Conversation
…2123) Co-authored-by: chasprowebdev <chasgarciaprowebdev@gmail.com> Co-authored-by: Mariano Fuentes <marfuen98@gmail.com>
PR SummaryMedium Risk Overview Extends Improves policy/version handling: adds Written by Cursor Bugbot for commit 7f79351. This will update automatically on new commits. Configure here. |
|
The latest updates on your projects. Learn more about Vercel for GitHub.
1 Skipped Deployment
|
#2102) * feat(app): send onboarding email for new employee * fix(app): update NEXT_PUBLIC_PORTAL_URL in .env.example * fix(app): employee onboarding email failure after member created causes inconsistent state * fix(app): rebuilt the invite link sent to the new employee * fix(app): remove the unused variables in addEmployeeWithoutInvite.ts * fix(app): failed employee additions silently counted as successful --------- Co-authored-by: chasprowebdev <chasgarciaprowebdev@gmail.com> Co-authored-by: Mariano Fuentes <marfuen98@gmail.com> Co-authored-by: chasprowebdev <70908289+chasprowebdev@users.noreply.github.com>
* feat(portal): add a way to remove screenshots on portal * fix(portal): remove images from S3 when removing screenshots on portal * fix(app): fix the limit issue of S3 delete request * fix(app): return fail if S3 deletion fails * fix(portal): policy image reset modal should not be closed during deletion * fix(portal): reverse the operation order - delete DB records first, then S3 --------- Co-authored-by: chasprowebdev <chasgarciaprowebdev@gmail.com> Co-authored-by: Mariano Fuentes <marfuen98@gmail.com> Co-authored-by: chasprowebdev <70908289+chasprowebdev@users.noreply.github.com>
…g external APIs (#2126) Co-authored-by: chasprowebdev <chasgarciaprowebdev@gmail.com>
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
apps/app/src/app/(app)/[orgId]/people/all/actions/addEmployeeWithoutInvite.ts
Show resolved
Hide resolved
* feat(org-chart): add organization chart functionality and job title field * feat(org-chart): implement upsert functionality and enhance org chart DTO * feat(org-chart): enhance file upload validation and add org chart member type * feat(org-chart): update org chart DTO structure and enhance upload handling * refactor(org-chart): clean up imports and simplify code structure in OrgChartEditor * feat(employee): add job title field and implement member reactivation functionality * feat(people): add job title field to PeopleResponseDto and update queries * refactor(people): simplify tab labels in PeoplePageTabs component --------- Co-authored-by: Lewis Carhart <lewis@trycomp.ai> Co-authored-by: Mariano Fuentes <marfuen98@gmail.com>
…es (#2129) Co-authored-by: Tofik Hasanov <annexcies@gmail.com>
…2130) * fix(api): fix policy version content stored as empty arrays via API class-transformer with enableImplicitConversion was converting TipTap node objects to empty arrays when processing content: unknown[] DTO fields. Added @Transform decorator to preserve raw values. Also: - Block content updates on published policies via PATCH /policies/:id - Align updateVersionContent guard with UI (only block current version when published) - Sync content to current version when updating via PATCH /policies/:id - Add GET /policies/:id/versions/:versionId endpoint - Add Swagger docs for new endpoint Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(app): allow PDF upload/delete on draft policy versions and fix false success toast The upload and delete PDF guards blocked all operations on the current version regardless of policy status. Now only blocks when policy is actually published (matching the pattern used everywhere else). Also fixed PdfViewer onSuccess handlers to check result.data.success before showing the success toast — previously showed "PDF uploaded successfully" even when the server action returned { success: false }. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(api,app): protect current version during needs_review status and fix stale pointer Change version mutation guards from `status === 'published'` to `status !== 'draft'` so that the current version is also protected when the policy is in needs_review state. Fix stale currentVersionId in updateById by reading it inside the transaction. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix(api): move status guard inside transaction to prevent concurrent publish bypass The draft-only content guard was reading policy status before the transaction, allowing a concurrent publish to bypass the check. Now the existence check and status guard both run inside the transaction. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Tofik Hasanov <annexcies@gmail.com> Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.
| ]); | ||
|
|
||
| // Remove the member from the org chart (if present) | ||
| await removeMemberFromOrgChart(ctx.session.activeOrganizationId, memberId); |
There was a problem hiding this comment.
Org chart removal blocks critical member deactivation step
Medium Severity
removeMemberFromOrgChart is called before the critical db.member.update that deactivates the member, and the function has no internal error handling. If the org chart DB update throws (e.g., timeout), the member is never deactivated — yet all their task/policy/risk/vendor assignments are already cleared by the preceding Promise.all. This leaves the member active but stripped of all assignments. In contrast, update-employee.ts correctly calls removeMemberFromOrgChart after the member update transaction has committed.
Additional Locations (1)
|
🎉 This PR is included in version 1.82.3 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
2 participants
This is an automated pull request to release the candidate branch into production, which will trigger a deployment.
It was created by the [Production PR] action.