Skip to content

fix cascading on group entities#93

Merged
oskargawr merged 1 commit into
mainfrom
fix/removing-groups-with-expenses
Jun 24, 2025
Merged

fix cascading on group entities#93
oskargawr merged 1 commit into
mainfrom
fix/removing-groups-with-expenses

Conversation

@oskargawr

@oskargawr oskargawr commented Jun 24, 2025

Copy link
Copy Markdown
Contributor

Summary by Sourcery

Fix cascading behavior on Group entity by applying CascadeType.ALL and orphanRemoval to expenses and balances and update Postman collection resource.

Bug Fixes:

  • Add CascadeType.ALL and orphanRemoval to Group.expenses and Group.balances associations to ensure proper cascading deletes.

Chores:

  • Update Postman collection resource filename in backend resources.

@sourcery-ai

sourcery-ai Bot commented Jun 24, 2025

Copy link
Copy Markdown

Reviewer's Guide

This PR enhances the Group entity by introducing cascade-managed one-to-many relationships for expenses and balances (with orphan removal) and updates the Postman API collection for testing.

Class diagram for updated Group entity relationships

classDiagram
    class Group {
        List~GroupInvitation~ invitations
        List~Expense~ expenses
        List~GroupBalance~ balances
        void addMember(User user, GroupRole role)
    }
    class GroupInvitation {
        Group group
    }
    class Expense {
        Group group
    }
    class GroupBalance {
        Group group
    }
    Group "1" --o "*" GroupInvitation : cascade+orphanRemoval
    Group "1" --o "*" Expense : cascade+orphanRemoval
    Group "1" --o "*" GroupBalance : cascade+orphanRemoval
Loading

File-Level Changes

Change Details Files
Added cascading relationship for group expenses
  • Declared a List field in Group with @onetomany
  • Configured cascade = CascadeType.ALL and orphanRemoval = true for expenses
backend/src/main/java/share/fare/backend/entity/Group.java
Added cascading relationship for group balances
  • Declared a List field in Group with @onetomany
  • Configured cascade = CascadeType.ALL and orphanRemoval = true for balances
backend/src/main/java/share/fare/backend/entity/Group.java
Updated Postman collection
  • Refreshed fare share.postman_collection.json to reflect new endpoints/state
backend/src/main/resources/fare share.postman_collection.json

Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

@sourcery-ai sourcery-ai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @oskargawr - I've reviewed your changes and they look great!

Blocking issues:

  • Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data. (link)
  • Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data. (link)
  • Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data. (link)
  • Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data. (link)
  • Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data. (link)
  • Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data. (link)
  • Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data. (link)
  • Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data. (link)
  • Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data. (link)
  • Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data. (link)
  • Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data. (link)
  • Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data. (link)
  • Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data. (link)
  • Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data. (link)
  • JWT token detected (link)
  • JWT token detected (link)
  • JWT token detected (link)
  • JWT token detected (link)
  • JWT token detected (link)
  • JWT token detected (link)
  • JWT token detected (link)
  • JWT token detected (link)
  • JWT token detected (link)
  • JWT token detected (link)
  • JWT token detected (link)
  • JWT token detected (link)
  • JWT token detected (link)
  • JWT token detected (link)
Prompt for AI Agents
Please address the comments from this code review:
## Security Issues

### Issue 1
<location> `backend/src/main/resources/fare share.postman_collection.json:80` </location>

<issue_to_address>
**security (jwt):** Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.

*Source: gitleaks*
</issue_to_address>

### Issue 2
<location> `backend/src/main/resources/fare share.postman_collection.json:154` </location>

<issue_to_address>
**security (jwt):** Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.

*Source: gitleaks*
</issue_to_address>

### Issue 3
<location> `backend/src/main/resources/fare share.postman_collection.json:183` </location>

<issue_to_address>
**security (jwt):** Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.

*Source: gitleaks*
</issue_to_address>

### Issue 4
<location> `backend/src/main/resources/fare share.postman_collection.json:262` </location>

<issue_to_address>
**security (jwt):** Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.

*Source: gitleaks*
</issue_to_address>

### Issue 5
<location> `backend/src/main/resources/fare share.postman_collection.json:470` </location>

<issue_to_address>
**security (jwt):** Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.

