Skip to content

Bulk operations skip permission checks#464

Merged
adelowo merged 3 commits intomainfrom
bug-ISS-1833
Mar 18, 2026
Merged

Bulk operations skip permission checks#464
adelowo merged 3 commits intomainfrom
bug-ISS-1833

Conversation

@adelowo
Copy link
Member

@adelowo adelowo commented Mar 18, 2026

correctly check for permissions and does not allow users without the right permissions to not delete/revoke

 deleteTrustCenterNDARequest(id: $deleteTrustCenterNdaRequestId) {
    deletedID
  }

but bulk access checks does not. So if the request failed, you just need to use bulk delete

 deleteBulkTrustCenterNDARequest(ids: $ids) {
  deletedIDs
 }

{
  "deleteTrustCenterNdaRequestId": "01KKMBWAD65SVN29MYPQ5Z9ZST", // fails
  "ids": ["01KKMBWAD65SVN29MYPQ5Z9ZST"] // succeeds ( same id )
}

this is because privacy.Allow is returned if objectID not found ( id field )
but when dealing with bulk operations, id does not exist instead ids.

so this makes sure to check both

@github-actions github-actions bot added the bug Something isn't working label Mar 18, 2026
@adelowo adelowo marked this pull request as ready for review March 18, 2026 16:11
@adelowo adelowo requested a review from a team as a code owner March 18, 2026 16:11
@adelowo adelowo marked this pull request as draft March 18, 2026 16:12
@adelowo adelowo marked this pull request as ready for review March 18, 2026 16:13
@adelowo adelowo enabled auto-merge (squash) March 18, 2026 16:14
@adelowo
Copy link
Member Author

adelowo commented Mar 18, 2026

applies to the edit path too. adding that

@adelowo adelowo marked this pull request as draft March 18, 2026 16:16
auto-merge was automatically disabled March 18, 2026 16:16

Pull request was converted to draft

golanglemonade
golanglemonade reviewed Mar 18, 2026
View reviewed changes
@sonarqubecloud
Copy link

sonarqubecloud bot commented Mar 18, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@adelowo adelowo marked this pull request as ready for review March 18, 2026 18:35
@adelowo adelowo enabled auto-merge (squash) March 18, 2026 18:35
@adelowo adelowo mentioned this pull request Mar 18, 2026
Draft
@adelowo adelowo merged commit 42c870d into main Mar 18, 2026
13 checks passed
@adelowo adelowo deleted the bug-ISS-1833 branch March 18, 2026 19:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@golanglemonade golanglemonade golanglemonade approved these changes

@matoszz matoszz Awaiting requested review from matoszz matoszz is a code owner automatically assigned from theopenlane/blacksmiths

@LemonAid711 LemonAid711 Awaiting requested review from LemonAid711 LemonAid711 is a code owner automatically assigned from theopenlane/blacksmiths

Assignees

No one assigned

Labels

bug Something isn't working

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@adelowo @golanglemonade