Fix: Ensure non-configured rules default to empty array #18

michaelborn · 2020-12-09T15:05:19Z

If a developer declines to set a value for
moduleSettings.cbSecurity.rules when configuring cbSecurity, they get an error:

Element SETTINGS.RULES is undefined in ARGUMENTS.

IMHO, this is a failure on Coldbox's part to properly merge the
dev-defined coldbox moduleSettings.cbSecurity struct with cbSecurity's
own settings struct. Regardless, I'd expect the rules array to
default to an empty array as documented.

If a developer declines to set a value for `moduleSettings.cbSecurity.rules`, they get an error: ``` Element SETTINGS.RULES is undefined in ARGUMENTS. ``` IMHO, this is a failure on Coldbox's part to properly merge the dev-defined coldbox `moduleSettings.cbSecurity` struct with cbSecurity's own `settings` struct. Regardless, I'd expect the `rules` array to default to an empty array _[as documented](https://coldbox-security.ortusbooks.com/getting-started/first-chapter)_.

michaelborn · 2020-12-10T21:15:01Z

We can probably decline this PR. The only circumstance in which this "bug" occurs is when a dumb developer (cough, sortof me, sortof) tries to manually run the cbSecurity.interceptors.Security interceptor and passes an invalid configuration by declining to set a rules property/array.

lmajano merged commit 62da75a into coldbox-modules:development Dec 11, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Fix: Ensure non-configured rules default to empty array #18

Fix: Ensure non-configured rules default to empty array #18

Uh oh!

michaelborn commented Dec 9, 2020

Uh oh!

michaelborn commented Dec 10, 2020

Uh oh!

Uh oh!

Fix: Ensure non-configured rules default to empty array #18

Fix: Ensure non-configured rules default to empty array #18

Uh oh!

Conversation

michaelborn commented Dec 9, 2020

Uh oh!

michaelborn commented Dec 10, 2020

Uh oh!

Uh oh!