Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement cyberstorm disband team endpoint (TS-2313) #1102

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Implement cyberstorm disband team endpoint (TS-2313) #1102

wants to merge 1 commit into from
+130 −17

Conversation

Roffenlund
Copy link
Contributor

Implement a DELETE endpoint for disbanding(deleting) teams in the Cyberstorm API.

Refs. TS-2313

x753
x753 approved these changes Feb 18, 2025
View reviewed changes
Copy link
Contributor

@x753 x753 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can't disband a team with at least one package. You can't disband a team if you aren't the owner. These don't necessarily need to be expressed as API responses here (the current implementation adds "can_disband" to the context of the page and displays the blocking error at all times), but this information will need to be conveyed either here or in a retrieve API.

@Roffenlund
Copy link
Contributor Author

You can't disband a team with at least one package. You can't disband a team if you aren't the owner. These don't necessarily need to be expressed as API responses here (the current implementation adds "can_disband" to the context of the page and displays the blocking error at all times), but this information will need to be conveyed either here or in a retrieve API.

I'm not sure if I understood you correctly, but not enforcing these checks at the API level could be risky since clients can bypass the UI. I believe the API should still validate and reject unauthorized disbanding attempts, regardless of how the UI handles it.

@x753
Copy link
Contributor

x753 commented Feb 18, 2025

You can't disband a team with at least one package. You can't disband a team if you aren't the owner. These don't necessarily need to be expressed as API responses here (the current implementation adds "can_disband" to the context of the page and displays the blocking error at all times), but this information will need to be conveyed either here or in a retrieve API.

I'm not sure if I understood you correctly, but not enforcing these checks at the API level could be risky since clients can bypass the UI. I believe the API should still validate and reject unauthorized disbanding attempts, regardless of how the UI handles it.

I meant they could use a unique response besides "You do not have permission to disband this team."

@Roffenlund
Implement cyberstorm disband team endpoint
31287a9 
Implement a DELETE endpoint for disbanding(deleting) teams.

Refs. TS-2313
@Roffenlund Roffenlund force-pushed the cyberstorm-api-disband-team branch from 31a9a7b to 31287a9 Compare February 20, 2025 12:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@x753 x753 x753 approved these changes

@MythicManiac MythicManiac Awaiting requested review from MythicManiac

Assignees

@MythicManiac MythicManiac

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Roffenlund @x753 @MythicManiac