Skip to content
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions src/modules/get_all_members/app/get_all_members_usecase.py
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,7 @@ def __call__(self,user_id: str, start_date: Optional[int] = None, end_date: Opti
member.strikes_allowed= 4

member.strikes= len(member_list_strike_this_sem)
member.strikes_id= [s.strike_id for s in member_list_strike_this_sem]
member.hours_worked = hours_worked.get(member_user_id, 0) if is_admin else None
Comment on lines 88 to 92

Copilot AI Feb 28, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

member_list_strike_this_sem is only assigned inside if member_list_strikes:, but it’s used unconditionally to compute member.strikes and member.strikes_id. When get_strike_by_target_id returns None (or an empty list), this will raise UnboundLocalError. Initialize member_list_strikes to ... or [] and always build member_list_strike_this_sem (defaulting to an empty list) before taking len() / mapping ids.

Copilot uses AI. Check for mistakes.
member.project = member_projects[member_user_id]

Expand Down
2 changes: 2 additions & 0 deletions src/modules/get_all_members/app/get_all_members_viewmodel.py
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@ def __init__(self, member: Member):
self.user_id = member.user_id
self.photo = member.photo
self.strikes = member.strikes
self.strikes_id = member.strikes_id
self.strikes_allowed = member.strikes_allowed
self.hours_worked = member.hours_worked

Expand All @@ -61,6 +62,7 @@ def to_dict(self):
'active' : self.active.value,
'user_id' : self.user_id,
'strikes' : self.strikes,
'strikes_id' : self.strikes_id,
'strikes_allowed' : self.strikes_allowed,
Comment on lines 63 to 66

Copilot AI Feb 28, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Returning strikes_id for every member from the non-admin get_all_members response can leak strike identifiers to regular users. In this codebase, GetStrikeUsecase only checks that the requester is active (no ownership/admin authorization), so exposing IDs here makes it trivial to fetch strike details for other users. Consider omitting strikes_id in this endpoint (or only including it for the requester / admins).

Copilot uses AI. Check for mistakes.
'photo' : self.photo,

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -98,6 +98,7 @@ def __call__(self,user_id: str, start_date: Optional[int] = None, end_date: Opti
member.strikes_allowed= 4

member.strikes= len(member_list_strike_this_sem)
member.strikes_id= [s.strike_id for s in member_list_strike_this_sem]
member.hours_worked = hours_worked.get(member_user_id, 0)
member.project = member_projects[member_user_id]

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ class MemberViewModel:
user_id: str
hours_worked: int
strikes: int
strikes_id: list

Copilot AI Feb 28, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Type annotation strikes_id: list is too generic and inconsistent with other viewmodels (e.g., GetMemberViewModel uses List[str]). Prefer List[str] (or list[str] if the project targets Python 3.9+) for clearer contracts and better static checking.

Suggested change
strikes_id: list
strikes_id: List[str]

Copilot uses AI. Check for mistakes.
strikes_allowed: int
photo: Optional[str] = None

Expand All @@ -42,6 +43,7 @@ def __init__(self, member: Member):
self.user_id = member.user_id
self.hours_worked = member.hours_worked
self.strikes = member.strikes
self.strikes_id = member.strikes_id
self.strikes_allowed = member.strikes_allowed
self.photo = member.photo

