Conversation
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 2 potential issues.
Autofix Details
Bugbot Autofix prepared fixes for both issues found in the latest run.
- ✅ Fixed: Excluding addresses from shared loader breaks mutations and defaults
- Restored full member response loading in the shared aggregate repository so address-dependent mutations and default address resolution receive populated addresses.
- ✅ Fixed: Redundant
BeforeMediatorSendoverride adds no behavior- Removed the no-op
BeforeMediatorSendoverride and its now-unused imports to keep the query builder behavior unchanged but clearer.
- Removed the no-op
Or push these changes by commenting:
@cursor push b6824ebc74
Preview (b6824ebc74)
diff --git a/src/VirtoCommerce.ProfileExperienceApiModule.Data/Aggregates/MemberAggregateRootRepository.cs b/src/VirtoCommerce.ProfileExperienceApiModule.Data/Aggregates/MemberAggregateRootRepository.cs
--- a/src/VirtoCommerce.ProfileExperienceApiModule.Data/Aggregates/MemberAggregateRootRepository.cs
+++ b/src/VirtoCommerce.ProfileExperienceApiModule.Data/Aggregates/MemberAggregateRootRepository.cs
@@ -18,7 +18,7 @@
public async Task<T> GetMemberAggregateRootByIdAsync<T>(string id) where T : class, IMemberAggregateRoot
{
- var responseGroup = MemberResponseGroup.Full & ~MemberResponseGroup.WithAddresses;
+ var responseGroup = MemberResponseGroup.Full;
var member = await _memberService.GetByIdAsync(id, responseGroup.ToString());
return _memberAggregateFactory.Create<T>(member);
}
diff --git a/src/VirtoCommerce.ProfileExperienceApiModule.Data/Queries/MemberAddressesQueryBuilder.cs b/src/VirtoCommerce.ProfileExperienceApiModule.Data/Queries/MemberAddressesQueryBuilder.cs
--- a/src/VirtoCommerce.ProfileExperienceApiModule.Data/Queries/MemberAddressesQueryBuilder.cs
+++ b/src/VirtoCommerce.ProfileExperienceApiModule.Data/Queries/MemberAddressesQueryBuilder.cs
@@ -1,5 +1,3 @@
-using System.Threading.Tasks;
-using GraphQL;
using MediatR;
using Microsoft.AspNetCore.Authorization;
using VirtoCommerce.ProfileExperienceApiModule.Data.Models;
@@ -16,9 +14,4 @@
: base(mediator, authorizationService)
{
}
-
- protected override Task BeforeMediatorSend(IResolveFieldContext<object> context, MemberAddressesQuery request)
- {
- return base.BeforeMediatorSend(context, request);
- }
}
src/VirtoCommerce.ProfileExperienceApiModule.Data/Aggregates/MemberAggregateRootRepository.cs
Outdated
Show resolved
Hide resolved
src/VirtoCommerce.ProfileExperienceApiModule.Data/Queries/MemberAddressesQueryBuilder.cs
Outdated
Show resolved
Hide resolved
src/VirtoCommerce.ProfileExperienceApiModule.Data/Schemas/MemberBaseType.cs
Outdated
Show resolved
Hide resolved
vc-ci
left a comment
vc-ci
left a comment
There was a problem hiding this comment.
Test Suite: Test Suites/Modules/module_Assets
Tests: 13
Failures: 0
Errors: 0
Time: 7.674
Timestamp: 10-03-2026T10:40:28
vc-ci
left a comment
vc-ci
left a comment
There was a problem hiding this comment.
Test Suite: Test Suites/Modules/module_Assets
Tests: 13
Failures: 0
Errors: 0
Time: 8.188
Timestamp: 10-03-2026T10:50:32
vc-ci
left a comment
vc-ci
left a comment
There was a problem hiding this comment.
Test Suite: Test Suites/Modules/module_Assets
Tests: 13
Failures: 0
Errors: 0
Time: 8.164
Timestamp: 10-03-2026T11:01:16
vc-ci
left a comment
vc-ci
left a comment
There was a problem hiding this comment.
