Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Restrict submissions to the entity actions listed in the form #518

Closed
matthew-white opened this issue Sep 30, 2023 · 1 comment · Fixed by getodk/central-backend#1061
Closed

Restrict submissions to the entity actions listed in the form #518

matthew-white opened this issue Sep 30, 2023 · 1 comment · Fixed by getodk/central-backend#1061
Assignees
@matthew-white
Labels
backend Requires a change to the API server entities Multiple Encounter workflows

Comments

@matthew-white
Copy link
Member

I have an entity list and a form whose submissions create entities in the entity list. My workflow is fairly controlled: submissions create entities only after approval, and I don't use submissions to update entities. Within this context, submissions will specify a create attribute on the meta/entity field. If the submission XML is manually modified to specify an update attribute, then the submission should be rejected. That is, the only action attributes allowed on meta/entity in the submission XML should be those specified in the form XML.

I think this will be especially important once we support entity archiving. You could imagine a public link form that is allowed to create entities, but that definitely shouldn't archive entities.
@matthew-white matthew-white added backend Requires a change to the API server entities Multiple Encounter workflows labels Sep 30, 2023
@github-project-automation github-project-automation bot moved this to 🕒 backlog in ODK Central Sep 30, 2023
@ktuite
Copy link
Member

ktuite commented Oct 9, 2023

This would involve parsing the create/update attributes when we read the dataset definition, saving those actions in the database (in a way that is linked to the form def, so different versions of a form can do different actions), and checking those as submission-processing time.

@ktuite ktuite mentioned this issue Oct 27, 2023
Merged
2 tasks
@ktuite ktuite self-assigned this Nov 27, 2023
@matthew-white matthew-white added needs testing Needs manual testing and removed needs testing Needs manual testing labels Dec 8, 2023
@matthew-white matthew-white moved this from 🕒 backlog to ✏️ in progress in ODK Central Dec 8, 2023
matthew-white added a commit to getodk/central-backend that referenced this issue Dec 8, 2023
@matthew-white
Check entity actions in submission against those permitted by form def
f971794 
Closes getodk/central#518.
@matthew-white matthew-white mentioned this issue Dec 8, 2023
Merged
2 tasks
matthew-white added a commit to getodk/central-backend that referenced this issue Dec 14, 2023
@matthew-white
Check entity actions in submission against those permitted by form def (
43bd8a4 
#1061)

Closes getodk/central#518.
@github-project-automation github-project-automation bot moved this from ✏️ in progress to ✅ done in ODK Central Dec 14, 2023
@matthew-white matthew-white mentioned this issue Apr 12, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@matthew-white matthew-white

Labels
backend Requires a change to the API server entities Multiple Encounter workflows
Projects
ODK Central
Status: ✅ done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Check entity actions in submission against those permitted by form def getodk/central-backend
2 participants
@ktuite @matthew-white