[ESCONF-12] write a lint rule to prevent .all in permission sets Created: 30/Sep/21  Updated: 18/Jun/22  Resolved: 16/Jun/22

Status: Closed
Project: eslint-config-stripes
Components: None
Affects versions: None
Fix versions: None

Type: Story Priority: P3
Reporter: Zak Burke Assignee: Ryan Berger
Resolution: Won't Do Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Issue links:
Relates
relates to FOLIO-3198 UI apps should avoid using ".all" per... Closed
Sprint: stripes-force 133, stripes-force 134
Development Team: Stripes Force

 Description   

Summary: UI permission sets should not contain .all permissions from backend repositories. We should be able to check for that with lint.



 Comments   
Comment by Craig McNally [ 03/Feb/22 ]

Khalilah Gambrell - the security team discussed this today and think it would be helpful to have this in place.  When do you think the team can get to this?

Comment by Khalilah Gambrell [ 08/Mar/22 ]

Per stripes-force weekly meeting > Ryan will create a story to investigate approach to address this issue. 

Comment by Ryan Berger [ 16/Jun/22 ]

Based on the limitation of JSON where comments are not allowed, this makes the implementation of this rule very difficult since there would be no way to override cases where .all is actually needed. Any other approach such as converting these config values to javascript is a ton of effort for not a whole lot of benefit, since most repositories have already fixed offending cases. Only inn-reach has major cleanup left to do. All that said, I am closing this issue as 'won't do'.

Comment by Khalilah Gambrell [ 18/Jun/22 ]

Craig McNally, please see Ryan Berger above comment.

cc: Zak Burke

Generated at Thu Feb 08 22:14:40 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.