fix: issues found in security audit (#1668)

2024-12-15 21:16:42 +01:00
parent 032509e462
commit 922101dcbd
15 changed files with 70 additions and 27 deletions
@@ -66,9 +66,13 @@ const getBoardAndPermissionsAsync = async (params: Props["params"]) => {
 export default async function BoardSettingsPage({ params, searchParams }: Props) {
  const { board, permissions } = await getBoardAndPermissionsAsync(params);
  const boardSettings = await getServerSettingByKeyAsync(db, "board");
-  const { hasFullAccess } = await getBoardPermissionsAsync(board);
+  const { hasFullAccess, hasChangeAccess } = await getBoardPermissionsAsync(board);
  const t = await getScopedI18n("board.setting");

+  if (!hasChangeAccess) {
+    notFound();
+  }
+
  return (
    <Container>
      <Stack>