local-it/mitgliederverwaltung
2
3
Fork 0
Code Issues 67 Pull requests 6 Projects 3 Releases Packages 1 Activity Actions

Security: Require actor parameter in CSV import

Browse source 
Remove fallback to system_actor in process_chunk to prevent
unauthorized access. Actor must now be explicitly provided.
This commit is contained in:
Moritz 2026-01-25 18:33:25 +01:00
parent 79361c72d2
commit 562265f212
2 changed files with 48 additions and 43 deletions
Download patch file Download diff file Expand all files Collapse all files

2
lib/mv/membership/import/member_csv.ex
View file

@ -299,7 +299,7 @@ defmodule Mv.Membership.Import.MemberCSV do
custom_field_lookup = Keyword.get(opts, :custom_field_lookup, %{})
existing_error_count = Keyword.get(opts, :existing_error_count, 0)
max_errors = Keyword.get(opts, :max_errors, @default_max_errors)
actor = Keyword.get(opts, :actor)
actor = Keyword.fetch!(opts, :actor)
{inserted, failed, errors, _collected_error_count, truncated?} =
Enum.reduce(chunk_rows_with_lines, {0, 0, [], 0, false}, fn {line_number, row_map},