From 361f9fdba574cc2ce43ff45340b07498b4483bce Mon Sep 17 00:00:00 2001
From: Wilfred Asomani <devwilfredagyei@gmail.com>
Date: Fri, 23 Jun 2023 15:39:44 +0000
Subject: [PATCH] web/satellite: prevent unauthorized access to project
 settings page

This change further restricts projects members from accessing the
projects settings page by navigating to (all) projects dashboard when
/edit-project-details is visited or project is switched.
It also applies a white background to the project ownership tag to
improve contrast and visibility.

Change-Id: Ib855c4e3aa4be7ec9ec1e9b312041118442358ad
---
 .../components/project/EditProjectDetails.vue    | 16 ++++++++++++++++
 .../components/project/ProjectOwnershipTag.vue   |  1 +
 2 files changed, 17 insertions(+)

diff --git a/web/satellite/src/components/project/EditProjectDetails.vue b/web/satellite/src/components/project/EditProjectDetails.vue
index 3406d8888..796630c83 100644
--- a/web/satellite/src/components/project/EditProjectDetails.vue
+++ b/web/satellite/src/components/project/EditProjectDetails.vue
@@ -215,6 +215,7 @@ import { useNotify } from '@/utils/hooks';
 import { useUsersStore } from '@/store/modules/usersStore';
 import { useProjectsStore } from '@/store/modules/projectsStore';
 import { useConfigStore } from '@/store/modules/configStore';
+import { RouteConfig } from '@/types/router';
 
 import VButton from '@/components/common/VButton.vue';
 
@@ -636,6 +637,21 @@ onMounted(async (): Promise<void> => {
     const projectID = projectsStore.state.selectedProject.id;
     if (!projectID) return;
 
+    if (projectsStore.state.selectedProject.ownerId !== usersStore.state.user.id) {
+        await router.replace(configStore.state.config.allProjectsDashboard ? RouteConfig.AllProjectsDashboard : RouteConfig.ProjectDashboard.path);
+        return;
+    }
+
+    projectsStore.$onAction(({ name, after }) => {
+        if (name === 'selectProject') {
+            after((_) => {
+                if (projectsStore.state.selectedProject.ownerId !== usersStore.state.user.id) {
+                    router.replace(RouteConfig.ProjectDashboard.path);
+                }
+            });
+        }
+    });
+
     if (usersStore.state.user.paidTier) {
         isPaidTier.value = true;
     }
diff --git a/web/satellite/src/components/project/ProjectOwnershipTag.vue b/web/satellite/src/components/project/ProjectOwnershipTag.vue
index 5c9a95964..e98981486 100644
--- a/web/satellite/src/components/project/ProjectOwnershipTag.vue
+++ b/web/satellite/src/components/project/ProjectOwnershipTag.vue
@@ -48,6 +48,7 @@ const icon = computed((): string => {
     border: 1px solid var(--c-yellow-2);
     border-radius: 24px;
     color: var(--c-yellow-5);
+    background: var(--c-white);
 
     :deep(path) {
         fill: var(--c-yellow-5);