admin/twenty
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Fix: security and developers path should not be accessible to non-admin users (#10628)

Browse Source 
https://github.com/twentyhq/core-team-issues/issues/468
This commit is contained in:
Weiko
2025-03-04 10:51:06 +01:00
committed by GitHub
parent ad628c1266
commit ec4b6c9aa2
1 changed files with 84 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

77
packages/twenty-front/src/modules/app/components/SettingsRoutes.tsx
View File

@ -312,14 +312,22 @@ export const SettingsRoutes = ({
/> />
} }
> >
<Route path={SettingsPath.Billing} element={<SettingsBilling />} />
</Route>
<Route path={SettingsPath.Workspace} element={<SettingsWorkspace />} /> <Route path={SettingsPath.Workspace} element={<SettingsWorkspace />} />
<Route path={SettingsPath.Billing} element={<SettingsBilling />} />
<Route path={SettingsPath.Domain} element={<SettingsDomain />} /> <Route path={SettingsPath.Domain} element={<SettingsDomain />} />
</Route>
<Route
element={
<SettingsProtectedRouteWrapper
settingsPermission={SettingsPermissions.WORKSPACE_MEMBERS}
/>
}
>
<Route <Route
path={SettingsPath.WorkspaceMembersPage} path={SettingsPath.WorkspaceMembersPage}
element={<SettingsWorkspaceMembers />} element={<SettingsWorkspaceMembers />}
/> />
</Route>
<Route <Route
element={ element={
<SettingsProtectedRouteWrapper <SettingsProtectedRouteWrapper
@ -337,6 +345,18 @@ export const SettingsRoutes = ({
element={<SettingsObjectDetailPage />} element={<SettingsObjectDetailPage />}
/> />
<Route path={SettingsPath.NewObject} element={<SettingsNewObject />} /> <Route path={SettingsPath.NewObject} element={<SettingsNewObject />} />
<Route
path={SettingsPath.ObjectNewFieldSelect}
element={<SettingsObjectNewFieldSelect />}
/>
<Route
path={SettingsPath.ObjectNewFieldConfigure}
element={<SettingsObjectNewFieldConfigure />}
/>
<Route
path={SettingsPath.ObjectFieldEdit}
element={<SettingsObjectFieldEdit />}
/>
</Route> </Route>
<Route <Route
element={ element={
@ -349,7 +369,17 @@ export const SettingsRoutes = ({
<Route path={SettingsPath.Roles} element={<SettingsRoles />} /> <Route path={SettingsPath.Roles} element={<SettingsRoles />} />
<Route path={SettingsPath.RoleDetail} element={<SettingsRoleEdit />} /> <Route path={SettingsPath.RoleDetail} element={<SettingsRoleEdit />} />
</Route> </Route>
<Route path={SettingsPath.Developers} element={<SettingsDevelopers />} /> <Route
element={
<SettingsProtectedRouteWrapper
settingsPermission={SettingsPermissions.API_KEYS_AND_WEBHOOKS}
/>
}
>
<Route
path={SettingsPath.Developers}
element={<SettingsDevelopers />}
/>
<Route <Route
path={SettingsPath.DevelopersNewApiKey} path={SettingsPath.DevelopersNewApiKey}
element={<SettingsDevelopersApiKeysNew />} element={<SettingsDevelopersApiKeysNew />}
@ -362,22 +392,6 @@ export const SettingsRoutes = ({
path={SettingsPath.DevelopersNewWebhookDetail} path={SettingsPath.DevelopersNewWebhookDetail}
element={<SettingsDevelopersWebhooksDetail />} element={<SettingsDevelopersWebhooksDetail />}
/> />
{isFunctionSettingsEnabled && (
<>
<Route
path={SettingsPath.ServerlessFunctions}
element={<SettingsServerlessFunctions />}
/>
<Route
path={SettingsPath.NewServerlessFunction}
element={<SettingsServerlessFunctionsNew />}
/>
<Route
path={SettingsPath.ServerlessFunctionDetail}
element={<SettingsServerlessFunctionDetail />}
/>
</>
)}
<Route <Route
path={SettingsPath.Integrations} path={SettingsPath.Integrations}
element={<SettingsIntegrations />} element={<SettingsIntegrations />}
@ -398,19 +412,31 @@ export const SettingsRoutes = ({
path={SettingsPath.IntegrationDatabaseConnection} path={SettingsPath.IntegrationDatabaseConnection}
element={<SettingsIntegrationShowDatabaseConnection />} element={<SettingsIntegrationShowDatabaseConnection />}
/> />
</Route>
{isFunctionSettingsEnabled && (
<>
<Route <Route
path={SettingsPath.ObjectNewFieldSelect} path={SettingsPath.ServerlessFunctions}
element={<SettingsObjectNewFieldSelect />} element={<SettingsServerlessFunctions />}
/> />
<Route <Route
path={SettingsPath.ObjectNewFieldConfigure} path={SettingsPath.NewServerlessFunction}
element={<SettingsObjectNewFieldConfigure />} element={<SettingsServerlessFunctionsNew />}
/> />
<Route <Route
path={SettingsPath.ObjectFieldEdit} path={SettingsPath.ServerlessFunctionDetail}
element={<SettingsObjectFieldEdit />} element={<SettingsServerlessFunctionDetail />}
/> />
</>
)}
<Route path={SettingsPath.Releases} element={<Releases />} /> <Route path={SettingsPath.Releases} element={<Releases />} />
<Route
element={
<SettingsProtectedRouteWrapper
settingsPermission={SettingsPermissions.SECURITY}
/>
}
>
<Route path={SettingsPath.Security} element={<SettingsSecurity />} /> <Route path={SettingsPath.Security} element={<SettingsSecurity />} />
<Route <Route
path={SettingsPath.NewSSOIdentityProvider} path={SettingsPath.NewSSOIdentityProvider}
@ -420,6 +446,7 @@ export const SettingsRoutes = ({
path={SettingsPath.NewApprovedAccessDomain} path={SettingsPath.NewApprovedAccessDomain}
element={<SettingsSecurityApprovedAccessDomain />} element={<SettingsSecurityApprovedAccessDomain />}
/> />
</Route>
{isAdminPageEnabled && ( {isAdminPageEnabled && (
<> <>