admin/twenty
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Fix: security and developers path should not be accessible to non-admin users (#10628)

Browse Source 
https://github.com/twentyhq/core-team-issues/issues/468
This commit is contained in:
Weiko
2025-03-04 10:51:06 +01:00
committed by GitHub
parent ad628c1266
commit ec4b6c9aa2
1 changed files with 84 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

141
packages/twenty-front/src/modules/app/components/SettingsRoutes.tsx
View File

@ -312,14 +312,22 @@ export const SettingsRoutes = ({
/> />
} }
> >
<Route path={SettingsPath.Workspace} element={<SettingsWorkspace />} />
<Route path={SettingsPath.Billing} element={<SettingsBilling />} /> <Route path={SettingsPath.Billing} element={<SettingsBilling />} />
<Route path={SettingsPath.Domain} element={<SettingsDomain />} />
</Route> </Route>
<Route path={SettingsPath.Workspace} element={<SettingsWorkspace />} />
<Route path={SettingsPath.Domain} element={<SettingsDomain />} />
<Route <Route
path={SettingsPath.WorkspaceMembersPage} element={
element={<SettingsWorkspaceMembers />} <SettingsProtectedRouteWrapper
/> settingsPermission={SettingsPermissions.WORKSPACE_MEMBERS}
/>
}
>
<Route
path={SettingsPath.WorkspaceMembersPage}
element={<SettingsWorkspaceMembers />}
/>
</Route>
<Route <Route
element={ element={
<SettingsProtectedRouteWrapper <SettingsProtectedRouteWrapper
@ -337,6 +345,18 @@ export const SettingsRoutes = ({
element={<SettingsObjectDetailPage />} element={<SettingsObjectDetailPage />}
/> />
<Route path={SettingsPath.NewObject} element={<SettingsNewObject />} /> <Route path={SettingsPath.NewObject} element={<SettingsNewObject />} />
<Route
path={SettingsPath.ObjectNewFieldSelect}
element={<SettingsObjectNewFieldSelect />}
/>
<Route
path={SettingsPath.ObjectNewFieldConfigure}
element={<SettingsObjectNewFieldConfigure />}
/>
<Route
path={SettingsPath.ObjectFieldEdit}
element={<SettingsObjectFieldEdit />}
/>
</Route> </Route>
<Route <Route
element={ element={
@ -349,19 +369,50 @@ export const SettingsRoutes = ({
<Route path={SettingsPath.Roles} element={<SettingsRoles />} /> <Route path={SettingsPath.Roles} element={<SettingsRoles />} />
<Route path={SettingsPath.RoleDetail} element={<SettingsRoleEdit />} /> <Route path={SettingsPath.RoleDetail} element={<SettingsRoleEdit />} />
</Route> </Route>
<Route path={SettingsPath.Developers} element={<SettingsDevelopers />} />
<Route <Route
path={SettingsPath.DevelopersNewApiKey} element={
element={<SettingsDevelopersApiKeysNew />} <SettingsProtectedRouteWrapper
/> settingsPermission={SettingsPermissions.API_KEYS_AND_WEBHOOKS}
<Route />
path={SettingsPath.DevelopersApiKeyDetail} }
element={<SettingsDevelopersApiKeyDetail />} >
/> <Route
<Route path={SettingsPath.Developers}
path={SettingsPath.DevelopersNewWebhookDetail} element={<SettingsDevelopers />}
element={<SettingsDevelopersWebhooksDetail />} />
/> <Route
path={SettingsPath.DevelopersNewApiKey}
element={<SettingsDevelopersApiKeysNew />}
/>
<Route
path={SettingsPath.DevelopersApiKeyDetail}
element={<SettingsDevelopersApiKeyDetail />}
/>
<Route
path={SettingsPath.DevelopersNewWebhookDetail}
element={<SettingsDevelopersWebhooksDetail />}
/>
<Route
path={SettingsPath.Integrations}
element={<SettingsIntegrations />}
/>
<Route
path={SettingsPath.IntegrationDatabase}
element={<SettingsIntegrationDatabase />}
/>
<Route
path={SettingsPath.IntegrationNewDatabaseConnection}
element={<SettingsIntegrationNewDatabaseConnection />}
/>
<Route
path={SettingsPath.IntegrationEditDatabaseConnection}
element={<SettingsIntegrationEditDatabaseConnection />}
/>
<Route
path={SettingsPath.IntegrationDatabaseConnection}
element={<SettingsIntegrationShowDatabaseConnection />}
/>
</Route>
{isFunctionSettingsEnabled && ( {isFunctionSettingsEnabled && (
<> <>
<Route <Route
@ -378,48 +429,24 @@ export const SettingsRoutes = ({
/> />
</> </>
)} )}
<Route
path={SettingsPath.Integrations}
element={<SettingsIntegrations />}
/>
<Route
path={SettingsPath.IntegrationDatabase}
element={<SettingsIntegrationDatabase />}
/>
<Route
path={SettingsPath.IntegrationNewDatabaseConnection}
element={<SettingsIntegrationNewDatabaseConnection />}
/>
<Route
path={SettingsPath.IntegrationEditDatabaseConnection}
element={<SettingsIntegrationEditDatabaseConnection />}
/>
<Route
path={SettingsPath.IntegrationDatabaseConnection}
element={<SettingsIntegrationShowDatabaseConnection />}
/>
<Route
path={SettingsPath.ObjectNewFieldSelect}
element={<SettingsObjectNewFieldSelect />}
/>
<Route
path={SettingsPath.ObjectNewFieldConfigure}
element={<SettingsObjectNewFieldConfigure />}
/>
<Route
path={SettingsPath.ObjectFieldEdit}
element={<SettingsObjectFieldEdit />}
/>
<Route path={SettingsPath.Releases} element={<Releases />} /> <Route path={SettingsPath.Releases} element={<Releases />} />
<Route path={SettingsPath.Security} element={<SettingsSecurity />} />
<Route <Route
path={SettingsPath.NewSSOIdentityProvider} element={
element={<SettingsSecuritySSOIdentifyProvider />} <SettingsProtectedRouteWrapper
/> settingsPermission={SettingsPermissions.SECURITY}
<Route />
path={SettingsPath.NewApprovedAccessDomain} }
element={<SettingsSecurityApprovedAccessDomain />} >
/> <Route path={SettingsPath.Security} element={<SettingsSecurity />} />
<Route
path={SettingsPath.NewSSOIdentityProvider}
element={<SettingsSecuritySSOIdentifyProvider />}
/>
<Route
path={SettingsPath.NewApprovedAccessDomain}
element={<SettingsSecurityApprovedAccessDomain />}
/>
</Route>
{isAdminPageEnabled && ( {isAdminPageEnabled && (
<> <>