Skip to content

feat: validate entity types before navigation #499

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
SharanRP wants to merge 5 commits into
base: develop
Choose a base branch
from
Open

feat: validate entity types before navigation #499

SharanRP wants to merge 5 commits into from

Conversation

@SharanRP
Copy link
Contributor

@SharanRP SharanRP commented Sep 27, 2025

closes #475

@safwansamsudeen
Copy link
Collaborator

safwansamsudeen commented Sep 29, 2025

@SharanRP thanks for this PR! I'll merge this, but could you clean up the code a bit - for example, refactor the three functions into one uniform one?

@SharanRP
Copy link
Contributor Author

SharanRP commented Sep 29, 2025

Have made the changes

@safwansamsudeen
Copy link
Collaborator

safwansamsudeen commented Oct 3, 2025

Sharan,

I'm sorry - I should have realized this earlier. But this is not a good way to solve the issue, because we're adding an extra server call for every route.

Instead get_entity_with_permissions (server code, in permissions.py) should check, and if it's failing it should either send a redirect (preferred) or error out.

Do you want to take this up?

@SharanRP
Copy link
Contributor Author

SharanRP commented Oct 3, 2025

Yes, thank you for the guidance ,I’ll make the necessary changes.

@safwansamsudeen safwansamsudeen changed the title feat: feat: enhance route guards to validate entity types before navi… feat: validate entity types before navigation Oct 6, 2025
@SharanRP
Copy link
Contributor Author

SharanRP commented Oct 13, 2025

@safwansamsudeen can you check this once

safwansamsudeen
safwansamsudeen approved these changes Oct 14, 2025
View reviewed changes
drive/api/permissions.py Outdated

@frappe.whitelist(allow_guest=True)
def get_entity_with_permissions(entity_name):
def get_entity_with_permissions(entity_name, expected_type=None):
Copy link
Collaborator

@safwansamsudeen safwansamsudeen Oct 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This isn't a good paradigm - instead, could you analyze the route and get the file type?

frontend/src/pages/Document.vue Outdated
entity_name: props.entityName,
expected_type: "document",
},
transform(entity) {
Copy link
Collaborator

@safwansamsudeen safwansamsudeen Oct 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should be done in onSuccess, not transform

drive/api/files.py


@frappe.whitelist(allow_guest=True)
def get_entity_type(entity_name):
Copy link
Collaborator

@safwansamsudeen safwansamsudeen Oct 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why was this deleted?

safwansamsudeen
safwansamsudeen requested changes Oct 14, 2025
View reviewed changes
Copy link
Collaborator

@safwansamsudeen safwansamsudeen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey, could you make the requested changes? Reach out @realsafwan in Telegram if you need some help.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@safwansamsudeen safwansamsudeen safwansamsudeen requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Enforce routing checks

2 participants

@SharanRP @safwansamsudeen