From fe16d05fbbf58022b5877bde44d4e5ea1150a771 Mon Sep 17 00:00:00 2001
From: t0ng7u <dev@aiass.cc>
Date: Fri, 25 Jul 2025 20:31:20 +0800
Subject: [PATCH] =?UTF-8?q?=F0=9F=94=92=20fix:=20Enforce=20admin-only=20co?=
 =?UTF-8?q?lumn=20visibility=20in=20logs=20tables?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Ensure non-admin users cannot enable columns reserved for administrators
across the following hooks:

* web/src/hooks/usage-logs/useUsageLogsData.js
  - Force-hide CHANNEL, USERNAME and RETRY columns for non-admins.

* web/src/hooks/mj-logs/useMjLogsData.js
  - Force-hide CHANNEL and SUBMIT_RESULT columns for non-admins.

* web/src/hooks/task-logs/useTaskLogsData.js
  - Force-hide CHANNEL column for non-admins.

The checks run when loading column preferences from localStorage, overriding
any tampered settings to keep sensitive information hidden from
unauthorized users.
---
 web/src/hooks/mj-logs/useMjLogsData.js       | 5 +++++
 web/src/hooks/task-logs/useTaskLogsData.js   | 4 ++++
 web/src/hooks/usage-logs/useUsageLogsData.js | 6 ++++++
 3 files changed, 15 insertions(+)

diff --git a/web/src/hooks/mj-logs/useMjLogsData.js b/web/src/hooks/mj-logs/useMjLogsData.js
index 4720629a..00330785 100644
--- a/web/src/hooks/mj-logs/useMjLogsData.js
+++ b/web/src/hooks/mj-logs/useMjLogsData.js
@@ -94,6 +94,11 @@ export const useMjLogsData = () => {
         const parsed = JSON.parse(savedColumns);
         const defaults = getDefaultColumnVisibility();
         const merged = { ...defaults, ...parsed };
+        // If not admin, force hide columns only visible to admins
+        if (!isAdminUser) {
+          merged[COLUMN_KEYS.CHANNEL] = false;
+          merged[COLUMN_KEYS.SUBMIT_RESULT] = false;
+        }
         setVisibleColumns(merged);
       } catch (e) {
         console.error('Failed to parse saved column preferences', e);
diff --git a/web/src/hooks/task-logs/useTaskLogsData.js b/web/src/hooks/task-logs/useTaskLogsData.js
index 70e2bf00..23ed8a85 100644
--- a/web/src/hooks/task-logs/useTaskLogsData.js
+++ b/web/src/hooks/task-logs/useTaskLogsData.js
@@ -92,6 +92,10 @@ export const useTaskLogsData = () => {
         const parsed = JSON.parse(savedColumns);
         const defaults = getDefaultColumnVisibility();
         const merged = { ...defaults, ...parsed };
+        // If not admin, force hide columns only visible to admins
+        if (!isAdminUser) {
+          merged[COLUMN_KEYS.CHANNEL] = false;
+        }
         setVisibleColumns(merged);
       } catch (e) {
         console.error('Failed to parse saved column preferences', e);
diff --git a/web/src/hooks/usage-logs/useUsageLogsData.js b/web/src/hooks/usage-logs/useUsageLogsData.js
index b2312680..c25c155c 100644
--- a/web/src/hooks/usage-logs/useUsageLogsData.js
+++ b/web/src/hooks/usage-logs/useUsageLogsData.js
@@ -116,6 +116,12 @@ export const useLogsData = () => {
         const parsed = JSON.parse(savedColumns);
         const defaults = getDefaultColumnVisibility();
         const merged = { ...defaults, ...parsed };
+        // If not admin, force hide columns only visible to admins
+        if (!isAdminUser) {
+          merged[COLUMN_KEYS.CHANNEL] = false;
+          merged[COLUMN_KEYS.USERNAME] = false;
+          merged[COLUMN_KEYS.RETRY] = false;
+        }
         setVisibleColumns(merged);
       } catch (e) {
         console.error('Failed to parse saved column preferences', e);