fix(git-sync): restrict config and tab visibility to project owner
Build and Deploy Verso / deploy (push) Successful in 13m11s
Build and Deploy Verso / deploy (push) Successful in 13m11s
- gitSyncEnabled is now false for non-owners, hiding the rail tab - gitRemote (and all other git sync config) is served as empty string to non-owners, preventing auth token leakage via meta tags to collaborators and anonymous token users Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -1027,12 +1027,24 @@ const _ProjectController = {
|
||||
imageNames,
|
||||
gitBridgePublicBaseUrl: Settings.gitBridgePublicBaseUrl,
|
||||
gitBridgeEnabled: Features.hasFeature('git-bridge'),
|
||||
gitSyncEnabled: Boolean(Settings.enableGitSync),
|
||||
gitRemote: project.gitRemote ?? '',
|
||||
gitSyncPath: project.gitSyncPath ?? '',
|
||||
gitSyncPdfPath: project.gitSyncPdfPath ?? '',
|
||||
gitSyncPushFiles: project.gitSyncPushFiles ?? true,
|
||||
gitSyncPushPdf: project.gitSyncPushPdf ?? true,
|
||||
gitSyncEnabled:
|
||||
Boolean(Settings.enableGitSync) &&
|
||||
privilegeLevel === PrivilegeLevels.OWNER,
|
||||
gitRemote: privilegeLevel === PrivilegeLevels.OWNER
|
||||
? (project.gitRemote ?? '')
|
||||
: '',
|
||||
gitSyncPath: privilegeLevel === PrivilegeLevels.OWNER
|
||||
? (project.gitSyncPath ?? '')
|
||||
: '',
|
||||
gitSyncPdfPath: privilegeLevel === PrivilegeLevels.OWNER
|
||||
? (project.gitSyncPdfPath ?? '')
|
||||
: '',
|
||||
gitSyncPushFiles: privilegeLevel === PrivilegeLevels.OWNER
|
||||
? (project.gitSyncPushFiles ?? true)
|
||||
: true,
|
||||
gitSyncPushPdf: privilegeLevel === PrivilegeLevels.OWNER
|
||||
? (project.gitSyncPushPdf ?? true)
|
||||
: true,
|
||||
wsUrl,
|
||||
showSupport: Features.hasFeature('support'),
|
||||
showTemplatesServerPro,
|
||||
|
||||
Reference in New Issue
Block a user