Expand All @@ -64,6 +66,7 @@ def to_dict(self):
'user_id' : self.user_id,
'hours_worked' : self.hours_worked,
'strikes' : self.strikes,
'strikes_id' : self.strikes_id,
'strikes_allowed' : self.strikes_allowed,
'photo' : self.photo
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@ def test_get_all_members_controller(self):
'user_id': "93bc6ada-c0d1-7054-66ab-e17414c48ae3",
'photo': None,
'strikes': 1,
'strikes_id': ['t0u1v2w3-x4y5-6789-0123-456789tuvwxy'],
'strikes_allowed': 2
}
},
Expand All @@ -68,6 +69,7 @@ def test_get_all_members_controller(self):
'user_id': "51ah5jaj-c9jm-1345-666ab-e12341c14a3",
'photo': None,
'strikes': 2,
'strikes_id': ['f6g7h8i9-j0k1-2345-6789-012345fghijk', 's9t0u1v2-w3x4-5678-9012-345678stuvwx'],
'strikes_allowed': 2
}
},
Expand All @@ -90,6 +92,7 @@ def test_get_all_members_controller(self):
'user_id': "76h35dg4-h76v-1875-987hn-h67gfv45Gt4",
'photo': None,
'strikes': 0,
'strikes_id': [],
'strikes_allowed': 2
}
},
Expand All @@ -112,6 +115,7 @@ def test_get_all_members_controller(self):
'user_id': "6f5g4h7J-876j-0098-123hb-hgb567fy4hb",
'photo': None,
'strikes': 4,
'strikes_id': ['d4e5f6g7-h8i9-0123-4567-890123defghi', 'g7h8i9j0-k1l2-3456-7890-123456ghijkl', 'h8i9j0k1-l2m3-4567-8901-234567hijklm', 'i9j0k1l2-m3n4-5678-9012-345678ijklmn'],
'strikes_allowed': 2
}
},
Expand All @@ -134,6 +138,7 @@ def test_get_all_members_controller(self):
'user_id': "6574hgyt-785n-9134-18gn4-7gh5uvn36cG",
'photo': None,
'strikes': 4,
'strikes_id': ['d4e5f6g7-h8i9-0123-4567-890123defghi', 'g7h8i9j0-k1l2-3456-7890-123456ghijkl', 'h8i9j0k1-l2m3-4567-8901-234567hijklm', 'i9j0k1l2-m3n4-5678-9012-345678ijklmn'],
'strikes_allowed': 2
}
},
Expand All @@ -156,6 +161,7 @@ def test_get_all_members_controller(self):
'user_id': "7gh5yf5H-857H-1234-75hng-94832hvng1s",
'photo': None,
'strikes': 4,
'strikes_id': ['b2c3d4e5-f6g7-8901-2345-678901bcdefg', 'o5p6q7r8-s9t0-1234-5678-901234opqrst', 'p6q7r8s9-t0u1-2345-6789-012345pqrstu', 'q7r8s9t0-u1v2-3456-7890-123456qrstuv'],
'strikes_allowed': 2
# alterei
}
Expand All @@ -179,6 +185,7 @@ def test_get_all_members_controller(self):
'user_id': "7465hvnb-143g-1675-86HnG-75hgnFbcg36",
'photo': None,
'strikes': 3,
'strikes_id': ['a1b2c3d4-e5f6-7890-1234-567890abcdef', 'c3d4e5f6-g7h8-9012-3456-789012cdefgh', 'n4o5p6q7-r8s9-0123-4567-890123nopqrs'],
'strikes_allowed': 2
}
},
Expand All @@ -201,6 +208,7 @@ def test_get_all_members_controller(self):
'user_id': "75648hbr-184n-1985-91han-7ghn4HgF182",
'photo': None,
'strikes': 3,
'strikes_id': ['l2m3n4o5-p6q7-8901-2345-678901lmnopq', 'm3n4o5p6-q7r8-9012-3456-789012mnopqr', 'p6q7r8s9-t0u1-2345-6789-012345pqrstu'],
'strikes_allowed': 2
}
},
Expand All @@ -223,6 +231,7 @@ def test_get_all_members_controller(self):
'user_id': "9183jBnh-997H-1010-10god-914gHy46tBh",
'photo': None,
'strikes': 3,
'strikes_id': ['l2m3n4o5-p6q7-8901-2345-678901lmnopq', 'm3n4o5p6-q7r8-9012-3456-789012mnopqr', 'p6q7r8s9-t0u1-2345-6789-012345pqrstu'],
'strikes_allowed': 2
}
},
Expand All @@ -245,6 +254,7 @@ def test_get_all_members_controller(self):
'user_id': '5f55f6a5-a66e-4fff-9faf-72cd478bd5a0',
'photo': None,
'strikes': 0,
'strikes_id': [],
'strikes_allowed': 2
}
},
Expand All @@ -267,6 +277,7 @@ def test_get_all_members_controller(self):
'user_id': '3b07232f-4f65-42c6-b005-242550b8b8dc',
'photo': None,
'strikes': 0,
'strikes_id': [],
'strikes_allowed': 2
}
},
Expand All @@ -289,6 +300,7 @@ def test_get_all_members_controller(self):
'user_id': '3b07232f-4f65-42c6-b005-242550b8b8bf',
'photo': None,
'strikes': 0,
'strikes_id': [],
'strikes_allowed': 2
}
},
Expand All @@ -311,6 +323,7 @@ def test_get_all_members_controller(self):
'user_id': '3b07232f-4f65-42c6-b005-242550b8b8ty',
'photo': None,
'strikes': 0,
'strikes_id': [],
'strikes_allowed': 2
}
},
Expand All @@ -333,6 +346,7 @@ def test_get_all_members_controller(self):
'user_id': '3b07232f-4f65-42c6-b005-242550b8h9ir',
'photo': None,
'strikes': 0,
'strikes_id': [],
'strikes_allowed': 2
}
}
Expand Down
Loading