Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

project(ui): confine users to projects and standardize slug usage #154

Merged
merged 29 commits into from
Sep 21, 2024
Merged

project(ui): confine users to projects and standardize slug usage #154

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
29 commits
Select commit Hold shift + click to select a range
b53a9e9
project(user): assign users to projects
psyray Aug 21, 2024
476f622
project(user): fix bad redir after project save
psyray Aug 21, 2024
415bf8f
project(project): add description field
psyray Aug 21, 2024
9adec03
dashboard(code): explicit define import
psyray Aug 21, 2024
4fab4fd
project(acl): add permission checks for the current user
psyray Aug 21, 2024
db591cd
project(acl): prevent non-admin users to edit projects
psyray Aug 21, 2024
3e830d6
project(user): assign users to projects
psyray Aug 21, 2024
13b4a6a
project(user): fix bad redir after project save
psyray Aug 21, 2024
d802f69
project(project): add description field
psyray Aug 21, 2024
10f86f1
dashboard(code): explicit define import
psyray Aug 21, 2024
1428a24
project(acl): add permission checks for the current user
psyray Aug 21, 2024
6ce133b
project(acl): prevent non-admin users to edit projects
psyray Aug 21, 2024
420a084
Merge branch '71-confine-user-to-project' of github.com:Security-Tool…
psyray Aug 26, 2024
1f25fba
Merge branch 'release/2.1.0' into 71-confine-user-to-project
psyray Aug 29, 2024
2e3f3fa
Merge branch 'release/2.1.0' into 71-confine-user-to-project
psyray Sep 2, 2024
a3d3a66
feat(project): add a 404 page and redirect users to first project found
psyray Sep 2, 2024
7242f87
Merge branch 'release/2.1.0' into 71-confine-user-to-project
psyray Sep 12, 2024
7bb597d
refactor: remove user_has_project_access decorator and streamline pro…
psyray Sep 13, 2024
d282c31
refactor: update URL patterns and middleware for project context
psyray Sep 13, 2024
8b0afc8
Merge branch 'release/2.1.0' into 71-confine-user-to-project
psyray Sep 13, 2024
01b5862
refactor: convert indentation to tabs and add ProjectSerializer import
psyray Sep 13, 2024
dd32257
refactor(tests): remove redundant slug parameter from test cases
psyray Sep 13, 2024
482b1f0
feat: enhance user management and refactor template tags
psyray Sep 15, 2024
18096bf
refactor: streamline views and improve code readability
psyray Sep 15, 2024
227ed95
fix: improve error handling and logging
psyray Sep 15, 2024
81fb9c8
Merge branch 'release/2.1.0' into 71-confine-user-to-project
psyray Sep 17, 2024
34072cb
fix: update user status change handling and improve test coverage
psyray Sep 18, 2024
dc9850e
Merge branch 'release/2.1.0' into 71-confine-user-to-project
psyray Sep 18, 2024
a94ca18
feat: add endpoint to set current project and update project selectio…
psyray Sep 20, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
feat: add endpoint to set current project and update project selectio… 
…n logic

- Removed JavaScript function for setting the current project and its associated event listeners.
- Added a new endpoint in the backend to handle setting the current project via a GET request.
- Updated the project selection dropdown to use the new backend endpoint.
  • Loading branch information
@psyray
psyray committed Sep 20, 2024
commit a94ca187e6589188e45309e3f18bb3fc32f11319
4 changes: 4 additions & 0 deletions web/dashboard/urls.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,10 @@
'project/edit/<slug:slug>',
views.edit_project,
name='edit_project'),
path(
'project/set_current/<slug:slug>',
views.set_current_project,
name='set_current_project'),
]

if UI_DEBUG:
Expand Down
10 changes: 9 additions & 1 deletion web/dashboard/views.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -300,7 +300,7 @@
return JsonResponse({'status': True})
except (ValueError, KeyError) as e:
logger.error(e)
return JsonResponse({'status': False, 'error': str(e)})

Check warning

Code scanning / CodeQL

Information exposure through an exception Medium

Stack trace information
Loading
flows to this location and may be exposed to an external user.

Copilot Autofix AI 4 months ago

To fix the problem, we need to ensure that detailed error information is logged on the server while a generic error message is returned to the user. This can be achieved by modifying the exception handling code to log the detailed error and return a generic message.

  • Modify the exception handling in the handle_update_user and handle_create_user functions to log the detailed error message and return a generic error message to the user.
  • Ensure that the logging captures sufficient detail for debugging purposes without exposing sensitive information to the end user.
Suggested changeset 1
web/dashboard/views.py

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/web/dashboard/views.py b/web/dashboard/views.py
--- a/web/dashboard/views.py
+++ b/web/dashboard/views.py
@@ -301,4 +301,4 @@
     except (ValueError, KeyError) as e:
-        logger.error(e)
-        return JsonResponse({'status': False, 'error': str(e)})
+        logger.error("Error updating user: %s", e)
+        return JsonResponse({'status': False, 'error': 'An error occurred while updating the user'})
 
@@ -326,4 +326,4 @@
     except (ValueError, KeyError) as e:
-        logger.error(e)
-        return JsonResponse({'status': False, 'error': str(e)})
+        logger.error("Error creating user: %s", e)
+        return JsonResponse({'status': False, 'error': 'An error occurred while creating the user'})
 
EOF
@@ -301,4 +301,4 @@
except (ValueError, KeyError) as e:
logger.error(e)
return JsonResponse({'status': False, 'error': str(e)})
logger.error("Error updating user: %s", e)
return JsonResponse({'status': False, 'error': 'An error occurred while updating the user'})

@@ -326,4 +326,4 @@
except (ValueError, KeyError) as e:
logger.error(e)
return JsonResponse({'status': False, 'error': str(e)})
logger.error("Error creating user: %s", e)
return JsonResponse({'status': False, 'error': 'An error occurred while creating the user'})

Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options


def handle_create_user(request):
Expand All @@ -325,7 +325,7 @@
return JsonResponse({'status': True})
except (ValueError, KeyError) as e:
logger.error(e)
return JsonResponse({'status': False, 'error': str(e)})

Check warning

Code scanning / CodeQL

Information exposure through an exception Medium

Stack trace information
Loading
flows to this location and may be exposed to an external user.

Copilot Autofix AI 4 months ago

To fix the problem, we need to ensure that detailed error information is logged on the server side while returning a generic error message to the user. This involves modifying the exception handling blocks to log the exception details and return a generic error message in the JSON response.

  • Modify the exception handling in the handle_create_user, handle_update_user, and handle_delete_user functions to log the detailed error message and return a generic error message to the user.
  • Ensure that the logging captures sufficient detail for debugging purposes without exposing sensitive information to the end user.
Suggested changeset 1
web/dashboard/views.py

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/web/dashboard/views.py b/web/dashboard/views.py
--- a/web/dashboard/views.py
+++ b/web/dashboard/views.py
@@ -276,3 +276,3 @@
     except (ValueError, KeyError) as e:
-        logger.error(e)
+        logger.error("Error deleting user: %s", e)
         return JsonResponse({'status': False, 'error': 'An error occurred while deleting the user'})
@@ -301,4 +301,4 @@
     except (ValueError, KeyError) as e:
-        logger.error(e)
-        return JsonResponse({'status': False, 'error': str(e)})
+        logger.error("Error updating user: %s", e)
+        return JsonResponse({'status': False, 'error': 'An error occurred while updating the user'})
 
@@ -326,4 +326,4 @@
     except (ValueError, KeyError) as e:
-        logger.error(e)
-        return JsonResponse({'status': False, 'error': str(e)})
+        logger.error("Error creating user: %s", e)
+        return JsonResponse({'status': False, 'error': 'An error occurred while creating the user'})
 
EOF
@@ -276,3 +276,3 @@
except (ValueError, KeyError) as e:
logger.error(e)
logger.error("Error deleting user: %s", e)
return JsonResponse({'status': False, 'error': 'An error occurred while deleting the user'})
@@ -301,4 +301,4 @@
except (ValueError, KeyError) as e:
logger.error(e)
return JsonResponse({'status': False, 'error': str(e)})
logger.error("Error updating user: %s", e)
return JsonResponse({'status': False, 'error': 'An error occurred while updating the user'})

@@ -326,4 +326,4 @@
except (ValueError, KeyError) as e:
logger.error(e)
return JsonResponse({'status': False, 'error': str(e)})
logger.error("Error creating user: %s", e)
return JsonResponse({'status': False, 'error': 'An error occurred while creating the user'})

Copilot is powered by AI and may make mistakes. Always verify output.
Positive Feedback
Negative Feedback

Provide additional feedback

Please help us improve GitHub Copilot by sharing more details about this comment.

Please select one or more of the options


@receiver(user_logged_out)
Expand Down Expand Up @@ -380,7 +380,6 @@
'Oops! Project could not be deleted!')
return JsonResponse(responseData)


def onboarding(request):
context = {}
error = ''
Expand Down Expand Up @@ -497,3 +496,12 @@
'edit_project': project,
'users': all_users
})

def set_current_project(request, slug):
if request.method == 'GET':
project = get_object_or_404(Project, slug=slug)
response = HttpResponseRedirect(reverse('dashboardIndex', kwargs={'slug': slug}))
response.set_cookie('currentProjectId', project.id, path='/', samesite='Strict', httponly=True, secure=request.is_secure())
messages.success(request, f'Project {project.name} set as current project.')
return response
return HttpResponseBadRequest('Invalid request method. Only GET is allowed.', status=400)
11 changes: 0 additions & 11 deletions web/static/custom/custom.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3282,14 +3282,3 @@ function handleHashInUrl(){
}
}
}

function setCurrentProject(projectId) {
const secure = location.protocol === 'https:';
document.cookie = `currentProjectId=${projectId}; path=/; SameSite=Strict; ${secure ? 'Secure;' : ''} HttpOnly`;
}

document.querySelectorAll('.dropdown-item[data-project-id]').forEach(link => {
link.addEventListener('click', function(e) {
setCurrentProject(this.getAttribute('data-project-id'));
});
});
2 changes: 1 addition & 1 deletion web/templates/base/_items/top_bar.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ <h5 class="text-overflow mb-2">Search History</h5>
</a>
<div class="dropdown-menu">
{% for user_project in projects %}
<a href="{% url 'dashboardIndex' user_project.slug %}" class="dropdown-item {% if user_project == current_project %} active {% endif %}" data-project-id="{{ user_project.id }}">
<a href="{% url 'set_current_project' user_project.slug %}" class="dropdown-item {% if user_project == current_project %} active {% endif %}">
<span>{{user_project.name}}</span>
</a>
{% endfor %}
Expand Down
Loading