Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Restrict the entitlements allowed by the contract update validator #3128

Closed
SupunS opened this issue Feb 22, 2024 · 2 comments · Fixed by #3134
Closed

Restrict the entitlements allowed by the contract update validator #3128

SupunS opened this issue Feb 22, 2024 · 2 comments · Fixed by #3134
Assignees
@dsainati1
Labels
Improvement Technical Debt
Milestone
OKR_C2_KR1-C1.0_U...

Comments

@SupunS
Copy link
Member

SupunS commented Feb 22, 2024
edited
Loading

Currently this allows any set of entitlements with equal or less access permitted than the "actual" access granted by the migration. E.g. if some reference &T will be given auth(E, F) by the migration, users can update that type in a field to any of &T, auth(E) &T, auth(F) &T, auth(E | F) &T or auth(E, F) &T.

s this okay, or should we be more restrictive and require that users only migrate their field types to exactly what the migration will grant?

Originally posted by @dsainati1 in #3069 (comment)
@SupunS SupunS mentioned this issue Feb 22, 2024
Merged
6 tasks
@SupunS
Copy link
Member Author

SupunS commented Feb 22, 2024

IMO we should restrict the update checker to allow field types to be exactly what the entitlement migration will grant

@SupunS SupunS changed the title Restrict the entitlements allowed by the contract-update checker Restrict the entitlements allowed by the contract update validator Feb 22, 2024
@dsainati1 dsainati1 mentioned this issue Feb 26, 2024
Merged
6 tasks
@turbolent
Copy link
Member

Is it a problem if they choose a less permissive variant?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dsainati1 dsainati1

Labels
Improvement Technical Debt
Projects
None yet
Milestone
OKR_C2_KR1-C1.0_Upgrade_testing
3 participants
@turbolent @dsainati1 @SupunS