OUT-2847 | Segregate tasks services for public and web #1079
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
arpandhakal
force-pushed
the
feature/tdb2
branch
from
7025082 to
89c2439
Compare
rrojan
requested changes
Jan 7, 2026
Comment on lines
305
to
313
| async canCreateSubTask(taskId: string): Promise<boolean> { | ||
| const parentPath = await this.getPathOfTask(taskId) | ||
| if (!parentPath) { | ||
| throw new APIError(httpStatus.NOT_FOUND, 'The requested parent task was not found') | ||
| } | ||
| const uuidLength = parentPath.split('.').length | ||
| if (!uuidLength) return true | ||
| return uuidLength <= maxSubTaskDepth | ||
| } |
Collaborator
There was a problem hiding this comment.
We seem to be missing policy-level authorization here
Comment on lines
315
to
324
| async getPathOfTask(id: string) { | ||
| return ( | ||
| await this.db.$queryRaw<{ path: string }[] | null>` | ||
| SELECT "path" | ||
| FROM "Tasks" | ||
| WHERE id::text = ${id} | ||
| AND "workspaceId" = ${this.user.workspaceId} | ||
| ` | ||
| )?.[0]?.path | ||
| } |
Collaborator
There was a problem hiding this comment.
Assuming we use this method directly from controller, we are missing policy service authorization
Collaborator
Author
There was a problem hiding this comment.
These are not used directly from the controller. These are utilities used by the create task method from public and web api. The policy service authorization is already used in the main method calling these utilities. However, I modified the access scope of these methods to make them more secure. Thanks!
- created a separate service file name public.service for tasks - created a separate abstract service which inherits base service and extended by PublicTasksService and TasksService. This file contains all the utilities shared by both of the services. - changed methods in public.controller for tasks - refactored tasks service
…rom both services using the template pattern
…pe of utility methods
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Changes