![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Aug. 9th, 2024
Since I had delegated fixing `consumers` to Devon last night, I spent time waiting and doing other things.
One thing was that in my "style and refactoring" pr Brad found some kind of error.
The thing is, almost all endpoint check that the user does not update his/her own permissions. But not all; and in one endpoint they did not check it, but I replaced it with the call of the method that does.
Ok, it's not a big deal to fix, but how come tests did not fail? And I added a test case that would crash if I call the endpoint with a user updating his permissions. And the test did not fail.
Ok, then I just added a `require`, to make sure that yes, this is the case in the test. The `require` did fail.
Cool. It means, the code that actually checks this constraint does not do anything. Well, it did look like that, but I'm not a pro in cats library.
So, we have a pretty dirty bug in the code. Kind of security hole. Did I mention that it's a banking software I'm working on?
Will create a jira case. Tomorrow.
Meanwhile Devon updated, got a pr approved, merged, and deployed. Which means, my stuff is also... at least deployed to staging.
Now the question is: how can I check that it works in staging? We don't have any tests for that, it must be done manually, and I have no clue how to do it manually.
That's when the workday ended. Monday, Monday... It's a weekend right now.