fix(api): Add WorkspaceGuard to controllers and fix route ordering #111
Closed
jason.woltje
wants to merge 0 commits from
fix/controller-guards into develop
pull from: fix/controller-guards
merge into: mosaic:develop
mosaic:main
mosaic:fix/ci-glibc-image
mosaic:fix/dockerfile-npmrc
mosaic:fix/matrix-native-binary
mosaic:fix/kaniko-cache
mosaic:fix/base-image-kaniko-v2
mosaic:fix/base-image-kaniko
mosaic:feat/custom-base-image
mosaic:ci/pnpm-cache
mosaic:fix/interceptor-tests
mosaic:fix/kanban-tests
mosaic:feat/wire-chat
mosaic:feat/usage-widget
mosaic:fix/security-hardening
mosaic:fix/project-domain-v2
mosaic:feat/kanban-add-task
mosaic:fix/project-domain-attach
mosaic:fix/logs-page-clean
mosaic:fix/workspace-members
mosaic:fix/ci-lint-632
mosaic:fix/file-manager-tags
mosaic:fix/csrf-debug-log
mosaic:fix/controller-type-imports
mosaic:fix/system-admin-env
mosaic:fix/gateway-cors-trusted-origins
mosaic:feat/project-detail-page
mosaic:fix/fleet-provider-form-dto-v2
mosaic:fix/ms22-audit
mosaic:fix/orchestrator-widgets
mosaic:fix/fleet-provider-form-dto
mosaic:fix/csrf-bearer-bypass
mosaic:fix/ms22-missing-authmodule-imports
mosaic:fix/container-lifecycle-config-module
mosaic:fix/swarm-compose-ms22-vars
mosaic:chore/ms22-p1-complete
mosaic:feat/ms22-p1h-settings-ui
mosaic:feat/ms22-p1f-onboarding-ui
mosaic:feat/ms22-p1i-chat-proxy
mosaic:feat/ms22-p1k-idle-reaper
mosaic:feat/ms22-p1j-docker
mosaic:feat/ms22-p1e-onboarding-api
mosaic:feat/ms22-p1g-settings-api
mosaic:feat/ms22-p1d-container-mgr
mosaic:feat/ms22-p1c-config-api
mosaic:chore/ms22-prd-tracking
mosaic:feat/ms22-p1a-schema
mosaic:feat/ms22-p1b-crypto
mosaic:chore/ms22-p1-tasks
mosaic:docs/ms22-architecture
mosaic:feat/ms22-openclaw-docker
mosaic:feat/ms22-openclaw-gateway-module
mosaic:chore/ms21-complete
mosaic:chore/ms21-final-tasks-done
mosaic:fix/ms21-ui-001-qa
mosaic:test/ms21-ui-tests
mosaic:chore/ms21-tasks-sync
mosaic:chore/ms22-phase0-complete
mosaic:feat/ms22-ingest-clean
mosaic:feat/ms21-ui-users-members
mosaic:feat/ms22-task-agent
mosaic:chore/tasks-final
mosaic:chore/tasks-update
mosaic:feat/ms21-session-invalidation
mosaic:feat/ms21-rbac-settings
mosaic:feat/ms21-teams-page
mosaic:feat/ms21-users-page
mosaic:feat/ms19-terminal-persistence
No Reviewers
Labels
Clear labels
ai
api
api
auth
database
database
devops
docs
frontend
graph
knowledge-module
migration
orchestrator
p0
p1
p2
p3
performance
phase-1
phase-2
phase-3
phase-4
phase-5
plugin
search
security
setup
testing
web
AI/LLM integration
Backend/API work
Authentication
Database/schema work
Docker/deployment
Documentation
Data migration
Orchestrator service (apps/orchestrator/)
Critical priority
High priority
Medium priority
Low priority
Performance work
MoltBot plugin work
Security-related
Initial setup
Testing/QA
Frontend work
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
jason.woltje
Clear assignees
jason.woltje
No Assignees
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: mosaic/stack#111
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Delete Branch "fix/controller-guards"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Summary
Fixes High priority issues from code review.
Controllers Fixed (7)
Changes
@UseGuards(AuthGuard, WorkspaceGuard, PermissionGuard)req.user?.workspaceIdwith@Workspace()@RequirePermission()for proper RBACRoute Ordering Fixes
layouts.controller.ts:@Get("default")moved before@Get(":id")auth.controller.ts:@Get("profile")moved before@All("*")Impact
Pull request closed