Skip to content

FORMS-1155 lock down form version viewing #1777

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
BrandonSharratt wants to merge 4 commits into
base: main
Choose a base branch
from
Open

FORMS-1155 lock down form version viewing #1777

BrandonSharratt wants to merge 4 commits into from

Conversation

@BrandonSharratt
Copy link

@BrandonSharratt BrandonSharratt commented Oct 25, 2025
edited
Loading

Description

Lock the viewing / exporting of versions if you know the form guid and can submit it.
Because other things rely on the existing functionality it will only strip form versions from the api response, and only if the user is passed in and doesn't have requisite permissions

Frontend changes will show an error if the api doesn't return versions in the response

Type of Change

fix (a bug fix)

This is a breaking change because ...
Somethings may be relying on getting the value when it shouldn't be returned and the api will no longer return it

Checklist

  • I have read the CONTRIBUTING doc
  • I have checked that unit tests pass locally with my changes
  • I have run the npm script lint on the frontend and backend
  • I have added tests that prove my fix is effective or that my feature works
  • I have added necessary documentation (if appropriate)
  • I have approval from the product owner for the contribution in this pull request

Further comments

@nimya-aot
Copy link
Contributor

nimya-aot commented Oct 30, 2025

@BrandonSharratt Could you please deploy this PR to the PR environment so the Cypress tests can run and we can confirm that nothing is broken?

@BrandonSharratt BrandonSharratt self-assigned this Nov 5, 2025
@sonarqubecloud
Copy link

sonarqubecloud bot commented Nov 5, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@github-actions
Copy link

github-actions bot commented Nov 5, 2025

Release 251d559 deployed at https://chefs-dev.apps.silver.devops.gov.bc.ca/pr-1777

@BrandonSharratt
Copy link
Author

BrandonSharratt commented Nov 5, 2025
edited
Loading

@BrandonSharratt Could you please deploy this PR to the PR environment so the Cypress tests can run and we can confirm that nothing is broken?

Deployed now @nimya-aot

@nimya-aot
Copy link
Contributor

nimya-aot commented Nov 5, 2025

@BrandonSharratt Could you please deploy this PR to the PR environment so the Cypress tests can run and we can confirm that nothing is broken?

Deployed now @nimya-aot

thanks!

jasonchung1871
jasonchung1871 reviewed Nov 10, 2025
View reviewed changes
app/frontend/src/components/forms/manage/ManageLayout.vue
await formStore.getFormPermissionsForUser(properties.f);
} else {
notificationStore.addNotification({
text: t('trans.baseSecure.401UnAuthorizedErrMsg'),
Copy link
Contributor

@jasonchung1871 jasonchung1871 Nov 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If this fails, a more appropriate message should be considered. It could be an error message specifically for getFormPermissionsForUser failing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jasonchung1871 jasonchung1871 jasonchung1871 left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@BrandonSharratt BrandonSharratt

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@BrandonSharratt @nimya-aot @jasonchung1871