mosaicstack/stack
1
0
Fork 0
Code Issues 13 Pull Requests Actions Packages Projects Releases 11 Wiki Activity

fix(gateway): filter projects by ownership — close data privacy leak #202

Merged
jason.woltje merged 1 commits from fix/projects-ownership-filter into main 2026-03-17 02:35:46 +00:00
Conversation 0 Commits 1 Files Changed 5 +132 -11
jason.woltje commented 2026-03-17 02:35:31 +00:00
Owner
Copy Link

GET /api/projects now returns only projects owned by the requesting user or belonging to their teams. Fixes #197.

GET /api/projects now returns only projects owned by the requesting user or belonging to their teams. Fixes #197.
jason.woltje added 1 commit 2026-03-17 02:35:31 +00:00
fix(gateway): filter projects by ownership — close data privacy leak
All checks were successful
ci/woodpecker/pr/ci Pipeline was successful
Details
ci/woodpecker/push/ci Pipeline was successful
Details
db35ba03b9 
GET /api/projects now returns only projects owned by the requesting user
or belonging to teams the user is a member of, via a new findAllForUser()
method in the brain projects repo. GET/PATCH/DELETE single-project endpoints
now use canAccessProject() (handling both user and team ownership) instead
of the direct-owner-only assertOwner(). Fixes #197.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
jason.woltje merged commit 93645295d5 into main 2026-03-17 02:35:46 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
jason.woltje
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: mosaicstack/stack#202
Delete Branch "fix/projects-ownership-filter"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?