Closed SailReal closed 2 months ago
The recent changes involve modifying how archived vaults are handled in the VaultResource
class by removing checks that previously prevented access to archived vaults. Additionally, the associated tests have been updated to reflect new expectations where accessing archived vaults now returns an HTTP 200 status, indicating successful access.
File Path | Change Summary |
---|---|
.../api/VaultResource.java |
Removed checks for vault being archived in grantAccess method. |
.../api/VaultResourceTest.java |
Updated HTTP status codes for accessing archived vaults from 403 and 410 to 200 |
Objective | Addressed | Explanation |
---|---|---|
Enable unarchiving vaults post-upgrade and manage ownership claims (Issue #269) | ❓ | Changes suggest easier access to archived vaults, but specific unarchiving capability and ownership management confirmation is unclear. |
Prevent orphaned vaults and enable admin to claim ownership (Issue #260) | ❌ | No changes related to orphaned vault management or admin intervention. |
🐇✨ A hop, a skip, in the code we dip, Changes abound, in vaults unzipped. No more locks on the archived box, Access for all, as the rabbit talks. Celebrate we do, with a carrot or two! 🥕🥕 🌟🐰
backend/src/main/java/org/cryptomator/hub/api/VaultResource.java (3)
Line range hint `1-1`: Overview of changes in `VaultResource.java`. The changes in this file are focused on modifying the behavior of archived vaults to allow operations on them as if they were active. This is achieved by removing checks that previously prevented such operations. --- Line range hint `1-1`: Ensure proper handling of archived vaults in `grantAccess`. The removal of checks for archived vaults in the `grantAccess` method should be carefully verified to ensure it does not introduce security vulnerabilities or logical errors. This change is intended to allow operations on archived vaults, but it is crucial to ensure that it does not inadvertently allow unauthorized access. --- Line range hint `1-1`: Review handling of `ignoreArchived` parameter in `unlock` method. The `unlock` method includes a parameter `ignoreArchived` that allows the method to ignore the archived status of the vault. This change should be verified to ensure it is implemented correctly and does not introduce security vulnerabilities. Specifically, verify that the method correctly handles cases where `ignoreArchived` is set to `true` and `false`.backend/src/test/java/org/cryptomator/hub/api/VaultResourceTest.java (2)
`165-168`: The modification to expect a 200 status code for archived vaults when `evenIfArchived` is set to true aligns with the PR's objectives. This ensures that the test reflects the new functionality correctly. --- `381-385`: Adding a test to verify that accessing tokens for archived vaults returns a 200 status code under the correct conditions is a necessary validation for the new functionality. This test ensures that the system behaves as expected when the `evenIfArchived` parameter is used.
Posting new access-tokens does not harm for archived vaults. Hard and soft boundaries are still respected.
Fixes #269
Summary by CodeRabbit