صفحهٔ اصلی گشت‌و‌گذار راهنما
ورود
Server
/
new-api
40
0
انشعاب 0
پرونده‌ها مشکلات 0 درخواست واکشی 0 ویکی
فهرست منبع

🔒 fix: Enforce admin-only column visibility in logs tables

Ensure non-admin users cannot enable columns reserved for administrators
across the following hooks:

* web/src/hooks/usage-logs/useUsageLogsData.js
  - Force-hide CHANNEL, USERNAME and RETRY columns for non-admins.

* web/src/hooks/mj-logs/useMjLogsData.js
  - Force-hide CHANNEL and SUBMIT_RESULT columns for non-admins.

* web/src/hooks/task-logs/useTaskLogsData.js
  - Force-hide CHANNEL column for non-admins.

The checks run when loading column preferences from localStorage, overriding
any tampered settings to keep sensitive information hidden from
unauthorized users.
t0ng7u 10 ماه پیش
والد
1430c05b6c
کامیت
fe16d05fbb
3فایلهای تغییر یافته به همراه15 افزوده شده و 0 حذف شده
نمای یکپارچه نمایش آمار تفاوت ها
  1. 5 0
      web/src/hooks/mj-logs/useMjLogsData.js
  2. 4 0
      web/src/hooks/task-logs/useTaskLogsData.js
  3. 6 0
      web/src/hooks/usage-logs/useUsageLogsData.js

+ 5 - 0
web/src/hooks/mj-logs/useMjLogsData.js
مشاهده فایل 

@@ -94,6 +94,11 @@ export const useMjLogsData = () => {
 
         const parsed = JSON.parse(savedColumns);
 
         const parsed = JSON.parse(savedColumns);
 
         const defaults = getDefaultColumnVisibility();
 
         const defaults = getDefaultColumnVisibility();
 
         const merged = { ...defaults, ...parsed };
 
         const merged = { ...defaults, ...parsed };
 
+        // If not admin, force hide columns only visible to admins
 
+        if (!isAdminUser) {
 
+          merged[COLUMN_KEYS.CHANNEL] = false;
 
+          merged[COLUMN_KEYS.SUBMIT_RESULT] = false;
 
+        }
 
         setVisibleColumns(merged);
 
         setVisibleColumns(merged);
 
       } catch (e) {
 
       } catch (e) {
 
         console.error('Failed to parse saved column preferences', e);
 
         console.error('Failed to parse saved column preferences', e);

+ 4 - 0
web/src/hooks/task-logs/useTaskLogsData.js
مشاهده فایل 

@@ -92,6 +92,10 @@ export const useTaskLogsData = () => {
 
         const parsed = JSON.parse(savedColumns);
 
         const parsed = JSON.parse(savedColumns);
 
         const defaults = getDefaultColumnVisibility();
 
         const defaults = getDefaultColumnVisibility();
 
         const merged = { ...defaults, ...parsed };
 
         const merged = { ...defaults, ...parsed };
 
+        // If not admin, force hide columns only visible to admins
 
+        if (!isAdminUser) {
 
+          merged[COLUMN_KEYS.CHANNEL] = false;
 
+        }
 
         setVisibleColumns(merged);
 
         setVisibleColumns(merged);
 
       } catch (e) {
 
       } catch (e) {
 
         console.error('Failed to parse saved column preferences', e);
 
         console.error('Failed to parse saved column preferences', e);

+ 6 - 0
web/src/hooks/usage-logs/useUsageLogsData.js
مشاهده فایل 

@@ -116,6 +116,12 @@ export const useLogsData = () => {
 
         const parsed = JSON.parse(savedColumns);
 
         const parsed = JSON.parse(savedColumns);
 
         const defaults = getDefaultColumnVisibility();
 
         const defaults = getDefaultColumnVisibility();
 
         const merged = { ...defaults, ...parsed };
 
         const merged = { ...defaults, ...parsed };
 
+        // If not admin, force hide columns only visible to admins
 
+        if (!isAdminUser) {
 
+          merged[COLUMN_KEYS.CHANNEL] = false;
 
+          merged[COLUMN_KEYS.USERNAME] = false;
 
+          merged[COLUMN_KEYS.RETRY] = false;
 
+        }
 
         setVisibleColumns(merged);
 
         setVisibleColumns(merged);
 
       } catch (e) {
 
       } catch (e) {
 
         console.error('Failed to parse saved column preferences', e);
 
         console.error('Failed to parse saved column preferences', e);