New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
prevent editing of category names with hardcoded flag #3227
prevent editing of category names with hardcoded flag #3227
Conversation
a15907f
to
bfce60e
Compare
Codecov Report
@@ Coverage Diff @@
## master #3227 +/- ##
==========================================
+ Coverage 83.88% 83.89% +0.01%
==========================================
Files 251 251
Lines 15944 15949 +5
Branches 3002 3005 +3
==========================================
+ Hits 13374 13381 +7
Misses 1620 1620
+ Partials 950 948 -2
Continue to review full report at Codecov.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One picky thing, sorry!
@@ -276,7 +276,7 @@ sub update_contact : Private { | |||
$contact->send_method( $c->get_param('send_method') ); | |||
|
|||
# Set flags in extra to the appropriate values | |||
foreach (qw(photo_required open311_protect updates_disallowed reopening_disallowed assigned_users_only anonymous_allowed)) { | |||
foreach (qw(photo_required open311_protect updates_disallowed reopening_disallowed assigned_users_only anonymous_allowed hardcoded)) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I suppose it doesn't really matter, because this page is already behind a staff-only login, but there should be a superuser check here too (like the one in the template) rather than trusting input from the client.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
e5cc983
to
6f6a65c
Compare
If a category has hardcoded set to 1 in it's extra metadata then prevent
the name being edited in the admin. This is to avoid issues where the
name of the category is used in e.g. layers or other configuration and
changing it breaks things.
Also includes admin interface for setting this that is restricted to
super users only.
Fixes mysociety/fixmystreet-commercial#1992