Mirrors/unleash.unleash
1
0
Fork 0
mirror of https://github.com/Unleash/unleash.git synced 2025-02-04 00:18:01 +01:00
Code Issues Projects Releases Wiki Activity
c5afa8ff11
unleash.unleash/src/lib
History
Gastón Fournier c5afa8ff11
fix: unauthorized disable feature (#5982) 
## About the changes
This was spotted while testing automated actions. Steps to reproduce:

1. Add an editor user
2. Get a PAT for the editor user
3. As Admin create a feature in a project where the editor user is not a
member and enable the feature
4. Try using the editor's PAT to modify the feature
5. As the editor create a project (you'd be made owner) and try the same
request but just change the project name for the new project just
created (don't change anything else)

**Expected behavior**: you can't disable the feature
**Actual behavior**: the feature is disabled

This does not happen when trying to turn on a flag because during the
turn-on process we do validate if the feature belongs to project when we
call updateStrategy:
c18a7c0dc2/src/lib/features/feature-toggle/feature-toggle-service.ts (L1751-L1764)
2024-01-22 12:50:14 +01:00
..
__snapshots__ Executive Dashboard page setup (#5949) 2024-01-18 12:32:25 +01:00
addons Biome1.5.1 (#5867) 2024-01-12 09:25:59 +00:00
db chore: re use extract user methods (#5947) 2024-01-18 13:15:21 +01:00
domain/project-health fix(import): making all imports relative and removing baseUrl (#5847) 2024-01-17 15:33:03 +02:00
error Biome1.5.1 (#5867) 2024-01-12 09:25:59 +00:00
features fix: unauthorized disable feature (#5982) 2024-01-22 12:50:14 +01:00
middleware chore: add types to pat middleware (#5951) 2024-01-18 14:36:42 +01:00
openapi feat: Prometheus last day metrics (#5878) 2024-01-15 15:31:38 +01:00
proxy chore(deps): update dependency @biomejs/biome to v1.4.1 (#5709) 2024-01-10 09:11:49 +00:00
routes chore: re use extract user methods (#5947) 2024-01-18 13:15:21 +01:00
schema feat: implement createdByUserId for all features (#5725) 2023-12-22 14:33:16 +01:00
segments fix(import): making all imports relative and removing baseUrl (#5847) 2024-01-17 15:33:03 +02:00
services fix: unauthorized disable feature (#5982) 2024-01-22 12:50:14 +01:00
types chore: re use extract user methods (#5947) 2024-01-18 13:15:21 +01:00
util refactor: add typesafe wrappers for prom client metrics (#5969) 2024-01-19 14:51:29 +00:00
app.test.ts feat: Make compression middleware optional (#5306) 2023-12-16 08:06:26 +01:00
app.ts Biome1.5.1 (#5867) 2024-01-12 09:25:59 +00:00
create-config.test.ts feat: feature search stub (#5143) 2023-10-25 10:50:59 +02:00
create-config.ts feat: metrics periods expressed in days (#5928) 2024-01-18 11:54:20 +01:00
default-custom-auth-deny-all.ts chore: expose custom-handler-auth type (#5287) 2023-11-07 10:37:09 +01:00
internals.ts fix: export NotFoundError and ISegmentService in internals.ts (#4997) 2023-10-11 14:31:45 +03:00
logger.test.ts
logger.ts
metric-events.ts feat: scheduled functions observability (#5377) 2023-11-21 13:42:38 +01:00
metrics.test.ts Biome1.5.1 (#5867) 2024-01-12 09:25:59 +00:00
metrics.ts refactor: add typesafe wrappers for prom client metrics (#5969) 2024-01-19 14:51:29 +00:00
server-impl.test.ts chore(deps): update dependency @biomejs/biome to v1.4.0 (#5288) 2023-11-28 09:32:00 +00:00
server-impl.ts feat: adds created_by_user_id to all events (#5619) 2023-12-14 13:45:25 +01:00