*Source: gitleaks*
</issue_to_address>

### Issue 6
<location> `backend/src/main/resources/fare share.postman_collection.json:497` </location>

<issue_to_address>
**security (jwt):** Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.

*Source: gitleaks*
</issue_to_address>

### Issue 7
<location> `backend/src/main/resources/fare share.postman_collection.json:699` </location>

<issue_to_address>
**security (jwt):** Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.

*Source: gitleaks*
</issue_to_address>

### Issue 8
<location> `backend/src/main/resources/fare share.postman_collection.json:727` </location>

<issue_to_address>
**security (jwt):** Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.

*Source: gitleaks*
</issue_to_address>

### Issue 9
<location> `backend/src/main/resources/fare share.postman_collection.json:783` </location>

<issue_to_address>
**security (jwt):** Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.

*Source: gitleaks*
</issue_to_address>

### Issue 10
<location> `backend/src/main/resources/fare share.postman_collection.json:810` </location>

<issue_to_address>
**security (jwt):** Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.

*Source: gitleaks*
</issue_to_address>

### Issue 11
<location> `backend/src/main/resources/fare share.postman_collection.json:907` </location>

<issue_to_address>
**security (jwt):** Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.

*Source: gitleaks*
</issue_to_address>

### Issue 12
<location> `backend/src/main/resources/fare share.postman_collection.json:962` </location>

<issue_to_address>
**security (jwt):** Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.

*Source: gitleaks*
</issue_to_address>

### Issue 13
<location> `backend/src/main/resources/fare share.postman_collection.json:1149` </location>

<issue_to_address>
**security (jwt):** Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.

*Source: gitleaks*
</issue_to_address>

### Issue 14
<location> `backend/src/main/resources/fare share.postman_collection.json:1321` </location>

<issue_to_address>
**security (jwt):** Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.

*Source: gitleaks*
</issue_to_address>

### Issue 15
<location> `backend/src/main/resources/fare share.postman_collection.json:80` </location>

<issue_to_address>
**security (opengrep-rules.generic.secrets.security.detected-jwt-token):** JWT token detected

*Source: opengrep*
</issue_to_address>

### Issue 16
<location> `backend/src/main/resources/fare share.postman_collection.json:154` </location>

<issue_to_address>
**security (opengrep-rules.generic.secrets.security.detected-jwt-token):** JWT token detected

*Source: opengrep*
</issue_to_address>

### Issue 17
<location> `backend/src/main/resources/fare share.postman_collection.json:183` </location>

<issue_to_address>
**security (opengrep-rules.generic.secrets.security.detected-jwt-token):** JWT token detected

*Source: opengrep*
</issue_to_address>

### Issue 18
<location> `backend/src/main/resources/fare share.postman_collection.json:262` </location>

<issue_to_address>
**security (opengrep-rules.generic.secrets.security.detected-jwt-token):** JWT token detected

*Source: opengrep*
</issue_to_address>

### Issue 19
<location> `backend/src/main/resources/fare share.postman_collection.json:470` </location>

<issue_to_address>
**security (opengrep-rules.generic.secrets.security.detected-jwt-token):** JWT token detected

*Source: opengrep*
</issue_to_address>

### Issue 20
<location> `backend/src/main/resources/fare share.postman_collection.json:497` </location>

<issue_to_address>
**security (opengrep-rules.generic.secrets.security.detected-jwt-token):** JWT token detected

*Source: opengrep*
</issue_to_address>

### Issue 21
<location> `backend/src/main/resources/fare share.postman_collection.json:699` </location>

<issue_to_address>
**security (opengrep-rules.generic.secrets.security.detected-jwt-token):** JWT token detected

*Source: opengrep*
</issue_to_address>

### Issue 22
<location> `backend/src/main/resources/fare share.postman_collection.json:727` </location>

<issue_to_address>
**security (opengrep-rules.generic.secrets.security.detected-jwt-token):** JWT token detected

*Source: opengrep*
</issue_to_address>

### Issue 23
<location> `backend/src/main/resources/fare share.postman_collection.json:783` </location>

<issue_to_address>
**security (opengrep-rules.generic.secrets.security.detected-jwt-token):** JWT token detected

