fix: Block direct OOO status bypass via PATCH endpoint

## Description:

- Summary
  Users were able to bypass the OOO request approval flow by directly setting their status to "OOO" via by PATCH /users/status/self and PATCH /users/status/:userid endpoint. This fix closes that loophole by restricting which fields can be updated through the self endpoint.

- Problem
 The PATCH /users/status/self  and PATCH /users/status/:userid endpoint allowed users to directly update their currentStatus.state to "OOO" without going through the proper OOO request and approval workflow. This undermined the intended flow where OOO status should only be set through the designated OOO request process.






Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix: Block direct OOO status bypass via PATCH endpoint #2551

Description:

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

fix: Block direct OOO status bypass via PATCH endpoint #2551

Description

Description:

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions