Leahnaya/hackdex-website
1
0
Fork 0
mirror of https://github.com/Hackdex-App/hackdex-website.git synced 2026-03-21 17:54:09 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix unapproved hack viewing permissions

Browse Source
This commit is contained in:
Jared Schoeny 2026-01-16 13:42:35 -10:00
parent 456832aad3
commit f0875bc929
2 changed files with 11 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/app/hack/[slug]/page.tsx
View File

@ -134,20 +134,21 @@ export default async function HackDetail({ params }: HackDetailProps) {
canEdit: canUploadPatch,
} = await checkPatchEditPermission(hack, user?.id as string, supabase);
// isAdmin always needs to be checked for archive hacks
let isAdmin = false;
if (!hack.approved || isArchive) {
const { data: admin } = await supabase.rpc("is_admin");
if (admin) {
isAdmin = true;
} else if (!isArchive) {
return notFound();
} else if (!hack.approved) {
if (isArchive && !canEditAsArchiver) {
return notFound();
} else if (!canEdit) {
return notFound();
}
}
}
if (isArchive && !isAdmin && !canEditAsArchiver) {
return notFound();
}
// Extract patch info from cached metadata
const patchFilename = patch?.filename || null;
const patchVersion = isArchive ? "Archive" : (patch?.version || "");

10
src/app/hack/[slug]/stats/page.tsx
View File

@ -2,7 +2,7 @@ import { createClient } from "@/utils/supabase/server";
import { notFound, redirect } from "next/navigation";
import HackStatsClient from "@/components/Hack/Stats/HackStatsClient";
import { getDownloadsSeriesAll, getHackInsights } from "@/app/dashboard/actions";
import { isArchiveHack, canEditAsArchiver } from "@/utils/hack";
import { checkEditPermission } from "@/utils/hack";
export default async function HackStatsPage({ params: { slug } }: { params: { slug: string } }) {
const supa = await createClient();
@ -17,11 +17,9 @@ export default async function HackStatsPage({ params: { slug } }: { params: { sl
.maybeSingle();
if (!hack) notFound();
let isOwner = hack.created_by === user.id;
if (!isOwner) {
const isArchive = isArchiveHack(hack);
const isEditableByArchiver = await canEditAsArchiver(hack, user.id, supa);
if (!isOwner && !isArchive && !isEditableByArchiver) notFound();
const permission = await checkEditPermission(hack, user.id, supa);
if (!permission.canEdit) {
redirect(`/hack/${slug}`);
}
const allSeries = await getDownloadsSeriesAll({ days: 30 });