Skip to content

fix: 1337 middleware checkpermission hebergement user#1204

Open
olivier-rabot wants to merge 2 commits intomainfrom
fix/1337-desactivation-hebergement
Open

fix: 1337 middleware checkpermission hebergement user#1204
olivier-rabot wants to merge 2 commits intomainfrom
fix/1337-desactivation-hebergement

Conversation

@olivier-rabot
Copy link
Contributor

@olivier-rabot olivier-rabot commented Feb 27, 2026

Ticket(s) lié(s)

https://jira-mcas.atlassian.net/jira/software/c/projects/VAO/boards/336?selectedIssue=VAO-1337

Description

Erreur lors de la desactivation/activation (?) d'un hebergement. Problème d'alias dans la requete SQL. Aussi, suppression d'une double jointure dans une requete sql du meme service (requete getListe)

Screenshot / liens loom

Check-list

  • Ma branche est rebase sur main
  • Des tests ont été écrits pour tous les endpoints créés ou modifiés
  • Refacto "à la volée" des parties sur lesquelles j'ai codée
  • Plus de console.log
  • J'ai ajouté une validation de schéma sur la route que j'ai ajouté ou modifié
  • J'ai converti les fichiers vue en <script lang="ts">
  • Mon code est en Typescript (autant que possible)

Testing instructions

@revu-bot revu-bot bot requested a review from revu-bot February 27, 2026 15:56
@olivier-rabot olivier-rabot marked this pull request as ready for review February 27, 2026 16:14
Copy link
Collaborator

@revu-bot revu-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR Review: fix/1337 middleware checkpermission hebergement user

This PR fixes two issues:

  1. SQL typo bug (pp.currentpph.current) in getIsHebergementAutoriseForUserId query — this was the root cause of the crash.
  2. Missing error handling in the checkPermissionHebergementUser middleware — the unhandled promise rejection from the SQL error was crashing the request without a proper response.

Both fixes are correct and necessary. One additional concern is noted below regarding a residual SQL inconsistency in the getListe query that was not addressed in this PR.

File Lines Severity Issue
Hebergement.js ~194 CRITICAL Residual pp alias in getListe query — same class of bug as the one fixed
checkPermissionHebergementUser.js ~35 MINOR return is unnecessary before the last next() call in the catch block

@olivier-rabot olivier-rabot marked this pull request as draft February 27, 2026 16:22
@olivier-rabot olivier-rabot deployed to build-review-auto February 27, 2026 16:51 — with GitHub Actions Active
@olivier-rabot olivier-rabot marked this pull request as ready for review February 27, 2026 16:52
Copy link
Collaborator

@revu-bot revu-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR Review: fix/1337 middleware checkpermission hebergement user

This PR fixes a SQL bug (pp alias used instead of pph) in getIsHebergementAutoriseForUserId that caused a runtime error, and wraps the middleware call in a try/catch to handle such errors gracefully. The fix is correct and targeted.

File Lines Severity Issue
Hebergement.js 228 CRITICAL Redundant/duplicate personne_physique JOIN in getListe query still present after cleanup
Hebergement.js 191–197 IMPORTANT getIsHebergementAutoriseForUserId query may return false positives due to LEFT JOIN semantics
checkPermissionHebergementUser.js 34–40 MINOR Error detail (err) is logged but not forwarded — acceptable, but consider structured logging

Overall the root-cause fix is correct. One residual concern in the getListe query and a semantic issue with the permission check query are worth addressing.

@tokenbureau
Copy link

tokenbureau bot commented Feb 27, 2026

🎉 Deployment for commit 17bc940 :

Ingresses
Docker images
  • 📦 docker pull harbor.fabrique.social.gouv.fr/vao/vao/backend:sha-17bc940f885c8f38bc6e11427da45b58bcf5db4f
  • 📦 docker pull harbor.fabrique.social.gouv.fr/vao/vao/cron:sha-17bc940f885c8f38bc6e11427da45b58bcf5db4f
  • 📦 docker pull harbor.fabrique.social.gouv.fr/vao/vao/external-api:sha-17bc940f885c8f38bc6e11427da45b58bcf5db4f
  • 📦 docker pull harbor.fabrique.social.gouv.fr/vao/vao/frontend-bo:sha-17bc940f885c8f38bc6e11427da45b58bcf5db4f
  • 📦 docker pull harbor.fabrique.social.gouv.fr/vao/vao/frontend-usagers:sha-17bc940f885c8f38bc6e11427da45b58bcf5db4f
  • 📦 docker pull harbor.fabrique.social.gouv.fr/vao/vao/migrations:sha-17bc940f885c8f38bc6e11427da45b58bcf5db4f
  • 📦 docker pull maildev/maildev:2.1.0
Debug

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants