Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

stable

Clone or download

Read-only

READ permissions must be checked on field

Download Browse

part of story #10710 search on fields with duck typing How to test: Remove read permission on searched field: - the permission is silently ignored (to not leak field name) - the field is not taken in account for search Why? Without this change, if a user have access to an artifact, he can retrieve artifact data based on a field he can not read, it leaks data. This should be not a production issue has the feature is hide bellow a feature flag Change-Id: Ic091c1bbacd1d40e33528570c1d45ade0fc0a92a

+312 −67
Joris MASSON (jmasson) 2024-01-18 17:09
Marie Ange Garnier (marieange) 2024-01-24 17:19
dd7932e25810a70511fa923df233f496d2c7a988
e9c4e2871a44891b1ed35a5f233fdceb07e0e616
git #tuleap/stable/dd7932e25810a70511fa923df233f496d2c7a988

Modified Files

Side by side diff
Inline diff
Name
M plugins/crosstracker/include/CrossTracker/Report/Query/Advanced/DuckTypedField/DuckTypedField.php +2 −1 Go to diff View file
M plugins/crosstracker/include/CrossTracker/Report/Query/Advanced/DuckTypedField/FieldIdentifierProperties.php +1 −1 Go to diff View file
M plugins/crosstracker/include/CrossTracker/Report/Query/Advanced/QueryBuilder/Field/BetweenComparisonFromWhereBuilder.php +1 −0 Go to diff View file
M plugins/crosstracker/include/CrossTracker/Report/Query/Advanced/QueryBuilder/Field/EqualComparisonFromWhereBuilder.php +3 −1 Go to diff View file
M plugins/crosstracker/include/CrossTracker/Report/Query/Advanced/QueryBuilder/Field/FromWhereBuilder.php +1 −0 Go to diff View file
M plugins/crosstracker/include/CrossTracker/Report/Query/Advanced/QueryBuilder/Field/GreaterThanComparisonFromWhereBuilder.php +1 −0 Go to diff View file
M plugins/crosstracker/include/CrossTracker/Report/Query/Advanced/QueryBuilder/Field/GreaterThanOrEqualComparisonFromWhereBuilder.php +1 −0 Go to diff View file
M plugins/crosstracker/include/CrossTracker/Report/Query/Advanced/QueryBuilder/Field/InComparisonFromWhereBuilder.php +1 −0 Go to diff View file
M plugins/crosstracker/include/CrossTracker/Report/Query/Advanced/QueryBuilder/Field/LesserThanComparisonFromWhereBuilder.php +1 −0 Go to diff View file
M plugins/crosstracker/include/CrossTracker/Report/Query/Advanced/QueryBuilder/Field/LesserThanOrEqualComparisonFromWhereBuilder.php +1 −0 Go to diff View file
M plugins/crosstracker/include/CrossTracker/Report/Query/Advanced/QueryBuilder/Field/NotEqualComparisonFromWhereBuilder.php +1 −0 Go to diff View file
M plugins/crosstracker/include/CrossTracker/Report/Query/Advanced/QueryBuilder/Field/NotInComparisonFromWhereBuilder.php +1 −0 Go to diff View file
M plugins/crosstracker/include/CrossTracker/Report/Query/Advanced/QueryBuilder/Field/Numeric/EqualComparisonFromWhereBuilder.php +9 −5 Go to diff View file
M plugins/crosstracker/include/CrossTracker/Report/Query/Advanced/QueryBuilder/FromWhereSearchableVisitor.php +7 −6 Go to diff View file
M plugins/crosstracker/include/CrossTracker/Report/Query/Advanced/QueryBuilder/FromWhereSearchableVisitorParameters.php +8 −26 Go to diff View file
M plugins/crosstracker/include/CrossTracker/Report/Query/Advanced/QueryBuilderVisitor.php +24 −6 Go to diff View file
M plugins/crosstracker/include/CrossTracker/Report/Query/Advanced/QueryValidation/Field/FieldUsageChecker.php +1 −0 Go to diff View file
M plugins/crosstracker/tests/integration/CrossTracker/Report/Query/Advanced/DuckTypedField/EqualComparisonTest.php +95 −11 Go to diff View file
M plugins/crosstracker/tests/integration/CrossTracker/Tests/Builders/DatabaseBuilder.php +13 −0 Go to diff View file
M plugins/crosstracker/tests/unit/CrossTracker/Report/Query/Advanced/DuckTypedField/DuckTypedFieldTest.php +32 −0 Go to diff View file
M plugins/crosstracker/tests/unit/CrossTracker/Report/Query/Advanced/InvalidSearchableCollectorVisitorTest.php +27 −0 Go to diff View file
M plugins/crosstracker/tests/unit/CrossTracker/Report/Query/Advanced/QueryBuilder/Field/EqualComparisonFromWhereBuilderTest.php +7 −0 Go to diff View file
M plugins/crosstracker/tests/unit/CrossTracker/Report/Query/Advanced/QueryValidation/Field/FieldUsageCheckerTest.php +10 −0 Go to diff View file
M plugins/crosstracker/tests/unit/CrossTracker/Tests/Builders/InvalidSearchableCollectorParametersBuilder.php +6 −0 Go to diff View file
M plugins/tracker/tests/unit/Builders/TrackerExternalFormElementBuilder.php +16 −4 Go to diff View file
M plugins/tracker/tests/unit/Builders/TrackerFormElementFloatFieldBuilder.php +13 −1 Go to diff View file
M plugins/tracker/tests/unit/Builders/TrackerFormElementIntFieldBuilder.php +14 −1 Go to diff View file
M plugins/tracker/tests/unit/Builders/TrackerFormElementStringFieldBuilder.php +15 −3 Go to diff View file
M plugins/tracker/tests/unit/Stub/RetrieveFieldTypeStub.php +0 −1 Go to diff View file