feat: enable public read-only access to FlowInquiry project board#279
Conversation
haiphucnguyen
left a comment
haiphucnguyen
left a comment
There was a problem hiding this comment.
Thank you @caominhduc52 for your contribution. Having few recommendations.
| private Instant endDate; | ||
|
|
||
| @Column(name = "public_access") | ||
| private boolean publicAccess; |
There was a problem hiding this comment.
I think we should set the attribute of public access to ProjectSetting which defines all project settings, while Project contains all mandatory of project information.
Looking ahead, we might want to support more nuanced access levels beyond just public and private, such as public access for all users, public access limited to users within a corporation, and private access. To accommodate this, we could introduce an accessibleType field in ProjectSetting, defined as an enum. Initially, it could support PRIVATE and PUBLIC, with the flexibility to expand as needed.
There was a problem hiding this comment.
Sure, as i'm new to code base, thank you for your suggestion. I'll update accordingly
| .orElseThrow(() -> new ResourceNotFoundException("Project not found")); | ||
|
|
||
| if (!project.isPublicAccess() && isAnonymous) { | ||
| throw new ResourceNotFoundException("Project not found"); |
There was a problem hiding this comment.
well done for this code, when people can not access the project because lacking security requirement, you write the ambigous message instead of explicit message and expose the sensitive information.
3 participants
Description
Update the FlowInquiry project board to support public read-only access without requiring user authentication. This change allows users to view project board content—such as epics, tasks, and statuses—without logging in, improving accessibility and enabling broader audience engagement with project progress.
Changes Made
publicAccessto fw_project tableAdditional Notes