qzl/social-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: address CRITICAL security issues - permission escalation and encoding inconsistency

Browse Source
This commit is contained in:
qzl
2026-02-28 12:40:40 +08:00
parent 173d91086f
commit ce8cd1d31f
4 changed files with 64 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/src/v1/schedule_items/schemas.py
+4 -2
View File
@@ -5,7 +5,7 @@ from enum import Enum
from typing import ClassVar
from uuid import UUID
from pydantic import BaseModel, ConfigDict, Field
from pydantic import BaseModel, ConfigDict, EmailStr, Field
class AttachmentType(str, Enum):
@@ -99,7 +99,9 @@ class ScheduleItemListRequest(BaseModel):
class ScheduleItemShareRequest(BaseModel):
email: str = Field(..., description="Email of user to share with")
model_config: ClassVar[ConfigDict] = ConfigDict(extra="forbid")
email: EmailStr = Field(..., description="Email of user to share with")
permission_view: bool = Field(True, description="Grant view permission")
permission_edit: bool = Field(False, description="Grant edit permission")
permission_invite: bool = Field(False, description="Grant invite permission")