Mirroristas/pockethost
2
0
Fork 0
mirror of https://github.com/pockethost/pockethost.git synced 2025-11-23 22:15:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

mothership: fix security issue allowing users to update their own user records

Browse Source
This commit is contained in:
Ben Allfree 2025-09-11 15:22:10 +00:00
parent 2b51452491
commit afbea72cc6
1 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
packages/pockethost/src/mothership-app/pb_migrations/1753355624_updated_users.js Normal file
View File

@ -0,0 +1,16 @@
/// <reference path="../pb_data/types.d.ts" />
migrate((db) => {
const dao = new Dao(db)
const collection = dao.findCollectionByNameOrId("systemprofiles0")
collection.updateRule = null
return dao.saveCollection(collection)
}, (db) => {
const dao = new Dao(db)
const collection = dao.findCollectionByNameOrId("systemprofiles0")
collection.updateRule = "id = @request.auth.id"
return dao.saveCollection(collection)
})