fix(api): move recent-actions LogEntry query into audit.py (test_s15 red on main)#525
Closed
MartinCastroAlvarez wants to merge 1 commit into
Closed
fix(api): move recent-actions LogEntry query into audit.py (test_s15 red on main)#525MartinCastroAlvarez wants to merge 1 commit into
MartinCastroAlvarez wants to merge 1 commit into
Conversation
#505 inlined `LogEntry.objects.filter(user__pk=...)` in `api/views/recent_actions.py`, which trips the security invariant `tests/test_security.py::test_s15_no_objects_all_or_filter_in_api` (SECURITY §3 rule 10 / ACCEPTANCE B-2: no `Model.objects.all|filter` under `api/`). It merged green because only CodeQL gates server-side — exactly the regression class #452 is about — so `test_s15` has been red on `main`. `audit.py` exists precisely to hold LogEntry access *outside* `api/` (LogEntry is Django's own audit table, not a consumer model, so the get_queryset rule is inapplicable — but the query still belongs out of the consumer-model API layer). Add `user_log_entries(user_pk, limit)` there, alongside the existing `object_log_entries`, and call it from the view. Pure refactor — identical query (`user__pk`, newest-first, sliced). Verified: `test_s15` + all 12 `test_recent_actions` pass; ruff + flake8 clean on both files. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Owner
Author
|
Superseded by #523 (merged) — same fix (move the recent-actions |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
tests/test_security.py::test_s15_no_objects_all_or_filter_in_apiis currently red onmain: #505 inlinedLogEntry.objects.filter(user__pk=…)indjango_admin_react/api/views/recent_actions.py, violating the hard invariant that noModel.objects.all|filterappears underapi/(SECURITY §3 rule 10 / ACCEPTANCE B-2). It merged green because only CodeQL gates server-side — precisely the regression class #452 is about.Fix
Move the query into
django_admin_react/audit.py— the module that exists specifically to holdLogEntryaccess outsideapi/(LogEntry is Django's own audit table, not a consumer model, soget_querysetis inapplicable; but the query still doesn't belong in the consumer-model API layer). Adduser_log_entries(user_pk, limit)beside the existingobject_log_entries, and call it from the view.Pure refactor — identical query (
user__pk,-action_time, sliced tolimit); no behavior change.Tier
Tier 2/3 — restores a security invariant; backend only, no auth/CSRF surface change.
Verification
pytest tests/test_security.py::test_s15… tests/test_recent_actions.py→ 13 passed (the security test goes green; all 12 recent-actions tests unchanged).ruff check+flake8clean on both changed files.This makes
mainpass its own security suite again (and unblocks the backend job in the CI PR #506).🤖 Generated with Claude Code