mirror of
https://github.com/GSA/notifications-api.git
synced 2025-12-25 01:41:34 -05:00
1dbb24065d
Since template folders are only linked by ID to their parent we need to check that the parent folder belongs to the same service as the one being created. Otherwise, admin users could modify parent ID to create a folder outside their service. Ideally, this check would be performed by a DB constraint, but since parent_id can be nullable this is only possible to express using DB triggers. Instead, we perform the check in the API endpoint code.