[dev] [carhartlewis] lewis/comp-framework-editor#2355
Conversation
…s with CRUD operations - Implemented ControlTemplate, PolicyTemplate, and Requirement modules, controllers, and services. - Added DTOs for creating and updating control and policy templates. - Integrated permission checks for all CRUD operations using @RequirePermission decorator. - Enhanced the framework editor with new endpoints for managing templates and requirements.
|
Preview deployment for your docs. Learn more about Mintlify Previews.
|
|
The latest updates on your projects. Learn more about Vercel for GitHub. 2 Skipped Deployments
|
PR SummaryMedium Risk Overview Updates auth and initialization plumbing: adds trusted origins for the framework-editor app, adjusts Adds the framework-editor Next.js UI for admin-only login and managing frameworks (tabs), requirements, controls, policies (including TipTap content editing with JSON size validation), tasks, and document-to-control linking; includes minor UI styling tweaks in the main app control sheet. Written by Cursor Bugbot for commit 39f27bc. This will update automatically on new commits. Configure here. |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
…mplate table - Added migration to remove the documentTypes column, which will result in data loss. - Updated Control model to include controlDocumentTypes relation.
…trolTemplate model - Introduced documentTypes field to the FrameworkEditorControlTemplate model to support evidence form types. - This addition enhances the framework editor's capability to manage document types associated with control templates.
…ramework Editor - Introduced a new Prisma schema for the Framework Editor, defining models such as User, Attachment, and Session. - Added a migration to create the necessary database structure for the new schema. - This setup enhances the framework editor's capabilities for managing user sessions and attachments.
apps/api/src/framework-editor/control-template/control-template.controller.ts
Show resolved
Hide resolved
…ew validation - Added ConflictException handling in delete methods for ControlTemplateService, FrameworkEditorFrameworkService, and PolicyTemplateService to prevent deletion of referenced templates. - Updated data update logic in FrameworkEditorFrameworkService and PolicyTemplateService to conditionally include fields. - Introduced MaxJsonSize validator for policy content to enforce size limits on JSON input. - Enhanced UpdateTaskTemplateDto to include automationStatus field with validation. - Removed deprecated NuqsWrapper component and cleaned up unused search query parameters in DataTable component.
…ard and remove RequirePermission decorators - Replaced HybridAuthGuard and PermissionGuard with PlatformAdminGuard in ControlTemplate, Framework, PolicyTemplate, Requirement, and TaskTemplate controllers. - Removed @RequirePermission decorators from various endpoints to streamline permission handling. - Updated session validation logic in layout and auth pages to check for admin role. - Adjusted authorization utility to enforce admin role requirement alongside internal user check.
… CRUD operations - Updated ControlTemplate, PolicyTemplate, and TaskTemplate controllers and services to accept frameworkId as a query parameter for create and findAll methods. - Modified service logic to conditionally include requirements and control templates based on the provided frameworkId. - Enhanced CreateTaskTemplateDto to allow optional fields for better flexibility. - Updated API documentation to reflect the new frameworkId parameter in relevant endpoints.
.../framework-editor/app/(pages)/frameworks/[frameworkId]/hooks/useRequirementChangeTracking.ts
Show resolved
Hide resolved
…, and policies - Implemented new endpoints in FrameworkEditorFrameworkController to link controls, tasks, and policies to frameworks. - Added corresponding service methods in FrameworkEditorFrameworkService for linking operations. - Introduced a new AddExistingItemDialog component for selecting and linking existing items in the UI. - Updated ControlTemplate, TaskTemplate, and PolicyTemplate services to include linked items in their data fetching logic. - Enhanced API documentation to reflect the new linking endpoints and their parameters.
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 2 potential issues.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
| }), | ||
| ], | ||
| [handleControlLinked, handleControlUnlinked], | ||
| ); |
There was a problem hiding this comment.
Unstable function references defeat column memoization
Medium Severity
handleControlLinked and handleControlUnlinked are plain inline functions (not wrapped in useCallback) but appear in the dependency array of the useMemo for columns. Since new function references are created on every render, the memoization is effectively defeated, causing the entire column definition and table to re-render on every state change.
Additional Locations (1)
| try { | ||
| const serialized = JSON.stringify(value); | ||
| const maxBytes = (args.constraints[0] as number) ?? DEFAULT_MAX_BYTES; | ||
| return serialized.length <= maxBytes; |
There was a problem hiding this comment.
MaxJsonSize validator compares characters not bytes
Low Severity
The MaxJsonSizeConstraint uses serialized.length (UTF-16 code unit count) but the variable is named maxBytes and the error message reports "KB". For content with multi-byte characters (e.g., CJK, emoji), string.length significantly underestimates the actual byte size, allowing payloads that exceed the intended 500 KB limit.
1 participant
This is an automated pull request to merge lewis/comp-framework-editor into dev.
It was created by the [Auto Pull Request] action.