This repository was archived by the owner on May 29, 2026. It is now read-only.
fix: correct OR ObjectService API, add Meeting.chair + Participant.nextcloudUserId, HMAC-sign mail votes#323
Merged
rubenvdlinde merged 1 commit intoMay 27, 2026
Conversation
Resolves four CRITICALs: #296 C1 — Replace non-existent findObject/findObjects/getObject(register:,schema:,uuid:) calls throughout all service and controller files with the real OR API: find(id:,register:,schema:) + entity->jsonSerialize(), and setRegister/setSchema + findAll(['filters'=>...]) for collections. #297 C2 — Add missing `chair` field (string UUID) to Meeting schema in decidesk_register.json; bump Meeting schema version 0.3.0 → 0.4.0 and top-level register version 0.1.0 → 0.2.0. #298 C3 — Add missing `nextcloudUserId` field (string) to Participant schema in decidesk_register.json; bump Participant schema version 0.1.0 → 0.2.0. #299 C4 — MailReplyHandler now HMAC-signs _mail entries at ingestion time (hash_hmac/sha256 with per-round derived secret); verifyMailHmac() with hash_equals() guards ballot counting; email votes on isSecret rounds are rejected (reason: secret-ballot). Also: update test stubs and unit tests to match real OR API signatures; expand ternary jsonSerialize patterns to if/else blocks to satisfy PHPCS; update PHPMD baseline for pre-existing complexity violations.
This was referenced May 27, 2026
rubenvdlinde
added a commit
that referenced
this pull request
May 27, 2026
…loudUserId in chair check - AgendaController::requireChairOrAdmin: check nextcloudUserId field (PR #323) for chair/secretary role match, with fallback to legacy owner field - DecideskToolProvider::listOpenActionItems (scope=all): post-filter to action items linked to meetings the caller participates in; admins unfiltered - DecideskToolProvider::listRecentMeetings: post-filter to meetings the caller participates in via getCallerMeetingUuids helper; admins unfiltered Fixes #306, #307
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes 4 CRITICALs in a single PR:
findObject/findObjects/getObject(register:,schema:,uuid:)calls throughout all services and controllers with the real OpenRegister API:find(id:,register:,schema:)+entity->jsonSerialize()for single objects;setRegister/setSchema+findAll(['filters'=>...])for collections. Without this fix, every runtime call to these services returns a fatal PHP error (500).chairfield (string UUID) to Meeting schema indecidesk_register.json. Bump Meeting schema version 0.3.0 → 0.4.0 and top-level register version 0.1.0 → 0.2.0.nextcloudUserIdfield (string login name) to Participant schema. Bump Participant schema version 0.1.0 → 0.2.0.MailReplyHandlernow HMAC-signs_mailentries at ingestion time (per-round secret viahash_hmac/sha256);verifyMailHmac()withhash_equals()guards every ballot count; email votes onisSecret: truerounds are rejected withrejectReason: secret-ballot.Additional: test stubs updated to real OR API signatures; unit test mocks updated from old fake API to
find()/findAll(); PHPCS ternary violations expanded to if/else blocks; PHPMD baseline updated for pre-existing complexity debt.Test plan
composer check:strictpasses (PHPCS zero errors, PHPStan no new errors in changed files, PHPMD baseline clean)decidesk_register.jsonvalidates — Meeting haschairfield, Participant hasnextcloudUserIdfieldrejectReason: secret-ballot