Security: Implement recursion depth limits and field allowlists for Advanced Search; add reference SQL exports.

2026-01-02 19:38:37 -05:00
parent 5a4c82e4cb
commit 09ec231303
5 changed files with 211 additions and 9 deletions
--- a/app/object_definitions/journals.py
+++ b/app/object_definitions/journals.py
@@ -18,6 +18,12 @@ journal_obj_li = {
            'journal_id_random',
            'title', 'description',
            ],
+        # V3 Search Security:
+        'searchable_fields': [
+            'journal_id_random', 'name', 'short_name', 'summary', 'outline',
+            'description', 'type_code', 'tags', 'billable', 'enable', 'hide',
+            'priority', 'group', 'created_on', 'updated_on'
+        ],
    },
    'journal_entry': {
        'tbl': 'journal_entry',
@@ -34,5 +40,12 @@ journal_obj_li = {
        'exp_default': [
            'journal_entry_id_random',
            ],
+        # V3 Search Security:
+        'searchable_fields': [
+            'journal_entry_id_random', 'journal_id_random', 'name', 'short_name',
+            'summary', 'content', 'type_code', 'topic_code', 'category_code',
+            'tags', 'location', 'billable', 'enable', 'hide', 'priority', 'group',
+            'created_on', 'updated_on'
+        ],
    },
 }