Feat/risk analyse#1444
Conversation
(cherry picked from commit 37e1f35)
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: ae0c94b7ce
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| def perform_request(self, validated_request_data): | ||
| report_id = validated_request_data["report_id"] | ||
| return get_object_or_404(AnalyseReport, report_id=report_id) |
There was a problem hiding this comment.
list_analyse_report is explicitly scoped to created_by=get_request_username(), but this lookup fetches by report_id only. In environments where users have LIST_RISK, anyone who can obtain or guess a report ID can read another user's analysis content and prompt parameters through ID-based endpoints (retrieve/export/risk linkage), which breaks the per-user isolation implied by the list API.
Useful? React with 👍 / 👎.
| self.retry(exc=exc, countdown=60) | ||
| except MaxRetriesExceededError: | ||
| logger_celery.error("[GenerateAnalyseReport] Max retries reached for report_id=%s", report_id) |
There was a problem hiding this comment.
When retries are exhausted, this branch only logs and then falls through, so the Celery task returns normally and is recorded as SUCCESS even though generation failed. That makes get_analyse_report_task_result report success for terminal failures, causing clients to stop polling and treat failed jobs as successful.
Useful? React with 👍 / 👎.
1 participant
No description provided.