Skip to content

AMP-31140 : Actions before TruBudget AUdit#4491

Open
brianbrix wants to merge 83 commits into
developfrom
task/AMP-31140/Priority-changes-before-TruBudget-Audit
Open

AMP-31140 : Actions before TruBudget AUdit#4491
brianbrix wants to merge 83 commits into
developfrom
task/AMP-31140/Priority-changes-before-TruBudget-Audit

Conversation

@brianbrix

Copy link
Copy Markdown
Contributor

No description provided.

brianbrix added 25 commits June 15, 2026 19:30
@brianbrix brianbrix force-pushed the task/AMP-31140/Priority-changes-before-TruBudget-Audit branch from b77e2a0 to b907ad7 Compare June 23, 2026 13:05
brianbrix added 17 commits June 27, 2026 23:21
…rlays, @types/*, etc.)

- Add react-overlays ^5.1.2 (required by react-bootstrap esm imports)
- Add @types/react-transition-group, @types/warning, @types/invariant
  (peer deps of react-bootstrap@1.6.8 not auto-resolved by npm workspaces)
- Regenerate package-lock.json with npm v10 (lockfileVersion 3)
- All react-bootstrap@1.6.8 dependencies now fully resolved
…rify-shim for gisModule) accidentally removed in CVE fix
…rowserify-shim depends unreliable with browserify v17)
@brianbrix brianbrix force-pushed the task/AMP-31140/Priority-changes-before-TruBudget-Audit branch from 8f4f8f5 to 4067234 Compare June 30, 2026 06:24
…ui-i18n.js so it never uses window.jQuery global
The viewActivityHistory page has security="none" in Spring Security so
CsrfFilter never runs when rendering it. digi:form gets null CsrfToken
attribute and emits no _csrf hidden field. When the form POSTs to
/aim/compareActivityVersions.do it hits the catch-all chain which has
CSRF enabled, fails validation and redirects to login.

Fix: add a specific http pattern block for compareActivityVersions.do
before the catch-all, with csrf disabled. This action only reads/compares
activity versions - it does not mutate state - so disabling CSRF is safe.
Struts module-config.xml still enforces login-required=true via the
RequestProcessor layer.
The id-values endpoint resolves IDs to name/value objects for the preview
UI. AmpActivityIndirectProgram.program was missing the @PossibleValues
annotation, so the enumerator never produced possible values for any
field path containing 'indirect_programs~program'. This meant the UI
received raw IDs with no labels for indirect programs.

Additionally, indirect programs for a 'National Plan Objective' activity
program are auto-mapped via NDD and typically belong to 'Primary Program'
type. Using ThemePossibleValuesProvider (which filters by the inherited
discriminator value 'National Plan Objective') would not find them.

Fix:
- Add AllThemesPossibleValuesProvider: queries ALL AmpTheme records with
  no program-type filter. Does not implement DiscriminatedPossibleValues-
  Provider so the enumerator uses a no-arg constructor and ignores the
  parent discriminator value.
- Add PossibleValuesDAO.getAllThemes() and its AmpPossibleValuesDAO impl
  (HQL query on AmpTheme with no configType filter).
- Annotate AmpActivityIndirectProgram.program with
  @PossibleValues(AllThemesPossibleValuesProvider.class).

After this fix the id-values endpoint will include
  national_plan_objective~indirect_programs~program,
  primary_programs~indirect_programs~program, etc.
with the resolved theme names, so the preview UI can display them.
@brianbrix brianbrix force-pushed the task/AMP-31140/Priority-changes-before-TruBudget-Audit branch from 32f6aa9 to 1630349 Compare July 1, 2026 17:48
brianbrix added 5 commits July 1, 2026 19:18
Pin amp-ui to 7386db9f9c75f2679c0c5185a7364c2807002cf8 which fixes
getFieldDef for 3+ level field paths so indirect_programs~program IDs
are collected and sent in the id-values request.
Remove Android SDK, .NET, GHC, Boost and agent tools (~20GB freed)
plus apt cache and dangling Docker artifacts before the build starts.
Prints df -h before and after for visibility.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant