mosaicstack/stack
1
0
Fork 0
Code Issues 13 Pull Requests Actions Packages Projects Releases 11 Wiki Activity

fix(gateway): filter projects by ownership — close data privacy leak #202

Merged
jason.woltje merged 1 commits from fix/projects-ownership-filter into main 2026-03-17 02:35:46 +00:00
Conversation 0 Commits 1 Files Changed 5 +132 -11

1 Commits

Author SHA1 Message Date
Jason Woltje
db35ba03b9 fix(gateway): filter projects by ownership — close data privacy leak
All checks were successful
ci/woodpecker/pr/ci Pipeline was successful
Details
ci/woodpecker/push/ci Pipeline was successful
Details 
GET /api/projects now returns only projects owned by the requesting user
or belonging to teams the user is a member of, via a new findAllForUser()
method in the brain projects repo. GET/PATCH/DELETE single-project endpoints
now use canAccessProject() (handling both user and team ownership) instead
of the direct-owner-only assertOwner(). Fixes #197.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-16 21:34:56 -05:00