web/satellite: prevent unauthorized access to project settings page

This change further restricts projects members from accessing the
projects settings page by navigating to (all) projects dashboard when
/edit-project-details is visited or project is switched.
It also applies a white background to the project ownership tag to
improve contrast and visibility.

Change-Id: Ib855c4e3aa4be7ec9ec1e9b312041118442358ad

web/satellite/src/components/project/EditProjectDetails.vue

@@ -215,6 +215,7 @@ import { useNotify } from '@/utils/hooks';
 import { useUsersStore } from '@/store/modules/usersStore';
 import { useProjectsStore } from '@/store/modules/projectsStore';
 import { useConfigStore } from '@/store/modules/configStore';
+import { RouteConfig } from '@/types/router';
 
 import VButton from '@/components/common/VButton.vue';
 
@@ -636,6 +637,21 @@ onMounted(async (): Promise<void> => {
     const projectID = projectsStore.state.selectedProject.id;
     if (!projectID) return;
 
+    if (projectsStore.state.selectedProject.ownerId !== usersStore.state.user.id) {
+        await router.replace(configStore.state.config.allProjectsDashboard ? RouteConfig.AllProjectsDashboard : RouteConfig.ProjectDashboard.path);
+        return;
+    }
+
+    projectsStore.$onAction(({ name, after }) => {
+        if (name === 'selectProject') {
+            after((_) => {
+                if (projectsStore.state.selectedProject.ownerId !== usersStore.state.user.id) {
+                    router.replace(RouteConfig.ProjectDashboard.path);
+                }
+            });
+        }
+    });
+
     if (usersStore.state.user.paidTier) {
         isPaidTier.value = true;
     }

web/satellite/src/components/project/ProjectOwnershipTag.vue

@@ -41,6 +41,7 @@ const icon = computed((): string => {
     border: 1px solid var(--c-yellow-2);
     border-radius: 24px;
     color: var(--c-yellow-5);
+    background: var(--c-white);
 
     :deep(path) {
         fill: var(--c-yellow-5);