fix: prevent listPolicies call for project viewers without permission by rohilsurana · Pull Request #1445

fix: prevent listPolicies call for project viewers without permission by rohilsurana · Pull Request #1445 · raystack/frontier

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: fefecf9d-0ab7-480d-82da-02d11b760088

📥 Commits

Reviewing files that changed from the base of the PR and between 01aab59 and 36bd64b.

📒 Files selected for processing (1)

web/sdk/react/views/projects/details/project-member-columns.tsx

📝 Walkthrough

Summary by CodeRabbit

Bug Fixes
- Fixed an access control issue in project member management where policy data could be queried without proper update permissions. Policy information is now only fetched for users with the appropriate authorization level.

Walkthrough

This PR modifies the query enablement condition in the project member columns component. The listPolicies query now requires canUpdateProject permission in addition to projectId and member.id before executing, adding a permission-based gate to policy data fetches.

Changes

Cohort / File(s)	Summary
Permission gate for policy queries `web/sdk/react/views/projects/details/project-member-columns.tsx`	Added `canUpdateProject` condition to useQuery enablement for listPolicies, restricting policy data fetches to users with update permissions.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

_{Comment @coderabbitai help to get the list of available commands and usage tips.}