*Source: opengrep*
</issue_to_address>

### Issue 24
<location> `backend/src/main/resources/fare share.postman_collection.json:810` </location>

<issue_to_address>
**security (opengrep-rules.generic.secrets.security.detected-jwt-token):** JWT token detected

*Source: opengrep*
</issue_to_address>

### Issue 25
<location> `backend/src/main/resources/fare share.postman_collection.json:907` </location>

<issue_to_address>
**security (opengrep-rules.generic.secrets.security.detected-jwt-token):** JWT token detected

*Source: opengrep*
</issue_to_address>

### Issue 26
<location> `backend/src/main/resources/fare share.postman_collection.json:962` </location>

<issue_to_address>
**security (opengrep-rules.generic.secrets.security.detected-jwt-token):** JWT token detected

*Source: opengrep*
</issue_to_address>

### Issue 27
<location> `backend/src/main/resources/fare share.postman_collection.json:1149` </location>

<issue_to_address>
**security (opengrep-rules.generic.secrets.security.detected-jwt-token):** JWT token detected

*Source: opengrep*
</issue_to_address>

### Issue 28
<location> `backend/src/main/resources/fare share.postman_collection.json:1321` </location>

<issue_to_address>
**security (opengrep-rules.generic.secrets.security.detected-jwt-token):** JWT token detected

*Source: opengrep*
</issue_to_address>

Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

{
"key": "token",
"value": "{{jwt-token-user}}",
"value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQzOTc0NTU5LCJleHAiOjE3NDQwMTA1NTl9.nzMCC4NCBhN6zJ5rMM6jjFKYlILzJwjhvEESaKM74n8",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security (jwt): Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.

Source: gitleaks

"bearer": [
{
"key": "token",
"value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQ5NjQwMzA4LCJleHAiOjE3NDk2NzYzMDh9.7E75A_zmXgZWIyCypTRi1O2aQEFbUbWkPPEuI3x2ne0",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security (jwt): Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.

Source: gitleaks

"bearer": [
{
"key": "token",
"value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxIiwiaWF0IjoxNzQ5NjM5OTY1LCJleHAiOjE3NDk2NzU5NjV9.P3t30hQTB8k4NHI_eDhDtfcv-em3MiegUCyXBUbNpYs",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security (jwt): Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.

Source: gitleaks

"bearer": [
{
"key": "token",
"value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQ4ODAwNjE5LCJleHAiOjE3NDg4MzY2MTl9.kgsr2MAa1mabpfXYRxzCQRWyGhHrjTegjfdaWloAbBw",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security (jwt): Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.

Source: gitleaks

{
"key": "token",
"value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ1c2VyQGV4YW1wbGUuY29tIiwiaWF0IjoxNzM4MzIxNzY0LCJleHAiOjE3MzgzNTc3NjR9.GSDwpHhfiM3U-hhTXAduSLO4-xcCOxehbeBIfRVpQyA",
"value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQ4Nzk5ODQxLCJleHAiOjE3NDg4MzU4NDF9.mI24XxTqb9wFo5vgsVQ-k-XSz_N90K53X1jWPiX1qro",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security (jwt): Uncovered a JSON Web Token, which may lead to unauthorized access to web applications and sensitive user data.

Source: gitleaks

{
"key": "token",
"value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQyODQwNjkzLCJleHAiOjE3NDI4NzY2OTN9.1hmvABeAUOfbGb24kmysdYGvDdnlZGYykrTo6VrRsLA",
"value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQ4ODAwNjE5LCJleHAiOjE3NDg4MzY2MTl9.kgsr2MAa1mabpfXYRxzCQRWyGhHrjTegjfdaWloAbBw",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security (opengrep-rules.generic.secrets.security.detected-jwt-token): JWT token detected

Source: opengrep

{
"key": "token",
"value": "{{jwt-token-user2}}",
"value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQ4ODAwNjE5LCJleHAiOjE3NDg4MzY2MTl9.kgsr2MAa1mabpfXYRxzCQRWyGhHrjTegjfdaWloAbBw",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security (opengrep-rules.generic.secrets.security.detected-jwt-token): JWT token detected

