Mirrors/unleash.unleash
1
0
Fork 0
mirror of https://github.com/Unleash/unleash.git synced 2025-09-15 17:50:48 +02:00
Code Issues Projects Releases Wiki Activity
1f7c7940b4
unleash.unleash/src/lib/features/feature-toggle
History
Gastón Fournier c5afa8ff11
fix: unauthorized disable feature (#5982) 
## About the changes
This was spotted while testing automated actions. Steps to reproduce:

1. Add an editor user
2. Get a PAT for the editor user
3. As Admin create a feature in a project where the editor user is not a
member and enable the feature
4. Try using the editor's PAT to modify the feature
5. As the editor create a project (you'd be made owner) and try the same
request but just change the project name for the new project just
created (don't change anything else)

**Expected behavior**: you can't disable the feature
**Actual behavior**: the feature is disabled

This does not happen when trying to turn on a flag because during the
turn-on process we do validate if the feature belongs to project when we
call updateStrategy:
c18a7c0dc2/src/lib/features/feature-toggle/feature-toggle-service.ts (L1751-L1764)
2024-01-22 12:50:14 +01:00
..
converters Feat: remove last seen refactor flag (#5423) 2023-11-30 10:17:50 +02:00
fakes fix(import): making all imports relative and removing baseUrl (#5847) 2024-01-17 15:33:03 +02:00
legacy feat: adds created_by_user_id to all events (#5619) 2023-12-14 13:45:25 +01:00
query-builders chore(deps): update dependency @biomejs/biome to v1.4.0 (#5288) 2023-11-28 09:32:00 +00:00
tests fix(import): making all imports relative and removing baseUrl (#5847) 2024-01-17 15:33:03 +02:00
time-to-production refactor: switching to new stats calculations (#3477) 2023-04-10 09:50:39 +02:00
types refactor: metrics in feature oriented architecture (#5919) 2024-01-17 09:14:31 +01:00
archive-feature-toggle-controller.ts feat: adds created_by_user_id to all events (#5619) 2023-12-14 13:45:25 +01:00
configuration-revision-service.ts fix: EventStore#getMaxRevisionId can return null (#4384) 2023-08-01 23:59:09 +02:00
createFeatureToggleService.ts chore: centralize events service creation (#5910) 2024-01-16 13:11:28 +01:00
feature-toggle-controller.ts feat: adds created_by_user_id to all events (#5619) 2023-12-14 13:45:25 +01:00
feature-toggle-service.ts fix: unauthorized disable feature (#5982) 2024-01-22 12:50:14 +01:00
feature-toggle-store.ts refactor: metrics in feature oriented architecture (#5919) 2024-01-17 09:14:31 +01:00
feature-toggle-strategies-store.ts task: add timer for client feature query (#5734) 2024-01-02 16:02:03 +01:00
features-read-model.ts feat: check if child and parent are in the same project (#5093) 2023-10-19 11:11:05 +02:00