admin/twenty
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Fix: security and developers path should not be accessible to non-admin users (#10628)

Browse Source 
https://github.com/twentyhq/core-team-issues/issues/468
This commit is contained in:
Weiko
2025-03-04 10:51:06 +01:00
committed by GitHub
parent ad628c1266
commit ec4b6c9aa2
1 changed files with 84 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

141
packages/twenty-front/src/modules/app/components/SettingsRoutes.tsx
View File

@ -312,14 +312,22 @@ export const SettingsRoutes = ({
/>
}
>
<Route path={SettingsPath.Workspace} element={<SettingsWorkspace />} />
<Route path={SettingsPath.Billing} element={<SettingsBilling />} />
<Route path={SettingsPath.Domain} element={<SettingsDomain />} />
</Route>
<Route path={SettingsPath.Workspace} element={<SettingsWorkspace />} />
<Route path={SettingsPath.Domain} element={<SettingsDomain />} />
<Route
path={SettingsPath.WorkspaceMembersPage}
element={<SettingsWorkspaceMembers />}
/>
element={
<SettingsProtectedRouteWrapper
settingsPermission={SettingsPermissions.WORKSPACE_MEMBERS}
/>
}
>
<Route
path={SettingsPath.WorkspaceMembersPage}
element={<SettingsWorkspaceMembers />}
/>
</Route>
<Route
element={
<SettingsProtectedRouteWrapper
@ -337,6 +345,18 @@ export const SettingsRoutes = ({
element={<SettingsObjectDetailPage />}
/>
<Route path={SettingsPath.NewObject} element={<SettingsNewObject />} />
<Route
path={SettingsPath.ObjectNewFieldSelect}
element={<SettingsObjectNewFieldSelect />}
/>
<Route
path={SettingsPath.ObjectNewFieldConfigure}
element={<SettingsObjectNewFieldConfigure />}
/>
<Route
path={SettingsPath.ObjectFieldEdit}
element={<SettingsObjectFieldEdit />}
/>
</Route>
<Route
element={
@ -349,19 +369,50 @@ export const SettingsRoutes = ({
<Route path={SettingsPath.Roles} element={<SettingsRoles />} />
<Route path={SettingsPath.RoleDetail} element={<SettingsRoleEdit />} />
</Route>
<Route path={SettingsPath.Developers} element={<SettingsDevelopers />} />
<Route
path={SettingsPath.DevelopersNewApiKey}
element={<SettingsDevelopersApiKeysNew />}
/>
<Route
path={SettingsPath.DevelopersApiKeyDetail}
element={<SettingsDevelopersApiKeyDetail />}
/>
<Route
path={SettingsPath.DevelopersNewWebhookDetail}
element={<SettingsDevelopersWebhooksDetail />}
/>
element={
<SettingsProtectedRouteWrapper
settingsPermission={SettingsPermissions.API_KEYS_AND_WEBHOOKS}
/>
}
>
<Route
path={SettingsPath.Developers}
element={<SettingsDevelopers />}
/>
<Route
path={SettingsPath.DevelopersNewApiKey}
element={<SettingsDevelopersApiKeysNew />}
/>
<Route
path={SettingsPath.DevelopersApiKeyDetail}
element={<SettingsDevelopersApiKeyDetail />}
/>
<Route
path={SettingsPath.DevelopersNewWebhookDetail}
element={<SettingsDevelopersWebhooksDetail />}
/>
<Route
path={SettingsPath.Integrations}
element={<SettingsIntegrations />}
/>
<Route
path={SettingsPath.IntegrationDatabase}
element={<SettingsIntegrationDatabase />}
/>
<Route
path={SettingsPath.IntegrationNewDatabaseConnection}
element={<SettingsIntegrationNewDatabaseConnection />}
/>
<Route
path={SettingsPath.IntegrationEditDatabaseConnection}
element={<SettingsIntegrationEditDatabaseConnection />}
/>
<Route
path={SettingsPath.IntegrationDatabaseConnection}
element={<SettingsIntegrationShowDatabaseConnection />}
/>
</Route>
{isFunctionSettingsEnabled && (
<>
<Route
@ -378,48 +429,24 @@ export const SettingsRoutes = ({
/>
</>
)}
<Route
path={SettingsPath.Integrations}
element={<SettingsIntegrations />}
/>
<Route
path={SettingsPath.IntegrationDatabase}
element={<SettingsIntegrationDatabase />}
/>
<Route
path={SettingsPath.IntegrationNewDatabaseConnection}
element={<SettingsIntegrationNewDatabaseConnection />}
/>
<Route
path={SettingsPath.IntegrationEditDatabaseConnection}
element={<SettingsIntegrationEditDatabaseConnection />}
/>
<Route
path={SettingsPath.IntegrationDatabaseConnection}
element={<SettingsIntegrationShowDatabaseConnection />}
/>
<Route
path={SettingsPath.ObjectNewFieldSelect}
element={<SettingsObjectNewFieldSelect />}
/>
<Route
path={SettingsPath.ObjectNewFieldConfigure}
element={<SettingsObjectNewFieldConfigure />}
/>
<Route
path={SettingsPath.ObjectFieldEdit}
element={<SettingsObjectFieldEdit />}
/>
<Route path={SettingsPath.Releases} element={<Releases />} />
<Route path={SettingsPath.Security} element={<SettingsSecurity />} />
<Route
path={SettingsPath.NewSSOIdentityProvider}
element={<SettingsSecuritySSOIdentifyProvider />}
/>
<Route
path={SettingsPath.NewApprovedAccessDomain}
element={<SettingsSecurityApprovedAccessDomain />}
/>
element={
<SettingsProtectedRouteWrapper
settingsPermission={SettingsPermissions.SECURITY}
/>
}
>
<Route path={SettingsPath.Security} element={<SettingsSecurity />} />
<Route
path={SettingsPath.NewSSOIdentityProvider}
element={<SettingsSecuritySSOIdentifyProvider />}
/>
<Route
path={SettingsPath.NewApprovedAccessDomain}
element={<SettingsSecurityApprovedAccessDomain />}
/>
</Route>
{isAdminPageEnabled && (
<>