-
Notifications
You must be signed in to change notification settings - Fork 173
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[new_profile] Make list of available projects user dependent #9236
Conversation
foreach ($projects as $projectID => $projectName) { | ||
$projList[$projectID] = $projectName; | ||
foreach ($user->getProjects() as $project) { | ||
$projList[$project->getName()] = $project->getName(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To fix the test, option 1: return "$projList[$projectID] = $projectName"
option 2: change "1" to "Pumpernickel" in modules/new_profile/test/new_profileTest.php:94
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@kongtiaowang thanks, I'll check it out once I get confirmation that we are moving ahead with this
@driusan as you pointed out this is merely changing the front end options for projects and not preventing the actual creation of participants for other projects. Problem is, changing the validation changes the API and I'm not 100% sure if that should be done at this stage? is it a bugfix or a change of behaviour ? |
I think there's two separate related questions:
It's debateable whether changing 1 would be a bug or a change in behaviour. Point 2, I think, is definitely a bug if it's not currently returning a 403 error. |
|
This test was relying on the Project instantiation to fail to return a 400 is |
Brief summary of changes
It seems like until this PR any user, regardless of their projects, could create participants for any other project. This is very problematic on the institutional LORIS instances like CBIG and BHI.
Currently submitted to CBIG as an override