LeadMagnet/leadchat
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity
5,896 Commits 1 Branch 0 Tags
a90ffe6264bd2bc614a8a8949ffb05ae8596fe00
Commit Graph

17 Commits

Author SHA1 Message Date
Pranav
2adc040a8f fix: Validate blob before attaching it to a record (#13115) 
Previously, attachments relied only on blob_id, which made it possible
to attach blobs across accounts by enumerating IDs. We now require both
blob_id and blob_key, add cross-account validation to prevent blob
reuse, and centralize the logic in a shared BlobOwnershipValidation
concern.

It also fixes a frontend bug where mixed-type action params (number +
string) were incorrectly dropped, causing attachment uploads to fail.
 2025-12-19 19:02:21 -08:00
Pranav
86da3f7c06 fix: Remove account_id from params since it is not used (#13116) 
account_id was permitted in strong parameters, allowing authenticated
admins to transfer resources (Portals, Automation Rules, Macros) to
arbitrary accounts.

 Fix: Removed account_id from permitted params in 4 controllers:
  - portals_controller.rb
  - automation_rules_controller.rb
  - macros_controller.rb
  - twilio_channels_controller.rb
 2025-12-19 17:07:53 -08:00
Shivam Mishra
9ebabb9832 feat: common attachment endpoint follow-up changes (#7826) 2023-09-01 15:18:48 +07:00
Sojan Jose
7ab7bac6bf chore: Enable the new Rubocop rules (#7122) 
fixes: https://linear.app/chatwoot/issue/CW-1574/renable-the-disabled-rubocop-rules
 2023-05-19 14:37:10 +05:30
Jordan Brough
59b31615ed chore: Use "create!" and "save!" bang methods when not checking the result (#5358) 
* Use "create!" when not checking for errors on the result
* Use "save!" when not checking the result
 2022-09-13 17:40:06 +05:30
Tejaswini Chile
aa903a5da9 Fix: backend changes for custom attribute (#4830) 2022-06-13 11:58:54 +05:30
Tejaswini Chile
56f668db6b feat: Attribute changed filter for automations (#4621) 2022-06-07 13:01:01 +05:30
Tejaswini Chile
1b3011b27b fix: Add Attachment endpoint to save file against automation rule (#4480) 
Co-authored-by: fayazara <fayazara@gmail.com>
Co-authored-by: Pranav Raj S <pranav@chatwoot.com>
 2022-04-24 12:02:40 +05:30
Fayaz Ahmed
337a74a10c feat: Add send message, fix issues with message conditions (#4423) 
Co-authored-by: Tejaswini <tejaswini@chatwoot.com>
 2022-04-14 13:36:55 +05:30
Tejaswini Chile
15fd37b124 Feat: attachments automation (#4266) 2022-03-30 08:08:58 +05:30
Tejaswini Chile
3158966241 Feat: automation rule based on contact conditions (#4230) 2022-03-29 17:29:34 +05:30
Fayaz Ahmed
c674393c02 feat: New automation actions (#4033) 2022-03-29 13:27:16 +05:30
Tejaswini Chile
e06a6a7c55 Automation enhancement (#4087) 2022-03-21 13:12:27 +05:30
Muhsin Keloth
f08d1b35d0 feat: Toggle automation status (#3991) 2022-03-01 14:14:23 +05:30
Tejaswini Chile
a7c947aeae feat: Clone and update automation rules (#3782) 
- endpoints to clone and update automation rules

fixes: #3740
 2022-01-20 15:30:21 -08:00
Tejaswini Chile
7df68c6388 Feat: Automations Actions (#3564) 2022-01-13 11:21:06 +05:30
Tejaswini Chile
a0884310f4 feat: Save automation rules (#3359) 2022-01-10 12:41:59 +05:30