Source: opengrep

{
"key": "token",
"value": "{{jwt-token-user2}}",
"value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQ5NjM5ODU3LCJleHAiOjE3NDk2NzU4NTd9.Ipyg15fqFGxc-4hJWgYaNLHTOsrxjGxIqiiyl_pEb9A",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security (opengrep-rules.generic.secrets.security.detected-jwt-token): JWT token detected

Source: opengrep

{
"key": "token",
"value": "{{jwt-token-user}}",
"value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQ4ODAwNjE5LCJleHAiOjE3NDg4MzY2MTl9.kgsr2MAa1mabpfXYRxzCQRWyGhHrjTegjfdaWloAbBw",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security (opengrep-rules.generic.secrets.security.detected-jwt-token): JWT token detected

Source: opengrep

{
"key": "token",
"value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQyNzU4NTc4LCJleHAiOjE3NDI3OTQ1Nzh9.PhCg8TqNQ8zg55a4p8ECBOsjKpOfTgkXvaDCLeHbH7M",
"value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI2IiwiaWF0IjoxNzQzMTUxMjIyLCJleHAiOjE3NDMxODcyMjJ9.Rr7QxrPaNuFHK7Hh8nSUugTX8hVoBuB4ufSgp0B5MvI",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security (opengrep-rules.generic.secrets.security.detected-jwt-token): JWT token detected

Source: opengrep

@github-actions

Copy link
Copy Markdown

Code Coverage

File Coverage [100%] 🍏
Group.java 100% 🍏
Total Project Coverage 81.88% 🍏

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Summary of Changes

Hello @oskargawr, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request addresses the cascading behavior on group entities by ensuring that related expenses and balances are properly removed when a group is deleted. Additionally, the Postman collection has been updated to reflect changes in authentication and API endpoints, and to include a new chat messages endpoint.

Highlights

  • Cascading Configuration: Configured cascading for Expense and GroupBalance entities within the Group entity. This ensures that when a group is deleted, all associated expenses and balances are also removed.
  • Postman Collection Updates: Updated the Postman collection to include authentication tokens, modify request parameters, and add a new request for retrieving chat messages.
Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in issue comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist is currently in preview and may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments to provide feedback.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

The pull request addresses cascading behavior on Group entities by applying CascadeType.ALL and orphanRemoval to expenses and balances. Additionally, the Postman collection resource has been updated with new tokens and minor adjustments to API endpoints and parameters. The changes look good overall, with some minor suggestions for improving the Postman collection.

{
"key": "token",
"value": "{{jwt-token-user}}",
"value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQzOTc0NTU5LCJleHAiOjE3NDQwMTA1NTl9.nzMCC4NCBhN6zJ5rMM6jjFKYlILzJwjhvEESaKM74n8",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

It's good to see a specific JWT token being used. However, ensure that this token is regularly refreshed or updated to prevent it from becoming stale or invalid during testing.

value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQzOTc0NTU5LCJleHAiOjE3NDQwMTA1NTl9.nzMCC4NCBhN6zJ5rMM6jjFKYlILzJwjhvEESaKM74n8",

Comment on lines +88 to +93
"raw": "/api/v1/users/admin",
"path": [
"api",
"v1",
"users"
"users",
"admin"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Changing the endpoint to /api/v1/users/admin is a good security practice, as it restricts access to admin-related information. Ensure that proper authorization checks are in place on the backend to verify the user's admin role before serving this data.

raw": "/api/v1/users/admin",
							"path": [
								"api",
								"v1",
								"users",
								"admin"

"bearer": [
{
"key": "token",
"value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQ5NjQwMzA4LCJleHAiOjE3NDk2NzYzMDh9.7E75A_zmXgZWIyCypTRi1O2aQEFbUbWkPPEuI3x2ne0",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Using a specific JWT token is good for testing purposes. However, it's crucial to ensure that this token is valid and corresponds to a user with the necessary permissions to remove group members.

value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQ5NjQwMzA4LCJleHAiOjE3NDk2NzYzMDh9.7E75A_zmXgZWIyCypTRi1O2aQEFbUbWkPPEuI3x2ne0",

