diff --git a/apps/labrinth/fixtures/labrinth-seed-data-202508052143.sql b/apps/labrinth/fixtures/labrinth-seed-data-202508052143.sql index 8edeb1407..d360a6b23 100644 --- a/apps/labrinth/fixtures/labrinth-seed-data-202508052143.sql +++ b/apps/labrinth/fixtures/labrinth-seed-data-202508052143.sql @@ -1112,10 +1112,13 @@ COPY public.loaders_project_types_games (loader_id, project_type_id, game_id) FR COPY public.users (id, github_id, username, email, avatar_url, bio, created, role, badges, balance, discord_id, gitlab_id, google_id, steam_id, microsoft_id, password, email_verified, totp_secret, paypal_country, paypal_email, paypal_id, venmo_handle, stripe_customer_id, raw_avatar_url, allow_friend_requests) FROM stdin; 103587649610509 \N Default admin user admin@modrinth.invalid https://avatars.githubusercontent.com/u/106493074 $ chmod 777 labrinth 2020-07-18 16:03:00.000000+00 admin 0 0.00000000000000000000 \N \N \N \N \N $argon2i$v=19$m=4096,t=3,p=1$c2FsdEl0V2l0aFNhbHQ$xTGvQNICqetaNA0Wu1GwFmYhQjAreRcjBz6ornhaFXA t \N \N \N \N \N \N https://avatars.githubusercontent.com/u/106493074 t +905016946785301 \N Regular user user@modrinth.invalid https://avatars.githubusercontent.com/u/106493074 $ chmod 744 labrinth 2020-07-18 16:03:00.000000+00 developer 0 0.00000000000000000000 \N \N \N \N \N $argon2i$v=19$m=4096,t=3,p=1$c2FsdEl0V2l0aFNhbHQ$xTGvQNICqetaNA0Wu1GwFmYhQjAreRcjBz6ornhaFXA t \N \N \N \N \N \N https://avatars.githubusercontent.com/u/106493074 t \. INSERT INTO sessions (id, session, user_id, created, last_login, expires, refresh_expires, city, country, ip, os, platform, user_agent) -VALUES (93083445641246, 'mra_admin', 103587649610509, '2025-10-20 14:58:53.128901+00', '2025-10-20 14:58:53.128901+00', '2030-11-03 14:58:53.128901+00', '2030-12-19 14:58:53.128901+00', '', '', '127.0.0.1', 'Linux', 'Chrome', 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36'); +VALUES + (93083445641246, 'mra_admin', 103587649610509, '2025-10-20 14:58:53.128901+00', '2025-10-20 14:58:53.128901+00', '2030-11-03 14:58:53.128901+00', '2030-12-19 14:58:53.128901+00', '', '', '127.0.0.1', 'Linux', 'Chrome', 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36'), + (64214654438039, 'mra_user', 905016946785301, '2025-10-20 14:58:53.128901+00', '2025-10-20 14:58:53.128901+00', '2030-11-03 14:58:53.128901+00', '2030-12-19 14:58:53.128901+00', '', '', '127.0.0.1', 'Linux', 'Chrome', 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36'); INSERT INTO payouts_values (user_id, amount, created, date_available) VALUES (103587649610509, 1000.00000000000000000000, '2025-10-23 00:00:00+00', '2025-10-23 00:00:00+00'); diff --git a/apps/labrinth/src/routes/v3/projects.rs b/apps/labrinth/src/routes/v3/projects.rs index d571f0767..f43f7b6ee 100644 --- a/apps/labrinth/src/routes/v3/projects.rs +++ b/apps/labrinth/src/routes/v3/projects.rs @@ -998,12 +998,20 @@ pub async fn project_edit_internal( _project_id: DBProjectId, edit: Option>, mut component: &mut Option, + perms: ProjectPermissions, ) -> Result<(), ApiError> { let Some(edit) = edit else { // component is not specified in the input JSON - leave alone return Ok(()); }; + if !perms.contains(ProjectPermissions::EDIT_DETAILS) { + return Err(ApiError::CustomAuthentication( + "You do not have the permissions to edit the components of this project!" + .to_string(), + )); + } + match (&mut component, edit) { (None, None) => {} (Some(_), None) => { @@ -1041,6 +1049,7 @@ pub async fn project_edit_internal( id, new_project.minecraft_server, &mut project_item.inner.components.minecraft_server, + perms, ) .await?; update( @@ -1048,6 +1057,7 @@ pub async fn project_edit_internal( id, new_project.minecraft_java_server, &mut project_item.inner.components.minecraft_java_server, + perms, ) .await?; update( @@ -1055,6 +1065,7 @@ pub async fn project_edit_internal( id, new_project.minecraft_bedrock_server, &mut project_item.inner.components.minecraft_bedrock_server, + perms, ) .await?;