search

chenejac / VIVOTestMigrationJIRA

0 stars 0 forks source link

VIVO-1907: sprint-i18n: ensure that EditRequestDispatchController.requiredActions() is not modified #1797

Closed chenejac closed 3 years ago

chenejac commented 4 years ago

Brian Lowe (Migrated from VIVO-1907) said:

The Github diff for the sprint-i18n branch seems to be showing that a dangerous change to edu.cornell.mannlib.vitro.webapp.edit.n3editing.controller.EditRequestDispatchController would be applied if merged.  It is showing that the requiredActions() method would be modified so as to undo the editing security fixes that were added some months back.  Either the sprint branch didn't get updated with these fixes or this is a bug in the diff display, but either way we need to ensure that this method is not clobbered when sprint-i18n is merged.

chenejac commented 3 years ago

Benjamin Gross said:

The authorization commit by Huda was removed here: [https://github.com/vivo-project/Vitro/commit/88129af70e31ba5057457d49682f2ffe8407286b#diff-35b8c24bac7cb05c61ded2378e06327b]

 

The change that should be preserved is here: [https://github.com/vivo-project/Vitro/commit/abeccaf8e6674f2c4c8fb911d92e0a3f6061e466#diff-35b8c24bac7cb05c61ded2378e06327b]

 

This exposes a larger concern that other important changes made to the main branch were left out of the original big i18n branch commit. 

chenejac commented 3 years ago

Andrew Woods said:

This issue surfaces that fact that any classes/files that have been updated in the core VIVO projects since the start of the i18n effort need to be double-checked for whether the updates exist in the i18n branches.

Investigation has begun... starting with a query to [~accountid:5d7a3f78458a170db4b08b25].

Update:

Response from [~accountid:5d7a3f78458a170db4b08b25]: 1- The UQAM bitBucket containing the original code was created on 2019-11-16. 2- The POM file indicates the version of VIVO 1.11.0 3- The code was extracted from the master branch

Based on this, the base of the i18n code is likely the 1.11.0 release of the four projects: https://github.com/vivo-project/VIVO/releases/tag/vivo-1.11.0 https://github.com/vivo-project/Vitro/releases/tag/vitro-1.11.0 https://github.com/vivo-project/VIVO-languages/releases/tag/vivo-languages-1.11.0 https://github.com/vivo-project/Vitro-languages/releases/tag/vitro-languages-1.11.0

chenejac commented 3 years ago

Benjamin Gross said:

PR for this specific bit of lost code is here: [https://github.com/vivo-project/Vitro/pull/176]

chenejac commented 3 years ago

Andrew Woods said:

Resolved by: https://github.com/vivo-project/Vitro/commit/0d67f11667131192f2a2b274bad82fdef9a5e8e9