-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Tasks in locked dates can be updated via API #491
Comments
jaragunde
added a commit
that referenced
this issue
May 7, 2021
We were only checking the new task date in a task update operation, instead of also checking the saved date. As a result, it was possible to move a task from a locked date to an unlocked one, and then update any other field. As a side effect, we break the assumption in PartialUpdateTasksAction that every DirtyTask contains a date, which helps fixing #491.
jaragunde
added a commit
that referenced
this issue
Sep 14, 2021
Reviewed in PR #499:
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
A task saved in a date that was locked using the "date block" feature can still be updated with an API call that modifies the task date.
Imagine that the task was saved on Dec, 31st last year, and phpreport was configured to lock edition on last year tasks. A request to
updateTasksService.php
attempting to modify any field of the task will be refused, unless the request attempts to modify the date of that task, setting it to a date that is not locked (for example, today). In that case, it will be accepted.The text was updated successfully, but these errors were encountered: