID_to_issues.sql)
Have you updated related documentation?
Link(s) to related issue(s)