Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Non-admin project Role request to /projects/ID/features/ID Causes Crash #4289

Merged
merged 2 commits into from
Jul 18, 2024
Merged

fix: Non-admin project Role request to /projects/ID/features/ID Causes Crash #4289

merged 2 commits into from
Jul 18, 2024

Conversation

novakzaballa
Copy link
Contributor

@novakzaballa novakzaballa commented Jul 5, 2024
edited
Loading

Thanks for submitting a PR! Please check the boxes below:

  • I have run pre-commit to check linting
  • I have added information to docs/ if required so people know about the feature!
  • I have filled in the "Changes" section below?
  • I have filled in the "How did you test this code" section below?
  • I have used a Conventional Commit title for this Pull Request

Changes

Tag IDs are only sent when there is permission that have tags. For example DELETE_FEATURE.

Fixes #4286

How did you test this code?

  1. Create a role with View Project, View environment, and update feature state, and assign it to test user
  2. Log in with the test user
  3. Go to the project -> environment that you have permission to access.
  4. Select a feature and update the feature state

@novakzaballa novakzaballa requested a review from a team as a code owner July 5, 2024 21:59
@novakzaballa novakzaballa requested review from khvn26 and removed request for a team July 5, 2024 21:59
@vercel Vercel
Copy link

vercel bot commented Jul 5, 2024
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

3 Skipped Deployments
Name Status Preview Comments Updated (UTC)
docs ⬜️ Ignored (Inspect) Visit Preview Jul 16, 2024 5:09pm
flagsmith-frontend-preview ⬜️ Ignored (Inspect) Visit Preview Jul 16, 2024 5:09pm
flagsmith-frontend-staging ⬜️ Ignored (Inspect) Visit Preview Jul 16, 2024 5:09pm

@github-actions github-actions bot added api Issue related to the REST API feature New feature or request labels Jul 5, 2024
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jul 5, 2024
edited
Loading

flagsmith-private-cloud image build and security scan finished ✨

Image Build Status Security report
ghcr.io/flagsmith/flagsmith-private-cloud:pr-4289 Finished ✅ Results

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jul 5, 2024
edited
Loading

flagsmith-api image build and security scan finished ✨

Image Build Status Security report
ghcr.io/flagsmith/flagsmith-api:pr-4289 Finished ✅ Results

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jul 5, 2024
edited
Loading

flagsmith-frontend image build and security scan finished ✨

Image Build Status Security report
ghcr.io/flagsmith/flagsmith-frontend:pr-4289 Finished ✅ Results

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jul 5, 2024
edited
Loading

flagsmith image build and security scan finished ✨

Image Build Status Security report
ghcr.io/flagsmith/flagsmith:pr-4289 Finished ✅ Results

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jul 5, 2024
edited
Loading

flagsmith-e2e image build finished ✨

Image Build Status Security report
ghcr.io/flagsmith/flagsmith-e2e:pr-4289 Finished ✅ Skipped

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jul 5, 2024
edited
Loading

Uffizzi Preview deployment-53895 was deleted.

@codecov Codecov
Copy link

codecov bot commented Jul 5, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 96.77%. Comparing base (c2a33e6) to head (cdece74).
Report is 40 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #4289      +/-   ##
==========================================
+ Coverage   96.60%   96.77%   +0.16%     
==========================================
  Files        1195     1159      -36     
  Lines       39099    38079    -1020     
==========================================
- Hits        37773    36852     -921     
+ Misses       1326     1227      -99

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@matthewelwell matthewelwell changed the title feat: Non-admin project Role request to /projects/ID/features/ID Caus… fix: Non-admin project Role request to /projects/ID/features/ID Causes Crash Jul 8, 2024
matthewelwell
matthewelwell reviewed Jul 12, 2024
View reviewed changes
Copy link
Contributor

@matthewelwell matthewelwell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't quite understand how this is any different? From what I can tell, the tag_ids variable is set to an empty list above, which will evaluate as falsy, the same as the default on the has_project_permission method.

Could you add more description and ideally add a test that would replicate the issue?

@github-actions github-actions bot added fix and removed feature New feature or request labels Jul 16, 2024
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jul 16, 2024
edited
Loading

Docker builds report

Image Build Status Security report
ghcr.io/flagsmith/flagsmith-api-test:pr-4289 Finished ✅ Skipped
ghcr.io/flagsmith/flagsmith-e2e:pr-4289 Finished ✅ Skipped
ghcr.io/flagsmith/flagsmith-frontend:pr-4289 Finished ✅ Results
ghcr.io/flagsmith/flagsmith-api:pr-4289 Finished ✅ Results
ghcr.io/flagsmith/flagsmith:pr-4289 Finished ✅ Results
ghcr.io/flagsmith/flagsmith-private-cloud:pr-4289 Finished ✅ Results

@novakzaballa
Copy link
Contributor Author

I don't quite understand how this is any different? From what I can tell, the tag_ids variable is set to an empty list above, which will evaluate as falsy, the same as the default on the has_project_permission method.

Could you add more description and ideally add a test that would replicate the issue?

Change the code so that instead of the value of tag_ids being [], it will be None. This change is based on this line of code:

flagsmith/api/permissions/permission_service.py

Line 74 in cdece74

- If `tag_ids` is None, tags filter will not be applied

This adjustment is needed because when making the GET request to api/v1/projects/id/features/id/, tag-based permissions should not be applied (we should only send an array, in the case of using the DELETE_FEATURE permission)

@matthewelwell matthewelwell added this pull request to the merge queue Jul 18, 2024
Merged via the queue into main with commit bce6530 Jul 18, 2024
33 checks passed
@matthewelwell matthewelwell deleted the fix/non-admin-project-role-request-to-projects-id-features-id-causes-crash branch July 18, 2024 15:50
@flagsmithdev flagsmithdev mentioned this pull request Jul 18, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@matthewelwell matthewelwell matthewelwell approved these changes

@khvn26 khvn26 Awaiting requested review from khvn26 khvn26 is a code owner automatically assigned from Flagsmith/flagsmith-back-end

Assignees
No one assigned
Labels
api Issue related to the REST API fix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Non-admin project Role request to /projects/ID/features/ID Causes Crash
2 participants
@novakzaballa @matthewelwell