fix(git-sync): restrict config and tab visibility to project owner
Build and Deploy Verso / deploy (push) Successful in 13m11s

- gitSyncEnabled is now false for non-owners, hiding the rail tab
- gitRemote (and all other git sync config) is served as empty string
  to non-owners, preventing auth token leakage via meta tags to
  collaborators and anonymous token users

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
claude
2026-06-24 00:01:49 +00:00
parent dbb519835a
commit c041719e6a
@@ -1027,12 +1027,24 @@ const _ProjectController = {
imageNames,
gitBridgePublicBaseUrl: Settings.gitBridgePublicBaseUrl,
gitBridgeEnabled: Features.hasFeature('git-bridge'),
gitSyncEnabled: Boolean(Settings.enableGitSync),
gitRemote: project.gitRemote ?? '',
gitSyncPath: project.gitSyncPath ?? '',
gitSyncPdfPath: project.gitSyncPdfPath ?? '',
gitSyncPushFiles: project.gitSyncPushFiles ?? true,
gitSyncPushPdf: project.gitSyncPushPdf ?? true,
gitSyncEnabled:
Boolean(Settings.enableGitSync) &&
privilegeLevel === PrivilegeLevels.OWNER,
gitRemote: privilegeLevel === PrivilegeLevels.OWNER
? (project.gitRemote ?? '')
: '',
gitSyncPath: privilegeLevel === PrivilegeLevels.OWNER
? (project.gitSyncPath ?? '')
: '',
gitSyncPdfPath: privilegeLevel === PrivilegeLevels.OWNER
? (project.gitSyncPdfPath ?? '')
: '',
gitSyncPushFiles: privilegeLevel === PrivilegeLevels.OWNER
? (project.gitSyncPushFiles ?? true)
: true,
gitSyncPushPdf: privilegeLevel === PrivilegeLevels.OWNER
? (project.gitSyncPushPdf ?? true)
: true,
wsUrl,
showSupport: Features.hasFeature('support'),
showTemplatesServerPro,