"bearer": [
{
"key": "token",
"value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxIiwiaWF0IjoxNzQ5NjM5OTY1LCJleHAiOjE3NDk2NzU5NjV9.P3t30hQTB8k4NHI_eDhDtfcv-em3MiegUCyXBUbNpYs",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Using a specific JWT token is good for testing purposes. Ensure that this token belongs to a user with the authority to change roles within the group.

value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIxIiwiaWF0IjoxNzQ5NjM5OTY1LCJleHAiOjE3NDk2NzU5NjV9.P3t30hQTB8k4NHI_eDhDtfcv-em3MiegUCyXBUbNpYs",

Comment on lines +191 to 199
"raw": "/api/v1/groups/1/members/2/role?role=OWNER",
"path": [
"api",
"v1",
"groups",
"1",
"members",
"3",
"2",
"role"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Ensure that the member ID being changed (from 3 to 2) is a valid member ID within the group. This prevents accidental role changes for non-existent members.

raw": "/api/v1/groups/1/members/2/role?role=OWNER",
							"path": [
								"api",
								"v1",
								"groups",
								"1",
								"members",
								"2",
								"role"

Comment on lines +915 to 922
"raw": "/api/v1/group-invitations/accept/1",
"path": [
"api",
"v1",
"group-invitations",
"accept",
"2"
"1"
]

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Ensure that the group invitation ID being accepted (from 2 to 1) is a valid invitation ID. This prevents accepting non-existent invitations.

raw": "/api/v1/group-invitations/accept/1",
							"path": [
								"api",
								"v1",
								"group-invitations",
								"accept",
								"1"

{
"key": "token",
"value": "{{jwt-token-user2}}",
"value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQ5NjM5ODU3LCJleHAiOjE3NDk2NzU4NTd9.Ipyg15fqFGxc-4hJWgYaNLHTOsrxjGxIqiiyl_pEb9A",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Using a specific JWT token is good for testing purposes. Ensure that this token belongs to a user with the necessary permissions to get received group invitations.

value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQ5NjM5ODU3LCJleHAiOjE3NDk2NzU4NTd9.Ipyg15fqFGxc-4hJWgYaNLHTOsrxjGxIqiiyl_pEb9A",

{
"key": "token",
"value": "{{jwt-token-user}}",
"value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQ4ODAwNjE5LCJleHAiOjE3NDg4MzY2MTl9.kgsr2MAa1mabpfXYRxzCQRWyGhHrjTegjfdaWloAbBw",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Using a specific JWT token is good for testing purposes. Ensure that this token belongs to a user with the necessary permissions to get friends.

value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQ4ODAwNjE5LCJleHAiOjE3NDg4MzY2MTl9.kgsr2MAa1mabpfXYRxzCQRWyGhHrjTegjfdaWloAbBw",

{
"key": "token",
"value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiIyIiwiaWF0IjoxNzQyNzU4NTc4LCJleHAiOjE3NDI3OTQ1Nzh9.PhCg8TqNQ8zg55a4p8ECBOsjKpOfTgkXvaDCLeHbH7M",
"value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI2IiwiaWF0IjoxNzQzMTUxMjIyLCJleHAiOjE3NDMxODcyMjJ9.Rr7QxrPaNuFHK7Hh8nSUugTX8hVoBuB4ufSgp0B5MvI",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Using a specific JWT token is good for testing purposes. Ensure that this token belongs to a user with the necessary permissions to add expense.

value": "eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiI2IiwiaWF0IjoxNzQzMTUxMjIyLCJleHAiOjE3NDMxODcyMjJ9.Rr7QxrPaNuFHK7Hh8nSUugTX8hVoBuB4ufSgp0B5MvI",

Comment on lines +1338 to 1345
"raw": "/api/v1/groups/2/expenses",
"path": [
"api",
"v1",
"groups",
"1",
"2",
"expenses"
]

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

medium

Ensure that the group ID being used (from 1 to 2) is a valid group ID. This prevents adding expenses to non-existent groups.

raw": "/api/v1/groups/2/expenses",
							"path": [
								"api",
								"v1",
								"groups",
								"2",
								"expenses"

@oskargawr oskargawr merged commit 1a9c7b4 into main Jun 24, 2025
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants