Skip to content

Implement permission checks to prevent unnecessary overwrit… #2506

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 20 commits into from
Closed

Implement permission checks to prevent unnecessary overwrit… #2506

wants to merge 20 commits into from

Conversation

aktaskaan
Copy link
Contributor

JIRA link (if applicable)

https://tools.hmcts.net/jira/browse/CCD-6022

Change description

Does this PR introduce a breaking change? (check one with "x")

[ ] Yes
[ ] No

@aktaskaan aktaskaan changed the title Implement permission and value checks to prevent unnecessary overwrit… Implement permission checks to prevent unnecessary overwrit… Dec 5, 2024
danlysiak
danlysiak reviewed Jan 8, 2025
View reviewed changes
Copy link
Member

@danlysiak danlysiak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few suggestions for readability related things in the implementation

src/main/java/uk/gov/hmcts/ccd/domain/service/common/RestrictedFieldProcessor.java Outdated
Comment on lines 231 to 235
private boolean isNullId(JsonNode newItem) {
return newItem.get(ID) == null
|| newItem.get(ID).equals(NullNode.getInstance())
|| "null".equalsIgnoreCase(newItem.get(ID).asText());
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wondering whether we can delete this method and sufficiently use newItem.hasNonNull(ID) in the single place this is being used instead, or are we treating the string "null" as null elsewhere in CCD too? While it's an edge case and would be strange for anyone to try, from a quick look at CollectionValidator we just verify it's some text so technically one item could be set to "null"!

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The check for null values and the string "null" is used in CompoundAccessControlService. You can see the method here.

When I started testing the delete permission, I was able to reproduce the issue by passing "null". While this might be an edge case, it is considered in the original code. So, I decided to keep this check, but I understand if it seems unusual or rare.

@hmcts-jenkins-a-to-c hmcts-jenkins-a-to-c bot requested a deployment to preview February 21, 2025 09:51 Abandoned
@aktaskaan
Copy link
Contributor Author

combined with ccd-5344 in #2545

@aktaskaan aktaskaan closed this Mar 13, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@RebeccaBaker RebeccaBaker RebeccaBaker approved these changes

@danlysiak danlysiak danlysiak approved these changes

Assignees
No one assigned
Labels
enable_keep_helm keep-helm ns:ccd prd:ccd
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@aktaskaan @RebeccaBaker @danlysiak @velimd @pats-john