fix: filter category dropdown by identity to prevent leaking restricted category names (#158)#179
Open
JuliaKalder wants to merge 1 commit into
Open
fix: filter category dropdown by identity to prevent leaking restricted category names (#158)#179JuliaKalder wants to merge 1 commit into
JuliaKalder wants to merge 1 commit into
Conversation
…ed category names populateCategoryFilter() now filters templates by the current identity before deriving the category list, matching the behavior already applied in renderTemplateList(). Previously it called getCategories() which returned all categories regardless of identity. Fixes #158
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
populateCategoryFilter()inpopup/popup.jscalledgetCategories()which returned all template categories without identity filtering. SincerenderTemplateList()already filters templates by the current email identity, the category dropdown was leaking the names of categories belonging exclusively to identity-restricted templates.The fix filters templates by identity first, then derives the category list from the visible set only — matching the approach already used in
renderTemplateList().Changes
popup/popup.js: ReplacegetCategories()call with identity-filteredgetTemplates()→ extract categories from filtered templatesTesting
All 96 existing tests pass. No logic changes — only the source of the category list changed.
Fixes #158