Skip to content

Fix reporting org validation and improve audit logs#62

Merged
simon-20 merged 9 commits intodevelopfrom
sk-fix-reporting-org-validation
Jan 26, 2026
Merged

Fix reporting org validation and improve audit logs#62
simon-20 merged 9 commits intodevelopfrom
sk-fix-reporting-org-validation

Conversation

@simon-20
Copy link
Contributor

@simon-20 simon-20 commented Jan 22, 2026

This PR:

@simon-20
fix: fix validation of reporting org short name
005b295 
Before creating a reporting org, the code checked that there wasn't
already a reporting org with the same short_name, as they have to be
unique - but the check didn't filter out soft deleting orgs on SuiteCRM
so users were blocked from creating orgs with short_names belonging to
deleted orgs. This commit fixes that, and so resolves #61.
@simon-20
fix: alter imports for stricter static analysis
35c3304
@simon-20
refactor: rename exceptions.py to match content
7d14a35
@simon-20
chore: exclude mocked object from type checking
3f37bcb
@simon-20
refactor: removes spurious return statement
61215d1
@simon-20
fix: removes spurious 2nd call to crm
72a2f8b
@simon-20
feat: add custom exception, improve audit logging
ef0ba68 
This commit refactors the exception registration, separating
the handlers from the registration, as the registration function
was being marked as too complex. It also adds a custom generic
handler for all exceptions post-user authentication, and switches
assert_precondition_met to use that.
@simon-20
refactor: update route handlers for new check
db52fec 
Updates route handlers to use the new
assert_precondition_met which includes better audit logging.
@simon-20
build: bump the version
37483bc
@simon-20 simon-20 requested a review from chrisarridge January 22, 2026 06:34
chrisarridge
chrisarridge approved these changes Jan 26, 2026
View reviewed changes
Copy link
Contributor

@chrisarridge chrisarridge left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. I only have one comment about whether we lose a bit of useful information from the audit log in one place, otherwise looks great!

src/register_your_data_api/routers/reporting_orgs.py
audit_log_msg=(
f"Request to create reporting org by user id: {user.user_id_crm} "
f"with non-unique short name: {reporting_org.short_name}"
f"Request to create reporting org failed because the specified short name '{reporting_org.short_name}' "
Copy link
Contributor

@chrisarridge chrisarridge Jan 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

With this change, are we going to lose the ability to know which user attempted to do this? Or will the custom exception handler now inject that information automatically?

Copy link
Contributor Author

@simon-20 simon-20 Jan 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep, the custom exception handler prefixes the log entry with client_id and user_id so that they are always in the same format. RYDUserException is only used downstream of a successful authentication and the user object will always be populated.

@simon-20 simon-20 merged commit bc22041 into develop Jan 26, 2026
5 checks passed
@simon-20 simon-20 deleted the sk-fix-reporting-org-validation branch January 26, 2026 16:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chrisarridge chrisarridge chrisarridge approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Fix validation when creating reporting org so that it only checks shortname against non-deleted orgs

2 participants

@simon-20 @chrisarridge