Fix invitation acceptance logic and update permission constant naming #2803

SammyOina · 2025-04-09T11:02:54Z

What type of PR is this?

What does this do?

Refactor
- Enhanced the invitation acceptance flow with improved validation and authorization checks for a more secure process.
Style
- Updated permission naming to adhere to consistent coding standards.

Which issue(s) does this PR fix/relate to?

Related Issue #
Resolves BUG: Missing critical middleware checks when adding user via invitation #2802

Have you included tests for your changes?

Did you document any new/modified feature?

Notes

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

codecov · 2025-04-09T11:08:14Z

Codecov Report

Attention: Patch coverage is 0% with 8 lines in your changes missing coverage. Please review.

Project coverage is 28.28%. Comparing base (af8caa4) to head (8437624).

Files with missing lines	Patch %	Lines
domains/middleware/authorization.go	0.00%	7 Missing ⚠️
domains/roleoperations.go	0.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2803      +/-   ##
==========================================
+ Coverage   27.55%   28.28%   +0.73%     
==========================================
  Files         351       30     -321     
  Lines       55347     5462   -49885     
==========================================
- Hits        15251     1545   -13706     
+ Misses      39340     3822   -35518     
+ Partials      756       95     -661

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

arvindh123 · 2025-04-09T11:38:21Z

domains/roleoperations.go

@@ -42,7 +42,7 @@ const (
 	readPermission            = "read_permission"
 	deletePermission          = "delete_permission"
 	manageRolePermission      = "manage_role_permission"
-	addRoleUsersPermission    = "add_role_users_permission"
+	AddRoleUsersPermission    = "add_role_users_permission"


Does this operations is needed some where else ? Why it is exported ?

here

if err := am.extAuthorize(ctx, auth.EncodeDomainUserID(domainID, inv.InvitedBy), domains.AddRoleUsersPermission, policies.DomainType, domainID); err == nil { return err } ```

dborovcanin · 2025-04-09T21:24:28Z

@SammyOina Please rebase.

dborovcanin · 2025-04-10T13:55:23Z

@SammyOina Please rebase. @arvindh123 Please review.

Fix invitation acceptance logic and update permission constant naming

8437624

Signed-off-by: Sammy Oina <sammyoina@gmail.com>

SammyOina requested a review from a team as a code owner April 9, 2025 11:02

arvindh123 requested changes Apr 9, 2025

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix invitation acceptance logic and update permission constant naming #2803

Fix invitation acceptance logic and update permission constant naming #2803

SammyOina commented Apr 9, 2025 •

edited

Loading

codecov bot commented Apr 9, 2025

arvindh123 Apr 9, 2025

SammyOina Apr 9, 2025

dborovcanin commented Apr 9, 2025

dborovcanin commented Apr 10, 2025

Fix invitation acceptance logic and update permission constant naming #2803

Are you sure you want to change the base?

Fix invitation acceptance logic and update permission constant naming #2803

Conversation

SammyOina commented Apr 9, 2025 • edited Loading

What type of PR is this?

What does this do?

Which issue(s) does this PR fix/relate to?

Have you included tests for your changes?

Did you document any new/modified feature?

Notes

codecov bot commented Apr 9, 2025

Codecov Report

arvindh123 Apr 9, 2025

Choose a reason for hiding this comment

SammyOina Apr 9, 2025

Choose a reason for hiding this comment

dborovcanin commented Apr 9, 2025

dborovcanin commented Apr 10, 2025

SammyOina commented Apr 9, 2025 •

edited

Loading