Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check all mobile endpoints besides submissions #30806

Merged
merged 3 commits into from
Dec 6, 2021
Merged

Check all mobile endpoints besides submissions #30806

merged 3 commits into from
Dec 6, 2021

Conversation

esoergel
Copy link
Contributor

@esoergel esoergel commented Dec 3, 2021

Product Description

Make the mobile access restrictions block all mobile endpoints besides form submissions (currently it blocks only the restore endpoint)
https://dimagi-dev.atlassian.net/browse/USH-1399

Technical Summary

Extracted from #30761
Rolling out the restrictions on form submissions will require a bit more legwork, so I'm hoping to merge everything else first.

Feature Flag

USH: Require explicit permissions to access mobile app endpoints

Safety Assurance

Safety story

A version of this has been in use for months on just the restore endpoint. This PR has been on staging for a while now, and I've tested it out as described below, without issue.

Automated test coverage

QA Plan

I tested this on staging and found the expected behavior (though the form submissions changes aren't in this version of the PR)

restore case search form submission
Web Apps (setting disabled) ✔️ ✔️ ✔️
Mobile (setting disabled) ✔️ ✔️ ✔️
Web Apps (setting enabled) ✔️ ✔️ ✔️
Mobile (setting enabled)
Mobile (setting enabled, with permission) ✔️ ✔️ ✔️

Rollback instructions

  • This PR can be reverted after deploy with no further considerations

Labels & Review

  • Risk label is set correctly
  • The set of people pinged as reviewers is appropriate for the level of risk of the change

@esoergel esoergel added product/feature-flag Change will only affect users who have a specific feature flag enabled product/invisible Change has no end-user visible impact labels Dec 3, 2021
@esoergel esoergel requested a review from snopoke December 3, 2021 22:14
@dimagimon dimagimon added the Risk: High Change affects files that have been flagged as high risk. label Dec 3, 2021
@esoergel esoergel merged commit 2c1c8f0 into master Dec 6, 2021
@esoergel esoergel deleted the es/mobile-auth-1 branch December 6, 2021 14:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@snopoke snopoke snopoke approved these changes

Assignees
No one assigned
Labels
product/feature-flag Change will only affect users who have a specific feature flag enabled product/invisible Change has no end-user visible impact Risk: High Change affects files that have been flagged as high risk.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@esoergel @snopoke @dimagimon