Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

IBX-6592: Content Object State assignment should rely on Location instead of ContentInfo #391

Closed
wants to merge 2 commits into from

Conversation

barw4
Copy link
Member

@barw4 barw4 commented Nov 7, 2023

Question Answer
JIRA issue IBX-6592
Type bug
Target Ibexa version v3.3
BC breaks no

Currently, Content Object State assignment is validated, as permissions go, utilizing ContentInfo which in my opinion is wrong, as that leaves Subtree Limitation pretty much useless, and yet, this limitation is available for a choosing when we are dealing with the state/assign policy.

To keep BC I've provided a new argument that is ?Location = null. This Location would be later checked against Subtree Limitation when assigning an Object State to a certain Content.

Related PR: ezsystems/ezplatform-admin-ui#2112

Checklist:

  • Provided PR description.
  • Tested the solution manually.
  • Provided automated test coverage.
  • Checked that target branch is set correctly (master for features, the oldest supported for bugs).
  • Ran PHP CS Fixer for new PHP code (use $ composer fix-cs).
  • Asked for a review (ping @ezsystems/engineering-team).

@barw4 barw4 self-assigned this Nov 7, 2023
@barw4 barw4 changed the title IBX-6592: Allowed Location to be a part of permission check for Object State assignment IBX-6592: Content Object State assignment should rely on Location instead of ContentInfo Nov 8, 2023
@barw4 barw4 marked this pull request as ready for review November 8, 2023 14:43
@barw4 barw4 added Bug Something isn't working Ready for review labels Nov 8, 2023
@barw4 barw4 requested a review from a team November 8, 2023 14:44
Copy link

sonarqubecloud bot commented Nov 8, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 1 Code Smell

No Coverage information No Coverage information
0.0% 0.0% Duplication

@ViniTou
Copy link
Contributor

ViniTou commented Nov 28, 2023

Correct me if I get this wrong.
Now (maybe it also works like this right now, don't know) it will be possible to set global object state just with access to specific subtree? Like what if content is in more then one location?

Copy link
Contributor

@Nattfarinn Nattfarinn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changes to ContentService interface are not applied to Event layer. Please update setContentState method implementation and add new field to BeforeSetContentStateEvent and SetContentStateEvent events.

@Nattfarinn Nattfarinn requested a review from a team November 30, 2023 12:06
ContentInfo $contentInfo,
ObjectStateGroup $objectStateGroup,
ObjectState $objectState,
?Location $location = null
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it necessary? This Location parameter does not affect method logic and is just workaround for PermissionResolver. It is also security risk, as not setting this parameter will omit some of limitations checks.

@Nattfarinn
Copy link
Contributor

Related comment: ezsystems/ezplatform-admin-ui#2112 (comment)

@barw4 barw4 closed this Dec 20, 2023
@barw4 barw4 deleted the ibx-6592-object-state-location-target branch December 20, 2023 12:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Bug Something isn't working Ready for review
Development

Successfully merging this pull request may close these issues.

6 participants