Skip to content

[backend] feat: RBAC update most fetch API calls from frontend for simulations and scenarios to use simulation/scenario specifi endpoints. #3664

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: issue/375
Choose a base branch
from

Conversation

impolitepanda
Copy link
Member

Proposed changes

  • changed fetch calls which were too broad to scope them to simulation and scenarios
  • This doesn't include players and teams fetch calls (out of scope for RBAC for now)

Testing Instructions

  1. Step-by-step how to test
  2. Environment or config notes

Related issues

Checklist

  • I consider the submitted work as finished
  • I tested the code for its functionality
  • I wrote test cases for the relevant uses case
  • I added/update the relevant documentation (either on github or on notion)
  • Where necessary I refactored code to improve the overall quality
  • For bug fix -> I implemented a test that covers the bug

Unit tests are not part of this PR and will be in an ulterior chunck

…mulations and scenarios to use simulation/scenario specifi endpoints.
@damgouj damgouj self-requested a review July 22, 2025 12:21
Copy link
Member

@damgouj damgouj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested and some issues detected with lessons learned:
image
(same for scenarios)

Ok for me for the rest :) ! Thanks !


@GetMapping(EXERCISE_URI + "/{exerciseId}/lessons_templates")
@Operation(
summary = "Get documents. Can only be called if the user has access to the given simulation.",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Replace documents by lessons in the summary ;)

description = "Get all channels for a given simulation")
@PreAuthorize("isObserver()")
public Iterable<Channel> channels() {
return this.channelRepository.findAll();
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am not sure to understand. You get for each parameter, all the datas from the database ? The API is /{exerciseId}/channels so for me, the result should be "all the channels for this exercise" ?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, I think I got it after reviewing all your code. It's to prepare and protect an exercise ? For example, if I have the right to manage an exercise, I have the right to get all assets groups and add one in my exercise but not in the asset group screen ?

// region lesson templates
@GetMapping(SCENARIO_URI + "/{scenarioId}/lessons_templates")
@Operation(
summary = "Get documents. Can only be called if the user has access to the given scenario.",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Replace documents by lessons in the summary ;)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants