Ling0925
/
buster
mirror of https://github.com/buster-so/buster.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
buster/packages/server-shared/src/assets
History
dal 2e04af1785
fix: address additional critical PR review comments 
- Fixed permission hierarchy: full_access (5) now correctly ranks higher than viewer (3)
- Removed 'querier' role from admin permission check as it was too permissive
- Added organizationId parameter to dashboard access checks to prevent unauthorized access
- Fixed public dashboard expiry date check to verify dates are in the future
- Added cycle detection for collection permissions to prevent infinite recursion
- Fixed bulk remove permissions to correctly filter by identityIds array
- Updated date comparison to use ISO string format for PostgreSQL timestamp columns

These fixes address critical security and logic issues identified in the PR review.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
 		2025-07-29 12:28:58 -06:00
..
asset-types.types.ts fix: address additional critical PR review comments 2025-07-29 12:28:58 -06:00
index.ts feat(access-controls): migrate Rust access control libraries to TypeScript 2025-07-28 10:17:35 -06:00