Validando supervisor principal#388
Conversation
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
There was a problem hiding this comment.
Actionable comments posted: 3
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
resources/js/Components/DiligenceChat.vue (1)
110-118: 🔒 Security & Privacy | 🟠 Major | ⚡ Quick winAdd backend authorization for
diligences.store.StoreDiligenceMessageRequest::authorize()still returnstrue, and the controller/service don’t enforce the principal-supervisor rule, so any authenticated user can POST this route and send a diligence message.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@resources/js/Components/DiligenceChat.vue` around lines 110 - 118, Restrict diligence message creation to authorized principals and supervisors: update StoreDiligenceMessageRequest::authorize() to enforce the principal-supervisor rule, and ensure the controller/service path for diligences.store applies the same authorization before sending the message. Reject unauthorized users with the appropriate authorization response.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@resources/js/Pages/Groups/Users.vue`:
- Around line 100-106: Adjust the v-col widths in the user row so the checkbox,
avatar, name, email, roles, and actions columns total exactly 12 columns; update
the relevant column declarations in the Users.vue row while preserving their
relative layout and keeping the actions column on the same line.
In `@resources/js/Pages/ProjectDetails/Partials/Tabs/MonitoringTab.vue`:
- Around line 305-311: Enforce the principal-supervisor authorization rule
server-side for both `projects.stages.request-next-installment` and
`projects.stages.advance`, rather than relying on the UI’s
`canUserHandleMonitoring` disabled state. Update the corresponding
controller/action methods and shared authorization logic to reject users who do
not satisfy the principal-supervisor requirement, while preserving the existing
sector-role check for `advance`.
In `@resources/js/Pages/ProjectDetails/Partials/Tabs/PaymentTab.vue`:
- Around line 393-397: The SaveButton in the payment remarks section must remain
disabled throughout the tramitação request, not only while remarksForm is
processing. Update the SaveButton’s loading or can-save binding to also account
for tramitLoading, alongside the existing canUserHandlePayment and
selectedInstallment checks.
---
Outside diff comments:
In `@resources/js/Components/DiligenceChat.vue`:
- Around line 110-118: Restrict diligence message creation to authorized
principals and supervisors: update StoreDiligenceMessageRequest::authorize() to
enforce the principal-supervisor rule, and ensure the controller/service path
for diligences.store applies the same authorization before sending the message.
Reject unauthorized users with the appropriate authorization response.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: c3afbdcc-2921-420f-a204-eca7c6af0163
📒 Files selected for processing (5)
app/Http/Controllers/GroupController.phpresources/js/Components/DiligenceChat.vueresources/js/Pages/Groups/Users.vueresources/js/Pages/ProjectDetails/Partials/Tabs/MonitoringTab.vueresources/js/Pages/ProjectDetails/Partials/Tabs/PaymentTab.vue
# Conflicts: # resources/js/Components/DiligenceChat.vue
✅ Descrição do propósito desse Pull Request
valida fiscal principal para edicao na fase de monitoramento
🧭 Referência a Issue
#387
❓ O que foi feito para atingir isso?
🏃♀️ Tipo de mudança
Marque as opções relevantes:
🕵️ Como foi testado?
Checklist: ✔️
Observação:
Summary by CodeRabbit
New Features
Style