search

opencaching / opencaching-pl

The source code of Opencaching.PL (and some other domains)
https://opencaching.pl/
GNU General Public License v3.0
22 stars 33 forks source link

#2295: final commit for reactivationRules implementation #2303

Closed kojoty closed 2 years ago

rapotek commented 2 years ago

@kojoty I haven't got time to test it before, but I am doing it now and there is a thing. Correct me if I am wrong, but a verification if any of reactivation rule is selected is done on a client side only. I think, when there is a requirement to select one of available options, it should be verified on a server side, too. And one more thing: no reactivation rule is selected by default and the user creating a cache has to manually select one every time. I suppose it is made on purpose in this way and has been discussed with Polish OcTeam? Or not?

kojoty commented 2 years ago

@rapotek No, I think there is no need to validate presence of reactivation rules on server side. I think react.rule is some kind of convention. I even leave the solution to select "custom" rules and leave the textfield blank - it also can be selected - but I think this is a decision of the user to intentionally skip reactivation rules. If someone decide to modify the request to send form without reactivation rules I think it is something what should not be prevented.

And yes, no rules are selected by default because user should decide once for each geocache how to deal with reactivations.

rapotek commented 2 years ago

@rapotek No, I think there is no need to validate presence of reactivation rules on server side. I think react.rule is some kind of convention. I even leave the solution to select "custom" rules and leave the textfield blank - it also can be selected - but I think this is a decision of the user to intentionally skip reactivation rules. If someone decide to modify the request to send form without reactivation rules I think it is something what should not be prevented.

I always thought client-side verification is a convenience, server-side one is security, but... as you wish.

kojoty commented 2 years ago

Rapotek,

I fully agree generally - that's obvious - but I think reactivation rules selection is only a strong suggestion for user not an obligation so that's why there is no need to validate it this way

On Tue, Oct 19, 2021 at 8:41 AM rapotek @.***> wrote:

@rapotek https://github.com/rapotek No, I think there is no need to validate presence of reactivation rules on server side. I think react.rule is some kind of convention. I even leave the solution to select "custom" rules and leave the textfield blank - it also can be selected - but I think this is a decision of the user to intentionally skip reactivation rules. If someone decide to modify the request to send form without reactivation rules I think it is something what should not be prevented.

I always thought client-side verification is a convenience, server-side one is security, but... as you wish.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/opencaching/opencaching-pl/pull/2303#issuecomment-946411255, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAWTAKCWSQI3LGQBTPEEMXLUHUHIPANCNFSM5GCX5TBQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.