AegisSight/AegisSight-Monitor
3
0
Fork 0
Code Issues Pull-Requests Actions Pakete Projekte Releases Wiki Aktivität

Protect: Grundquellen im Monitor vor Löschen/Bearbeiten schützen

Quellcode durchsuchen 
- delete_source/update_source: Quellen mit tenant_id=NULL geschützt
- block/unblock_domain: Nur tenant-spezifische Quellen betroffen

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Dieser Commit ist enthalten in:
claude-dev
2026-03-05 19:46:41 +01:00
Ursprung 46cbf94a49
Commit 584cfa819b
1 geänderte Dateien mit 9 neuen und 3 gelöschten Zeilen
Patch-Datei herunterladen Vergleichs-Datei herunterladen Alle Dateien ausklappen Alle Dateien einklappen

12
src/routers/sources.py
Datei anzeigen

@@ -310,7 +310,7 @@ async def block_domain(
) )
cursor = await db.execute( cursor = await db.execute(
"UPDATE sources SET status = 'inactive' WHERE LOWER(domain) = ? AND source_type != 'excluded' AND (tenant_id IS NULL OR tenant_id = ?)", "UPDATE sources SET status = 'inactive' WHERE LOWER(domain) = ? AND source_type != 'excluded' AND tenant_id = ?",
(domain, tenant_id), (domain, tenant_id),
) )
feeds_deactivated = cursor.rowcount feeds_deactivated = cursor.rowcount
@@ -364,11 +364,11 @@ async def unblock_domain(
if has_feeds: if has_feeds:
await db.execute( await db.execute(
"DELETE FROM sources WHERE LOWER(domain) = ? AND source_type = 'excluded' AND (tenant_id IS NULL OR tenant_id = ?)", "DELETE FROM sources WHERE LOWER(domain) = ? AND source_type = 'excluded' AND tenant_id = ?",
(domain, tenant_id), (domain, tenant_id),
) )
cursor = await db.execute( cursor = await db.execute(
"UPDATE sources SET status = 'active' WHERE LOWER(domain) = ? AND source_type != 'excluded' AND (tenant_id IS NULL OR tenant_id = ?)", "UPDATE sources SET status = 'active' WHERE LOWER(domain) = ? AND source_type != 'excluded' AND tenant_id = ?",
(domain, tenant_id), (domain, tenant_id),
) )
feeds_reactivated = cursor.rowcount feeds_reactivated = cursor.rowcount
@@ -495,6 +495,9 @@ async def update_source(
if not row: if not row:
raise HTTPException(status_code=404, detail="Quelle nicht gefunden") raise HTTPException(status_code=404, detail="Quelle nicht gefunden")
if row["tenant_id"] is None:
raise HTTPException(status_code=403, detail="Grundquellen koennen nur ueber die Verwaltung bearbeitet werden")
_check_source_ownership(dict(row), current_user["username"]) _check_source_ownership(dict(row), current_user["username"])
updates = {} updates = {}
@@ -532,6 +535,9 @@ async def delete_source(
if not row: if not row:
raise HTTPException(status_code=404, detail="Quelle nicht gefunden") raise HTTPException(status_code=404, detail="Quelle nicht gefunden")
if row["tenant_id"] is None:
raise HTTPException(status_code=403, detail="Grundquellen koennen nicht geloescht werden")
_check_source_ownership(dict(row), current_user["username"]) _check_source_ownership(dict(row), current_user["username"])
await db.execute("DELETE FROM sources WHERE id = ?", (source_id,)) await db.execute("DELETE FROM sources WHERE id = ?", (source_id,))