From 8205ad2cd054400cf129e1291b35b0b440992110 Mon Sep 17 00:00:00 2001 From: feitianbubu Date: Thu, 24 Jul 2025 09:36:48 +0800 Subject: [PATCH 1/2] fix: playground chat vip group --- middleware/auth.go | 1 + 1 file changed, 1 insertion(+) diff --git a/middleware/auth.go b/middleware/auth.go index a158318c..72900f83 100644 --- a/middleware/auth.go +++ b/middleware/auth.go @@ -122,6 +122,7 @@ func authHelper(c *gin.Context, minRole int) { c.Set("role", role) c.Set("id", id) c.Set("group", session.Get("group")) + c.Set("user_group", session.Get("group")) c.Set("use_access_token", useAccessToken) //userCache, err := model.GetUserCache(id.(int)) From fe16d05fbbf58022b5877bde44d4e5ea1150a771 Mon Sep 17 00:00:00 2001 From: t0ng7u Date: Fri, 25 Jul 2025 20:31:20 +0800 Subject: [PATCH 2/2] =?UTF-8?q?=F0=9F=94=92=20fix:=20Enforce=20admin-only?= =?UTF-8?q?=20column=20visibility=20in=20logs=20tables?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Ensure non-admin users cannot enable columns reserved for administrators across the following hooks: * web/src/hooks/usage-logs/useUsageLogsData.js - Force-hide CHANNEL, USERNAME and RETRY columns for non-admins. * web/src/hooks/mj-logs/useMjLogsData.js - Force-hide CHANNEL and SUBMIT_RESULT columns for non-admins. * web/src/hooks/task-logs/useTaskLogsData.js - Force-hide CHANNEL column for non-admins. The checks run when loading column preferences from localStorage, overriding any tampered settings to keep sensitive information hidden from unauthorized users. --- web/src/hooks/mj-logs/useMjLogsData.js | 5 +++++ web/src/hooks/task-logs/useTaskLogsData.js | 4 ++++ web/src/hooks/usage-logs/useUsageLogsData.js | 6 ++++++ 3 files changed, 15 insertions(+) diff --git a/web/src/hooks/mj-logs/useMjLogsData.js b/web/src/hooks/mj-logs/useMjLogsData.js index 4720629a..00330785 100644 --- a/web/src/hooks/mj-logs/useMjLogsData.js +++ b/web/src/hooks/mj-logs/useMjLogsData.js @@ -94,6 +94,11 @@ export const useMjLogsData = () => { const parsed = JSON.parse(savedColumns); const defaults = getDefaultColumnVisibility(); const merged = { ...defaults, ...parsed }; + // If not admin, force hide columns only visible to admins + if (!isAdminUser) { + merged[COLUMN_KEYS.CHANNEL] = false; + merged[COLUMN_KEYS.SUBMIT_RESULT] = false; + } setVisibleColumns(merged); } catch (e) { console.error('Failed to parse saved column preferences', e); diff --git a/web/src/hooks/task-logs/useTaskLogsData.js b/web/src/hooks/task-logs/useTaskLogsData.js index 70e2bf00..23ed8a85 100644 --- a/web/src/hooks/task-logs/useTaskLogsData.js +++ b/web/src/hooks/task-logs/useTaskLogsData.js @@ -92,6 +92,10 @@ export const useTaskLogsData = () => { const parsed = JSON.parse(savedColumns); const defaults = getDefaultColumnVisibility(); const merged = { ...defaults, ...parsed }; + // If not admin, force hide columns only visible to admins + if (!isAdminUser) { + merged[COLUMN_KEYS.CHANNEL] = false; + } setVisibleColumns(merged); } catch (e) { console.error('Failed to parse saved column preferences', e); diff --git a/web/src/hooks/usage-logs/useUsageLogsData.js b/web/src/hooks/usage-logs/useUsageLogsData.js index b2312680..c25c155c 100644 --- a/web/src/hooks/usage-logs/useUsageLogsData.js +++ b/web/src/hooks/usage-logs/useUsageLogsData.js @@ -116,6 +116,12 @@ export const useLogsData = () => { const parsed = JSON.parse(savedColumns); const defaults = getDefaultColumnVisibility(); const merged = { ...defaults, ...parsed }; + // If not admin, force hide columns only visible to admins + if (!isAdminUser) { + merged[COLUMN_KEYS.CHANNEL] = false; + merged[COLUMN_KEYS.USERNAME] = false; + merged[COLUMN_KEYS.RETRY] = false; + } setVisibleColumns(merged); } catch (e) { console.error('Failed to parse saved column preferences', e);