Test Suite: Test Suites/Modules/module_Assets
Tests: 13
Failures: 0
Errors: 0
Time: 8.601
Timestamp: 10-03-2026T14:14:56
vc-ci
left a comment
vc-ci
left a comment
There was a problem hiding this comment.
Test Suite: Test Suites/Modules/module_Assets
Tests: 13
Failures: 0
Errors: 0
Time: 7.68
Timestamp: 11-03-2026T09:02:47
vc-ci
left a comment
vc-ci
left a comment
There was a problem hiding this comment.
Test Suite: Test Suites/Modules/module_Assets
Tests: 13
Failures: 0
Errors: 0
Time: 7.585
Timestamp: 11-03-2026T09:55:34
src/VirtoCommerce.ProfileExperienceApiModule.Data/Authorization/ProfileAuthorizationHandler.cs
Show resolved
Hide resolved
vc-ci
left a comment
vc-ci
left a comment
There was a problem hiding this comment.
Test Suite: Test Suites/Modules/module_Assets
Tests: 13
Failures: 0
Errors: 0
Time: 7.588
Timestamp: 11-03-2026T13:12:17
...ommerce.ProfileExperienceApiModule.Data/VirtoCommerce.ProfileExperienceApiModule.Data.csproj
Outdated
Show resolved
Hide resolved
vc-ci
left a comment
vc-ci
left a comment
There was a problem hiding this comment.
Test Suite: Test Suites/Modules/module_Assets
Tests: 13
Failures: 0
Errors: 0
Time: 7.883
Timestamp: 11-03-2026T14:51:23
src/VirtoCommerce.ProfileExperienceApiModule.Data/Authorization/ProfileAuthorizationHandler.cs
Show resolved
Hide resolved
vc-ci
left a comment
vc-ci
left a comment
There was a problem hiding this comment.
Test Suite: Test Suites/Modules/module_Assets
Tests: 13
Failures: 0
Errors: 0
Time: 7.889
Timestamp: 17-03-2026T12:56:57
...Commerce.ProfileExperienceApiModule.Data/Queries/AddressesQuery/BaseAddressesQueryHandler.cs
Outdated
Show resolved
Hide resolved
vc-ci
left a comment
vc-ci
left a comment
There was a problem hiding this comment.
Test Suite: Test Suites/Modules/module_Assets
Tests: 13
Failures: 0
Errors: 0
Time: 7.421
Timestamp: 18-03-2026T11:44:54
src/VirtoCommerce.ProfileExperienceApiModule.Data/Authorization/ProfileAuthorizationHandler.cs
Show resolved
Hide resolved
vc-ci
left a comment
vc-ci
left a comment
There was a problem hiding this comment.
Test Suite: Test Suites/Modules/module_Assets
Tests: 13
Failures: 0
Errors: 0
Time: 8.012
Timestamp: 18-03-2026T17:17:31
vc-ci
left a comment
vc-ci
left a comment
There was a problem hiding this comment.
Test Suite: Test Suites/Modules/module_Assets
Tests: 13
Failures: 0
Errors: 0
Time: 7.556
Timestamp: 18-03-2026T17:37:30
src/VirtoCommerce.ProfileExperienceApiModule.Data/Services/MemberAddressService.cs
Outdated
Show resolved
Hide resolved
src/VirtoCommerce.ProfileExperienceApiModule.Data/Services/MemberAddressService.cs
Outdated
Show resolved
Hide resolved
src/VirtoCommerce.ProfileExperienceApiModule.Data/Schemas/MemberAddressType.cs
Show resolved
Hide resolved
vc-ci
left a comment
vc-ci
left a comment
There was a problem hiding this comment.
Test Suite: Test Suites/Modules/module_Assets
Tests: 13
Failures: 0
Errors: 0
Time: 7.399
Timestamp: 19-03-2026T17:36:13
vc-ci
left a comment
vc-ci
left a comment
There was a problem hiding this comment.
Test Suite: Test Suites/Modules/module_Assets
Tests: 13
Failures: 0
Errors: 0
Time: 7.482
Timestamp: 19-03-2026T17:45:58
vc-ci
left a comment
vc-ci
left a comment
There was a problem hiding this comment.
