INCIDEN-922: Restricting list client API action to specified user #897
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Ryan-Andrews99
force-pushed
the
inciden-922-enfore-access-token
branch
from
96914e0 to
d1b3827
Compare
Ryan-Andrews99
force-pushed
the
inciden-922-enfore-access-token
branch
from
d1b3827 to
99046dc
Compare
Ryan-Andrews99
changed the title
Ryan-Andrews99
force-pushed
the
inciden-922-enfore-access-token
branch
from
f958309 to
6a1e9e3
Compare
Ryan-Andrews99
force-pushed
the
inciden-922-enfore-access-token
branch
from
6a1e9e3 to
99046dc
Compare
Ryan-Andrews99
changed the title
isaac-GDS
reviewed
Sep 12, 2024
backend/api/tests/handlers/dynamodb/get-service-clients.test.ts
Outdated
Show resolved
Hide resolved
We're now sending the access token from the frontend to the backend, so we can now enforce some access control on listing a client. This will restrict the user to only seeing the service they created, so if they navigated to another user's service the backend now returns a 403 - Forbidden
Ryan-Andrews99
force-pushed
the
inciden-922-enfore-access-token
branch
from
99046dc to
b0ef38d
Compare
isaac-GDS
approved these changes
Sep 13, 2024
Ryan-Andrews99
temporarily deployed
to
development
GitHub Actions
Inactive
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Onboarding Feature Deployment
Warning
Pull requests merged to
mainwill be released to production, please ensure the checklist below is completeBefore any work can be merged to main in must meet the definition of done and be ready to deploy. While many of these tasks will be automated, the reviewers must take the responsibility of confirming the checklist below has been completed before this ticket can be merged.
Checklist
this pull request meets the acceptance criteria of the ticket
this branch is up-to-date with the main branch
git fetch --all && git rebase origin/mainthese changes are backwards compatible (no breaking changes)
@deprecatedtests have been written to cover any new or updated functionality
new configuration parameters have been deployed to all environments, see configuration management.
all external infrastructure dependencies have been updated in all environments
Changes
[ please list the changes this pull request is making ]
Addedfor new featuresChangedfor changes in existing functionalityDeprecatedfor soon-to-be removed featuresRemovedfor now removed featuresFixedfor any bug fixes:/get-service-clientendpoint now has authorisation which checks for a User-Service relationshipSecurityin case of vulnerabilities