k1nq/TREK
1
0
Fork 0
mirror of https://github.com/mauriceboe/TREK.git synced 2026-06-19 13:21:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: harden permissions system after code review

Browse Source 
- Gate permissions in /app-config behind optionalAuth so unauthenticated
  requests don't receive admin configuration
- Fix trip_delete isMember parameter (was hardcoded false)
- Return skipped keys from savePermissions for admin visibility
- Add disabled prop to CustomSelect, use in BudgetPanel currency picker
- Fix CollabChat reaction handler returning false instead of void
- Pass canUploadFiles as prop to NoteFormModal instead of internal store read
- Make edit-only NoteFormModal props optional (onDeleteFile, note, tripId)
- Add missing trailing newlines to .gitignore and it.ts
This commit is contained in:
Gérnyi Márk
2026-03-31 23:33:27 +02:00
parent 1ff8546484
commit 23edfe3dfc
10 changed files with 35 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server/src/routes/admin.ts
+2 -2
View File
@@ -177,7 +177,7 @@ router.put('/permissions', (req: Request, res: Response) => {
if (!permissions || typeof permissions !== 'object') {
return res.status(400).json({ error: 'permissions object required' });
}
savePermissions(permissions);
const { skipped } = savePermissions(permissions);
writeAudit({
userId: authReq.user.id,
action: 'admin.permissions_update',
@@ -185,7 +185,7 @@ router.put('/permissions', (req: Request, res: Response) => {
ip: getClientIp(req),
details: permissions,
});
res.json({ success: true, permissions: getAllPermissions() });
res.json({ success: true, permissions: getAllPermissions(), ...(skipped.length ? { skipped } : {}) });
});
router.get('/audit-log', (req: Request, res: Response) => {