Skip to content

Comments

SSF-143 Reusable Order Details Modal #110

Open
Juwang110 wants to merge 11 commits intomainfrom
jw/SSF-143-reusable-order-details-modal
Open

SSF-143 Reusable Order Details Modal #110
Juwang110 wants to merge 11 commits intomainfrom
jw/SSF-143-reusable-order-details-modal

Conversation

@Juwang110
Copy link

ℹ️ Issue

Closes https://vidushimisra.atlassian.net/jira/software/projects/SSF/boards/1?selectedIssue=SSF-143

📝 Description

This simple PR involves changes to make a reusable order details modal component that displays details of an order and the associated request. This modal is used by Admin, Volunteer, Pantry so this component will be used in many places.

The order details modal was updated on this existing page: /admin-order-management

✔️ Verification

I added a new route to get order details given an orderId so I added controller and service tests for that. I also verified the modal aligned with the figma designs.

Screenshot 2026-02-16 164606 Screenshot 2026-02-16 164603

🏕️ (Optional) Future Work / Notes

N/A

@Juwang110 Juwang110 requested a review from amywng February 23, 2026 16:46
{foodRequest.pantry?.pantryName}
</Text>
</Text>
{orderDetails?.status === OrderStatus.DELIVERED ? (
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Have you confirmed with Priya that "pending" and "shipped" both display as the same tag?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I talked to her, this depends on food request status which is PR #100, once that gets merged in I'll change this

</Text>
{orderDetails?.trackingLink ? (
<Link
href={orderDetails.trackingLink}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Noting for me and @Yurika-Kan that the way things are currently set up, this creates a security vulnerability where (although at least the text of the link is shown so it's more obvious that it's not a normal link), a food manufacturer could provide a tracking link like javascript:alert("you've been hacked!") and then clicking here actually executes that javascript (I tried it and it is funny but also a problem). Justin, not expecting you to fix this here - backend link sanitization may be the way to go - but wanted to make sure everyone was aware

@Juwang110 Juwang110 requested a review from sam-schu February 23, 2026 23:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants