AMP-31140 : Actions before TruBudget AUdit#4491
Open
brianbrix wants to merge 83 commits into
Open
Conversation
… web flows except rest(next)
… web flows except rest(next)
… web flows except rest(next)
…uBudget-Audit # Conflicts: # amp/pom.xml
b77e2a0 to
b907ad7
Compare
…rlays, @types/*, etc.) - Add react-overlays ^5.1.2 (required by react-bootstrap esm imports) - Add @types/react-transition-group, @types/warning, @types/invariant (peer deps of react-bootstrap@1.6.8 not auto-resolved by npm workspaces) - Regenerate package-lock.json with npm v10 (lockfileVersion 3) - All react-bootstrap@1.6.8 dependencies now fully resolved
…lendar, react-fit, etc.)
… mismatch in Docker
…rify-shim for gisModule) accidentally removed in CVE fix
…rowserify-shim depends unreliable with browserify v17)
…xed escapes Bootstrap collapse)
8f4f8f5 to
4067234
Compare
…regional when window.$ already set
…ui-i18n.js so it never uses window.jQuery global
The viewActivityHistory page has security="none" in Spring Security so CsrfFilter never runs when rendering it. digi:form gets null CsrfToken attribute and emits no _csrf hidden field. When the form POSTs to /aim/compareActivityVersions.do it hits the catch-all chain which has CSRF enabled, fails validation and redirects to login. Fix: add a specific http pattern block for compareActivityVersions.do before the catch-all, with csrf disabled. This action only reads/compares activity versions - it does not mutate state - so disabling CSRF is safe. Struts module-config.xml still enforces login-required=true via the RequestProcessor layer.
The id-values endpoint resolves IDs to name/value objects for the preview UI. AmpActivityIndirectProgram.program was missing the @PossibleValues annotation, so the enumerator never produced possible values for any field path containing 'indirect_programs~program'. This meant the UI received raw IDs with no labels for indirect programs. Additionally, indirect programs for a 'National Plan Objective' activity program are auto-mapped via NDD and typically belong to 'Primary Program' type. Using ThemePossibleValuesProvider (which filters by the inherited discriminator value 'National Plan Objective') would not find them. Fix: - Add AllThemesPossibleValuesProvider: queries ALL AmpTheme records with no program-type filter. Does not implement DiscriminatedPossibleValues- Provider so the enumerator uses a no-arg constructor and ignores the parent discriminator value. - Add PossibleValuesDAO.getAllThemes() and its AmpPossibleValuesDAO impl (HQL query on AmpTheme with no configType filter). - Annotate AmpActivityIndirectProgram.program with @PossibleValues(AllThemesPossibleValuesProvider.class). After this fix the id-values endpoint will include national_plan_objective~indirect_programs~program, primary_programs~indirect_programs~program, etc. with the resolved theme names, so the preview UI can display them.
32f6aa9 to
1630349
Compare
Pin amp-ui to 7386db9f9c75f2679c0c5185a7364c2807002cf8 which fixes getFieldDef for 3+ level field paths so indirect_programs~program IDs are collected and sent in the id-values request.
Remove Android SDK, .NET, GHC, Boost and agent tools (~20GB freed) plus apt cache and dangling Docker artifacts before the build starts. Prints df -h before and after for visibility.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.