From d1ad5da9199bf6f2a8add5541c2f5590f57e3a3e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?G=C3=A9rnyi=20M=C3=A1rk?= Date: Tue, 31 Mar 2026 23:52:29 +0200 Subject: [PATCH] fix: tighten trip_edit and member_manage defaults to trip_owner Previously defaulted to trip_member which is more permissive than upstream behavior. Admins can still open it up via the panel. --- server/src/services/permissions.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/server/src/services/permissions.ts b/server/src/services/permissions.ts index 4912ac9..2a0fddd 100644 --- a/server/src/services/permissions.ts +++ b/server/src/services/permissions.ts @@ -19,13 +19,13 @@ export interface PermissionAction { export const PERMISSION_ACTIONS: PermissionAction[] = [ // Trip management { key: 'trip_create', defaultLevel: 'everybody', allowedLevels: ['admin', 'everybody'] }, - { key: 'trip_edit', defaultLevel: 'trip_member', allowedLevels: ['trip_owner', 'trip_member'] }, + { key: 'trip_edit', defaultLevel: 'trip_owner', allowedLevels: ['trip_owner', 'trip_member'] }, { key: 'trip_delete', defaultLevel: 'trip_owner', allowedLevels: ['admin', 'trip_owner'] }, { key: 'trip_archive', defaultLevel: 'trip_owner', allowedLevels: ['trip_owner', 'trip_member'] }, { key: 'trip_cover_upload', defaultLevel: 'trip_owner', allowedLevels: ['trip_owner', 'trip_member'] }, // Member management - { key: 'member_manage', defaultLevel: 'trip_member', allowedLevels: ['admin', 'trip_owner', 'trip_member'] }, + { key: 'member_manage', defaultLevel: 'trip_owner', allowedLevels: ['admin', 'trip_owner', 'trip_member'] }, // Files { key: 'file_upload', defaultLevel: 'trip_member', allowedLevels: ['admin', 'trip_owner', 'trip_member'] },