Test Suite: Test Suites/Modules/module_Assets
Tests: 13
Failures: 0
Errors: 0
Time: 8.065
Timestamp: 19-03-2026T17:55:48
vc-ci
left a comment
vc-ci
left a comment
There was a problem hiding this comment.
Test Suite: Test Suites/Modules/module_Assets
Tests: 13
Failures: 0
Errors: 0
Time: 7.585
Timestamp: 19-03-2026T18:14:17
src/VirtoCommerce.ProfileExperienceApiModule.Data/Authorization/ProfileAuthorizationHandler.cs
Show resolved
Hide resolved
src/VirtoCommerce.ProfileExperienceApiModule.Data/Services/MemberAddressService.cs
Show resolved
Hide resolved
| case CurrentCustomerAddressesQuery when currentMember != null: | ||
| case CurrentOrganizationAddressesQuery when currentMember != null: | ||
| result = true; | ||
| break; |
There was a problem hiding this comment.
Organization addresses lack membership authorization
High Severity
CurrentOrganizationAddressesQuery is authorized for any authenticated member without checking that the user belongs to the requested organization. Authorization should validate currentContact.Organizations against the current organization id before allowing access.
vc-ci
left a comment
vc-ci
left a comment
There was a problem hiding this comment.
Test Suite: Test Suites/Modules/module_Assets
Tests: 13
Failures: 0
Errors: 0
Time: 7.801
Timestamp: 20-03-2026T14:30:38
|
vc-ci
left a comment
vc-ci
left a comment
There was a problem hiding this comment.
Test Suite: Test Suites/Modules/module_Assets
Tests: 13
Failures: 0
Errors: 0
Time: 7.55
Timestamp: 20-03-2026T15:11:00
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
There are 2 total unresolved issues (including 1 from previous review).
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
| public class MemberAddress : Address | ||
| { | ||
| public string Id { get => Key; set => Key = value; } | ||
|
|
There was a problem hiding this comment.
Removing Id-to-Key mapping breaks address mutation inputs
High Severity
The public string Id { get => Key; set => Key = value; } property was removed from MemberAddress, but InputMemberAddressType still uses Field(x => x.Id) on line 11. Previously, setting Id via a GraphQL mutation input would also set Key. Now Id resolves to the base class Address.Id (inherited from Entity), which is a separate property from Key. Since MemberAggregateRootBase.UpdateAddresses and DeleteAddresses match addresses by Key, clients sending the id field in address mutations will fail to match existing addresses — updates will create duplicates and deletes will silently no-op.
vc-ci
left a comment
vc-ci
left a comment
There was a problem hiding this comment.
Test Suite: Test Suites/Modules/module_Assets
Tests: 13
Failures: 0
Errors: 0
Time: 7.657
Timestamp: 20-03-2026T15:20:25
2 participants
Description
References
QA-test:
Jira-link:
https://virtocommerce.atlassian.net/browse/VCST-4710
Artifact URL:
https://vc3prerelease.blob.core.windows.net/packages/VirtoCommerce.ProfileExperienceApiModule_3.1003.0-pr-129-20d7.zip
Note
Medium Risk
Adds new address search GraphQL endpoints backed by Customer module search and updates authorization/address-loading behavior; issues could expose or omit addresses if filtering/permissions are misapplied. Also changes dependency versions and response groups used when loading members/addresses.
Overview
Adds two new GraphQL search queries,
currentCustomerAddressesandcurrentOrganizationAddresses, to page through addresses for the current user or their current organization with optional filtering bycountryCodes,regionIds, andcitiesand returning term facets.Reworks address retrieval to use
IAddressSearchServicevia a newIMemberAddressService.SearchMemberAddressesAsyncAPI, introducesMemberAddressSearchCriteria/MemberAddressSearchResult, and extends the address connection schema (MemberAddressConnection*) to include facet data.Updates authorization and member loading: the handler now explicitly allows the new queries, refactors member authorization checks, loads members using
MemberResponseGroup.Default, and reloads contacts/orgs withWithAddresseswhen validating access to favorite-address operations. BumpsVirtoCommerce.Customerdependency to3.1003.0-alpha.964-vcst-4710.Written by Cursor Bugbot for commit 20d7077. This will update automatically on new commits. Configure here.