Conversation
| </Text> | ||
| {orderDetails?.trackingLink ? ( | ||
| <Link | ||
| href={orderDetails.trackingLink} |
There was a problem hiding this comment.
Noting for me and @Yurika-Kan that the way things are currently set up, this creates a security vulnerability where (although at least the text of the link is shown so it's more obvious that it's not a normal link), a food manufacturer could provide a tracking link like javascript:alert("you've been hacked!") and then clicking here actually executes that javascript (I tried it and it is funny but also a problem). Justin, not expecting you to fix this here - backend link sanitization may be the way to go - but wanted to make sure everyone was aware
|
|
||
| export type RepeatOnState = Record<DayOfWeek, boolean>; | ||
|
|
||
| export type GroupedByFoodType = Record< |
There was a problem hiding this comment.
I noticed that this type is based on the FoodTypes array, which is just a list of all the values of the FoodType enum. While we're here, can we remove FoodTypes and refactor its usages to use the values of FoodType instead, as we do for our other enums in the frontend? (This case here in particular could probably actually map enum keys to OrderItemDetails[] instead.)
There was a problem hiding this comment.
i did this in this pr, so if you want to review that to see if i missed anything but i don't think it needs to be done here
|
|
||
| export type RepeatOnState = Record<DayOfWeek, boolean>; | ||
|
|
||
| export type GroupedByFoodType = Record< |
There was a problem hiding this comment.
Record implies that all food types exist in the map, which isn't true. This should probably be a Partial<Record>, which should hopefully also avoid needing the casts in groupedItemsByType
ℹ️ Issue
Closes https://vidushimisra.atlassian.net/jira/software/projects/SSF/boards/1?selectedIssue=SSF-143
📝 Description
This simple PR involves changes to make a reusable order details modal component that displays details of an order and the associated request. This modal is used by Admin, Volunteer, Pantry so this component will be used in many places.
The order details modal was updated on this existing page: /admin-order-management
✔️ Verification
I added a new route to get order details given an orderId so I added controller and service tests for that. I also verified the modal aligned with the figma designs.
🏕️ (Optional) Future Work / Notes
N/A