refuse to create changesets for campaign with plan (!8012) · Merge requests · Warren Gifford / sourcegraph

Warren Gifford requested to merge check-before-publishing into master Jan 24, 2020

Created by: sqs

This guards against a potentially dangerous and unexpected operation: if c.CampaignPlanID is 0 (because the campaign has no plan, ie it is a manual plan) and a GraphQL API client requested that campaign to be published, then ALL campaign plans' changesets will be published. This is because c.CampaignPlanID == 0, so it is considered to be "no constraint" when generating the query.

It was possible to trigger this because of another bug https://github.com/sourcegraph/sourcegraph/issues/8009. Even when that is fixed, it is still good to guard against this.

Blocks tomorrow's rollout at https://app.hubspot.com/contacts/2762526/company/608245740 cc @christinaforney

refuse to create changesets for campaign with plan

Merge request reports