Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Non-admin users can create invites #4653

Merged
merged 2 commits into from
Sep 23, 2024
Merged

fix: Non-admin users can create invites #4653

merged 2 commits into from
Sep 23, 2024

Conversation

khvn26
Copy link
Member

@khvn26 khvn26 commented Sep 23, 2024

Thanks for submitting a PR! Please check the boxes below:

  • I have added information to docs/ if required so people know about the feature!
  • I have filled in the "Changes" section below?
  • I have filled in the "How did you test this code" section below?
  • I have used a Conventional Commit title for this Pull Request

Changes

This prevents non-admin users from creating invites using the organisations/{org-id}/invite endpoint.

How did you test this code?

Added a unit test for the scenario.

@khvn26 khvn26 added api Issue related to the REST API security Security updates labels Sep 23, 2024
@khvn26 khvn26 requested a review from a team as a code owner September 23, 2024 15:00
@khvn26 khvn26 requested review from gagantrivedi and removed request for a team September 23, 2024 15:00
@vercel Vercel
Copy link

vercel bot commented Sep 23, 2024
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

3 Skipped Deployments
Name Status Preview Comments Updated (UTC)
docs ⬜️ Ignored (Inspect) Sep 23, 2024 3:18pm
flagsmith-frontend-preview ⬜️ Ignored (Inspect) Sep 23, 2024 3:18pm
flagsmith-frontend-staging ⬜️ Ignored (Inspect) Sep 23, 2024 3:18pm

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Sep 23, 2024
edited
Loading

Docker builds report

Image Build Status Security report
ghcr.io/flagsmith/flagsmith-api-test:pr-4653 Finished ✅ Skipped
ghcr.io/flagsmith/flagsmith-e2e:pr-4653 Finished ✅ Skipped
ghcr.io/flagsmith/flagsmith-frontend:pr-4653 Finished ✅ Results
ghcr.io/flagsmith/flagsmith-api:pr-4653 Finished ✅ Results
ghcr.io/flagsmith/flagsmith:pr-4653 Finished ✅ Results
ghcr.io/flagsmith/flagsmith-private-cloud:pr-4653 Finished ✅ Results

@github-actions github-actions bot added the fix label Sep 23, 2024
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Sep 23, 2024
edited
Loading

Uffizzi Preview deployment-56551 was deleted.

@github-actions github-actions bot added fix and removed fix labels Sep 23, 2024
@codecov Codecov
Copy link

codecov bot commented Sep 23, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 97.18%. Comparing base (b4d3310) to head (5841010).
Report is 1 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #4653   +/-   ##
=======================================
  Coverage   97.17%   97.18%           
=======================================
  Files        1163     1163           
  Lines       40280    40288    +8     
=======================================
+ Hits        39144    39152    +8     
  Misses       1136     1136

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@khvn26 khvn26 added this pull request to the merge queue Sep 23, 2024
Merged via the queue into main with commit 025f178 Sep 23, 2024
35 checks passed
@khvn26 khvn26 deleted the fix/invites-privilege-escalation branch September 23, 2024 15:30
@flagsmithdev flagsmithdev mentioned this pull request Sep 23, 2024
Merged
@matthewelwell matthewelwell mentioned this pull request Oct 2, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@matthewelwell matthewelwell matthewelwell approved these changes

@gagantrivedi gagantrivedi Awaiting requested review from gagantrivedi gagantrivedi is a code owner automatically assigned from Flagsmith/flagsmith-back-end

Assignees
No one assigned
Labels
api Issue related to the REST API fix security Security updates
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@khvn26 @matthewelwell