Skip to content

Feat/1265 renouvellement agrement historique#1194

Merged
olivier-rabot merged 12 commits intofeat/1079-gestion-renouvellement-agrementfrom
feat/1265-renouvellement-agrement-historique
Feb 23, 2026
Merged

Feat/1265 renouvellement agrement historique#1194
olivier-rabot merged 12 commits intofeat/1079-gestion-renouvellement-agrementfrom
feat/1265-renouvellement-agrement-historique

Conversation

@olivier-rabot
Copy link
Contributor

@olivier-rabot olivier-rabot commented Feb 18, 2026
edited
Loading

Ticket(s) lié(s)

https://jira-mcas.atlassian.net/jira/software/c/projects/VAO/boards/336?selectedIssue=VAO-1265

Description

Page historique gestion renouvellement agrement

Dont régressions potentielles à tester

Screenshot / liens loom

Check-list

  • Ma branche est rebase sur main
  • Des tests ont été écrits pour tous les endpoints créés ou modifiés
  • Refacto "à la volée" des parties sur lesquelles j'ai codée
  • Plus de console.log
  • J'ai ajouté une validation de schéma sur la route que j'ai ajouté ou modifié

@olivier-rabot olivier-rabot self-assigned this Feb 18, 2026
@revu-bot revu-bot bot requested a review from revu-bot February 18, 2026 08:34
@olivier-rabot olivier-rabot marked this pull request as ready for review February 18, 2026 08:35
revu-bot
revu-bot reviewed Feb 18, 2026
View reviewed changes
Copy link
Collaborator

@revu-bot revu-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Summary

This PR implements a history tracking feature for agrements (approvals), including database schema, backend API, and frontend UI. The implementation is generally solid but has several CRITICAL and IMPORTANT issues that need attention:

Critical Issues

  1. Security vulnerability: Missing authorization check in history endpoint allows any authenticated user to view any agrement's history
  2. SQL injection risk: Unparameterized query construction in repository
  3. Data integrity: Missing transaction handling in history insertion

Important Issues

  1. Incomplete feature: Commented-out tracking code suggests the feature isn't fully implemented
  2. Code quality: Inconsistent error handling and logging patterns
  3. Type safety: Missing null checks and type validations

Positive Aspects

  • Clean database migration with proper foreign keys
  • Well-structured TypeScript types for history data
  • Good separation of concerns (controller/service/repository)

Recommendation: Address the security and data integrity issues before merging.

achorein
achorein reviewed Feb 18, 2026
View reviewed changes
l-scherer and others added 3 commits February 19, 2026 15:12
@l-scherer
fix: 1320 fusager update siret add test on GDPR restriction (#1184)
4ab0cd9 
## Ticket(s) lié(s)
1320
## Description
Ajout d'un test de retour sur la donnée. Si elle est [ND] cela signifie
que la personne ne souhaite pas de diffusion de données personnelles
[RGPD]
Cf
https://portail-api.insee.fr/catalog/api/2ba0e549-5587-3ef1-9082-99cd865de66f/doc?page=41bc4d65-fca4-436d-bc4d-65fca4136dcd#api-sirene-v4
@achorein
chore: update pnpm config minimumReleaseAge
770306d
@achorein
chore: correction map in dev env
75d6495
achorein
achorein approved these changes Feb 23, 2026
View reviewed changes
@socket-security
Copy link

socket-security bot commented Feb 23, 2026

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Addeddebug@​4.3.710010010083100
Addeddayjs@​1.11.1310010010084100

View full report

@tokenbureau
Copy link

tokenbureau bot commented Feb 23, 2026

🎉 Deployment for commit 881d308 :

Ingresses
Docker images
  • 📦 docker pull harbor.fabrique.social.gouv.fr/vao/vao/backend:sha-881d30824b6e9635b01fc25fde95c564e63c07d4
  • 📦 docker pull harbor.fabrique.social.gouv.fr/vao/vao/cron:sha-881d30824b6e9635b01fc25fde95c564e63c07d4
  • 📦 docker pull harbor.fabrique.social.gouv.fr/vao/vao/external-api:sha-881d30824b6e9635b01fc25fde95c564e63c07d4
  • 📦 docker pull harbor.fabrique.social.gouv.fr/vao/vao/frontend-bo:sha-881d30824b6e9635b01fc25fde95c564e63c07d4
  • 📦 docker pull harbor.fabrique.social.gouv.fr/vao/vao/frontend-usagers:sha-881d30824b6e9635b01fc25fde95c564e63c07d4
  • 📦 docker pull harbor.fabrique.social.gouv.fr/vao/vao/migrations:sha-881d30824b6e9635b01fc25fde95c564e63c07d4
  • 📦 docker pull maildev/maildev:2.1.0
Debug

@olivier-rabot olivier-rabot merged commit 270bb21 into feat/1079-gestion-renouvellement-agrement Feb 23, 2026
25 of 33 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@revu-bot revu-bot revu-bot left review comments

@achorein achorein achorein approved these changes

Assignees

@olivier-rabot olivier-rabot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@olivier-rabot @achorein @revu-bot @l-scherer