mirror of https://github.com/buster-so/buster.git
2e04af1785
- Fixed permission hierarchy: full_access (5) now correctly ranks higher than viewer (3) - Removed 'querier' role from admin permission check as it was too permissive - Added organizationId parameter to dashboard access checks to prevent unauthorized access - Fixed public dashboard expiry date check to verify dates are in the future - Added cycle detection for collection permissions to prevent infinite recursion - Fixed bulk remove permissions to correctly filter by identityIds array - Updated date comparison to use ISO string format for PostgreSQL timestamp columns These fixes address critical security and logic issues identified in the PR review. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| access-controls | ||
| assets | ||
| chats | ||
| dashboards | ||
| dictionary | ||
| message | ||
| metrics | ||
| organization | ||
| security | ||
| share | ||
| slack | ||
| teams | ||
| title | ||
| type-utilities | ||
| user | ||
| index.ts | ||