Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

gh-275 Control access into non-secured domains contained inside other non-secured domains #282

Merged
merged 1 commit into from
Mar 4, 2022
Merged

gh-275 Control access into non-secured domains contained inside other non-secured domains #282

merged 1 commit into from
Mar 4, 2022

Conversation

olliefreeman
Copy link
Contributor

  • Implement a ModelItemInterceptor to standardise MI access
  • Update Interceptors where relevant to check the parent non-secured resource is actually inside the named provided resource
    This ensures access is stopped before it gets to the controllers
    It does require DB checking but theres no better way to prevent access across all endpoints
  • Update controllers to get the parent object using the secured resource
    Whilst the interceptors should prevent getting here this is a fall back and just good practice
  • Add validation to TermRelationship to check Terms are inside the same terminology
  • Add validation to the TermRelationshipController to ensure the terms used in the body match the one in the URL
  • Add service method for "exists" which uses count and a boolean return.
    This is faster than a find call

@olliefreeman
gh-275 Control access into non-secured domains contained inside other…
36a9748 
… non-secured domains

* Implement a ModelItemInterceptor to standardise MI access
* Update Interceptors where relevant to check the parent non-secured resource is actually inside the named provided resource
 This ensures access is stopped before it gets to the controllers
 It does require DB checking but theres no better way to prevent access across all endpoints
* Update controllers to get the parent object using the secured resource
 Whilst the interceptors should prevent getting here this is a fall back and just good practice
* Add validation to TermRelationship to check Terms are inside the same terminology
* Add validation to the TermRelationshipController to ensure the terms used in the body match the one in the URL
* Add service method for "exists" which uses count and a boolean return.
 This is faster than a find call
@olliefreeman olliefreeman merged commit 8838890 into develop Mar 4, 2022
@olliefreeman olliefreeman deleted the feature/gh-275 branch March 4, 2022 09:16
@olliefreeman olliefreeman linked an issue Mar 4, 2022 that may be closed by this pull request
Can save data class in database with inconsistent data #275
Closed
@olliefreeman olliefreeman added this to the 5.1.0 milestone Mar 17, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
MDM State
Status: Released
Milestone
5.1.0
Development

Successfully merging this pull request may close these issues.

Can save data class in database with inconsistent data
1 participant
@olliefreeman