fix: pass boardId to attachmentController#7708
Conversation
|
🐢 Performance warning. |
grnd-alt
force-pushed
the
fix/federation-wrong-references
branch
from
209592f to
83478a3
Compare
|
🐢 Performance warning. |
grnd-alt
force-pushed
the
fix/federation-wrong-references
branch
from
83478a3 to
5f23187
Compare
|
🐢 Performance warning. |
github-project-automation
bot
moved this to 🧭 Planning evaluation (don't pick)
in 📝 Productivity team
grnd-alt
moved this from 🧭 Planning evaluation (don't pick)
to 👀 In review
in 📝 Productivity team
grnd-alt
force-pushed
the
fix/federation-wrong-references
branch
from
5f23187 to
d14b202
Compare
|
🐢 Performance warning. |
| private function ensureLocalBoard(?int $boardId): void { | ||
| if ($boardId) { | ||
| $board = $this->boardService->find($boardId); | ||
| if ($board->getExternalId()) { |
There was a problem hiding this comment.
maybe add a check to ensure that the board exists before accessing it.
There was a problem hiding this comment.
it's already integrated in the boardservice/permissionservice to throw NoPermission when the board does not exist
Signed-off-by: grnd-alt <git@belakkaf.net>
grnd-alt
force-pushed
the
fix/federation-wrong-references
branch
from
d14b202 to
696ca2f
Compare
github-project-automation
bot
moved this from 👀 In review
to ☑️ Done
in 📝 Productivity team
3 participants
this PR prevents requests on federated boards from being wrongly associated.
By passing the current boardId to the controller we can check if the board is a federated board and then block the request.
If the boardId is not passed we assume the board is local, as the client knows what it received from the BE before, and can that way spare the query to get the localBoard (in a future pr).
An attempt to show the error that currently happens and requires the change:
