Jamil 2dbfae9ba9 fix(portal): Use old policy for broadcasting events when updated (#8550) ...

A regression was introduced in d0f0de0f8d
whereupon we started using the updated policy record for broadcasting
the `delete_policy` and `expire_flows` events. This caused a security
issue because if the actor group changed from `Everyone` to `thomas`,
for example, we'd only expire flows and broadcast policy removal (i.e.
resource removal) events for `thomas`, and `Everyone` would still have
access granted by the old policy.

To fix this, we broadcast the destructive events to the old policy, so
that its `actor_group_id` and `resource_id` are used, and not the new
policy's.

Fixes #8549

2025-03-30 03:26:11 +00:00

..

api

refactor(portal): Enforce internet resource site exclusion (#8448)

2025-03-15 18:25:32 -05:00

domain

fix(portal): Use old policy for broadcasting events when updated (#8550)

2025-03-30 03:26:11 +00:00

web

feat(portal): Show Internet Resource in resources/index (#8495)

2025-03-26 21:30:11 +00:00