|
@@ -147,7 +147,15 @@ REVIEW_01.
|
|
|
- **Severity**: HIGH (the JSON path already has the helper; form path
|
|
- **Severity**: HIGH (the JSON path already has the helper; form path
|
|
|
doesn't, and it's the same boilerplate). Real fix is small but stops
|
|
doesn't, and it's the same boilerplate). Real fix is small but stops
|
|
|
ongoing copy-paste.
|
|
ongoing copy-paste.
|
|
|
-- **Status**: open.
|
|
|
|
|
|
|
+- **Status**: fixed-in-57f4143. `SessionGuard::requireAdminForm(Request,
|
|
|
|
|
+ UserRepository): User|Response` added next to `requireAdminJson`; all
|
|
|
|
|
+ nine form sites (SprintController::create/::delete,
|
|
|
|
|
+ WorkerController::create/::update, UserController::update/::tombstone,
|
|
|
|
|
+ SettingsController::update, ImportController::upload/::commit) collapse
|
|
|
|
|
+ to a single call. While at it, `SprintController::gateJsonAdmin` (8
|
|
|
|
|
+ call sites) moved to `SessionGuard::requireAdminJson` since it was
|
|
|
|
|
+ identical and not sprint-specific. Net -27 lines, tests unchanged
|
|
|
|
|
+ at 340/340.
|
|
|
- **Where**:
|
|
- **Where**:
|
|
|
- `src/Controllers/SprintController.php::create` lines 91–99
|
|
- `src/Controllers/SprintController.php::create` lines 91–99
|
|
|
- `…::delete` lines ~1020–1026
|
|
- `…::delete` lines ~1020–1026
|
chiappa