Skip to content

Restrict non-idir user features #307

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 3 commits into
base: master
Choose a base branch
from
Draft

Restrict non-idir user features #307

wants to merge 3 commits into from

Conversation

TimCsaky
Copy link
Contributor

Description

Types of changes

Checklist

  • I have read the CONTRIBUTING doc
  • I have checked that unit tests pass locally with my changes
  • I have added tests that prove my fix is effective or that my feature works
  • I have added necessary documentation (if appropriate)

Further comments

@TimCsaky TimCsaky marked this pull request as draft May 28, 2025 00:10
@github-actions GitHub Actions
Copy link

github-actions bot commented May 28, 2025
edited
Loading

Release 991d72b deployed at https://coms-dev-pr-307.apps.silver.devops.gov.bc.ca

@github-actions GitHub Actions
Copy link

Coverage Report

Totals Coverage
Statements: 56.91% ( 3071 / 5396 )
Methods: 46.91% ( 334 / 712 )
Lines: 63.73% ( 1845 / 2895 )
Branches: 49.86% ( 892 / 1789 )

jatindersingh93
jatindersingh93 reviewed May 28, 2025
View reviewed changes
app/src/middleware/authorization.js Outdated
req.currentUser.tokenPayload.identity_provider !== 'idir' &&
!hasOnlyPermittedKeys(req.query, ['email', 'userId', 'identityId'])
) {
throw new Error('User lacks permission to complete this actionnn');
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just an extra 'n'

jatindersingh93
jatindersingh93 reviewed May 28, 2025
View reviewed changes
app/src/components/utils.js
@@ -72,6 +72,11 @@ const utils = {
return key || '/'; // set empty key to '/' to match convention in COMS db
},

hasOnlyPermittedKeys(obj, permittedKeys) {
const objKeys = Object.keys(obj);
return objKeys.every(key => permittedKeys.includes(key));
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

will this allow empty object? may be adding 'objKeys.length > 0 &&' will help?

TimCsaky
TimCsaky commented May 28, 2025
View reviewed changes
@TimCsaky TimCsaky changed the title Restrict non-idir user search Restrict non-idir user features Jun 2, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jatindersingh93 jatindersingh93 jatindersingh93 left review comments

@norrisng-bc norrisng-bc Awaiting requested review from norrisng-bc norrisng-bc is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@TimCsaky @jatindersingh93