Skip to content

Fix custom permissions namespace safety #181

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Fix custom permissions namespace safety #181

wants to merge 1 commit into from

Conversation

@ssk42
Copy link

@ssk42 ssk42 commented Jun 20, 2025

Summary

  • Fixed issue Custom Permissions check not namespace safe #153 where custom permissions were not namespace safe
  • Implemented namespace-aware permission checking in MetadataTriggerHandler and FinalizerHandler
  • Added comprehensive test coverage for the new functionality
  • Enhanced .gitignore to prevent Claude-related files from being committed

Changes Made

  • Added checkPermissionNamespaceAware() method to both handler classes
  • Updated populatePermissionMap() to use the new namespace-aware method
  • Added test methods to verify correct handling of namespaced and non-namespaced permissions
  • The solution tries permissions as provided first, then falls back to trying without namespace prefix

Technical Details

When the framework is packaged in a namespace, FeatureManagement.checkPermission() only works for custom permissions that share the same namespace as the calling code. This fix implements a fallback mechanism that tries both the original permission name and the permission name without the namespace prefix.

Test plan

  • All 140 existing tests pass
  • New tests added for namespace-aware permission checking
  • Successfully deployed to scratch org
  • Verified no compilation errors

Resolves #153

🤖 Generated with Claude Code

@ssk42 @claude
Fix custom permissions namespace safety issue
40fd6b9 
This change resolves issue mitchspano#153 by implementing namespace-aware permission
checking in both MetadataTriggerHandler and FinalizerHandler classes.

Changes made:
- Added checkPermissionNamespaceAware() method to handle both namespaced
  and non-namespaced custom permissions
- Updated populatePermissionMap() to use the new namespace-aware method
- Added comprehensive test coverage for the new functionality
- Enhanced .gitignore to prevent Claude-related files from being committed

The solution tries the permission as provided first, then falls back to
trying without the namespace prefix if the original fails. This ensures
compatibility across different package deployment contexts.

Resolves mitchspano#153

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
@google-cla
Copy link

google-cla bot commented Jun 20, 2025

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Custom Permissions check not namespace safe

1 participant

@ssk42