Merge pull request #379 from fccview/develop

Stable 1.19.1 - SECURITY UPDATE

Author: fccview

app/_components/FeatureComponents/Profile/Parts/LinksTab.tsx

@@ -319,7 +319,7 @@ export const LinksTab = ({ linkIndex }: LinksTabProps) => {
 
         <div className="bg-card border border-border rounded-md p-8">
           <div className="text-center space-y-4">
-            <div className="text-6xl">🔗</div>
+            <div className="text-6xl"><Link04Icon className="h-12 w-12" /></div>
             <div className="space-y-2">
               <h3 className="text-lg font-semibold">{t('profile.noLinksFound')}</h3>
               <p className="text-muted-foreground max-w-md mx-auto">

app/_server/actions/export/index.ts

@@ -9,6 +9,7 @@ import { DATA_DIR, USERS_FILE, EXPORT_TEMP_DIR } from "@/app/_consts/files";
 import { getAllLists } from "@/app/_server/actions/checklist";
 import { getAllNotes } from "@/app/_server/actions/note";
 import { readJsonFile, ensureDir } from "@/app/_server/actions/file";
+import { getCurrentUser, canAccessAllContent } from "@/app/_server/actions/users";
 import { User } from "@/app/_types";
 import { Modes } from "@/app/_types/enums";
 
@@ -73,6 +74,14 @@ const zipDirectory = async (
 };
 
 export const exportAllChecklistsNotes = async (): Promise<ExportResult> => {
+  const hasAccess = await canAccessAllContent();
+  if (!hasAccess) {
+    return {
+      success: false,
+      error: "Forbidden: Admin access with content permissions required",
+    };
+  }
+
   updateProgress(0, "Preparing all checklists and notes for export...");
   try {
     const tempExportPath = path.join(
@@ -146,6 +155,18 @@ export const exportAllChecklistsNotes = async (): Promise<ExportResult> => {
 export const exportUserChecklistsNotes = async (
   username: string
 ): Promise<ExportResult> => {
+  const currentUser = await getCurrentUser();
+  if (!currentUser) {
+    return { success: false, error: "Not authenticated" };
+  }
+
+  if (username !== currentUser.username) {
+    const hasAccess = await canAccessAllContent();
+    if (!hasAccess) {
+      return { success: false, error: "Forbidden: You can only export your own data" };
+    }
+  }
+
   updateProgress(
     0,
     `Preparing ${username}'s checklists and notes for export...`
@@ -226,6 +247,14 @@ export const exportUserChecklistsNotes = async (
 };
 
 export const exportAllUsersData = async (): Promise<ExportResult> => {
+  const hasAccess = await canAccessAllContent();
+  if (!hasAccess) {
+    return {
+      success: false,
+      error: "Forbidden: Admin access with content permissions required",
+    };
+  }
+
   updateProgress(0, "Preparing all user data for export...");
   try {
     const tempExportPath = path.join(
@@ -267,6 +296,14 @@ export const exportAllUsersData = async (): Promise<ExportResult> => {
 };
 
 export const exportWholeDataFolder = async (): Promise<ExportResult> => {
+  const hasAccess = await canAccessAllContent();
+  if (!hasAccess) {
+    return {
+      success: false,
+      error: "Forbidden: Admin access with content permissions required",
+    };
+  }
+
   updateProgress(0, "Preparing the whole data folder for export...");
   try {
     const dataFolderPath = path.join(process.cwd(), DATA_DIR);

app/_translations/de.json

@@ -578,7 +578,7 @@
     "visualizeRelationships": "Beziehungen zwischen deinen Notizen und Aufgabenlisten visualisieren",
     "connectedItems": "Verbundene Inhalte",
     "noLinksFound": "Keine Verbindungen gefunden",
-    "startCreatingInternalLinks": "Benutze interne Verknüfungen in deinen Notizen und Aufgabenlisten, um das Netzwerk der Verknüpfungen hier zu sehen. Benutzer das Format",
+    "startCreatingInternalLinks": "Beginnen Sie mit der Erstellung interner Links, indem Sie „@“ in Ihre Notizen eingeben, um das Beziehungsnetzwerk hier anzuzeigen.",
     "orFormat": "oder",
     "inYourContent": "in deinen Inhalten.",
     "highlyConnected": "stark verknüpft",
@@ -1471,4 +1471,4 @@
     "actionInit": "Initialisiert",
     "actionUnknown": "Geändert"
   }
-}
+}

app/_translations/en.json

@@ -620,7 +620,7 @@
     "visualizeRelationships": "Visualize relationships between your notes and checklists",
     "connectedItems": "Connected Items",
     "noLinksFound": "No Links Found",
-    "startCreatingInternalLinks": "Start creating internal links in your notes and checklists to see the relationship network here. Use the format",
+    "startCreatingInternalLinks": "Start creating internal links by typing `@` in your notes to see the relationship network here.",
     "orFormat": "or",
     "inYourContent": "in your content.",
     "highlyConnected": "highly connected",
@@ -1511,4 +1511,4 @@
     "seenCount": "You've seen {count} {count, plural, one {haiku} other {haikus}}",
     "imNoPoet": "I am no poet, and nor is Jotty. These are random words in sequence."
   }
-}
+}

app/_translations/es.json

@@ -591,7 +591,7 @@
     "visualizeRelationships": "Visualiza las relaciones entre sus notas y listas de verificación",
     "connectedItems": "Elementos conectados",
     "noLinksFound": "No se encontraron enlaces",
-    "startCreatingInternalLinks": "Comience a crear enlaces internos en sus notas y listas de verificación para ver la red de relaciones aquí. Use el formato",
+    "startCreatingInternalLinks": "Comience a crear enlaces internos escribiendo `@` en sus notas para ver la red de relaciones aquí.",
     "orFormat": "o",
     "inYourContent": "en su contenido.",
     "highlyConnected": "altamente conectado",
@@ -1494,4 +1494,4 @@
     "actionInit": "Inicializado",
     "actionUnknown": "Cambiado"
   }
-}
+}

app/_translations/fr.json

@@ -591,7 +591,7 @@
     "visualizeRelationships": "Visualisez les relations entre vos notes et listes",
     "connectedItems": "Éléments connectés",
     "noLinksFound": "Aucun lien trouvé",
-    "startCreatingInternalLinks": "Commencez à créer des liens internes dans vos notes et listes pour voir le réseau de relations ici. Utilisez le format",
+    "startCreatingInternalLinks": "Commencez à créer des liens internes en tapant « @ » dans vos notes pour voir le réseau relationnel ici.",
     "orFormat": "ou",
     "inYourContent": "dans votre contenu.",
     "highlyConnected": "très connecté",
@@ -1494,4 +1494,4 @@
     "actionInit": "Initialisé",
     "actionUnknown": "Modifié"
   }
-}
+}

app/_translations/it.json

@@ -591,7 +591,7 @@
     "visualizeRelationships": "Visualizza le relazioni tra le tue note e checklist",
     "connectedItems": "Elementi Connessi",
     "noLinksFound": "Nessun Link Trovato",
-    "startCreatingInternalLinks": "Inizia a creare link interni nelle tue note e checklist per vedere la rete di relazioni qui. Usa il formato",
+    "startCreatingInternalLinks": "Inizia a creare collegamenti interni digitando \"@\" nelle tue note per vedere la rete di relazioni qui.",
     "orFormat": "o",
     "inYourContent": "nel tuo contenuto.",
     "highlyConnected": "altamente connesso",
@@ -1495,4 +1495,4 @@
     "actionInit": "Inizializzato",
     "actionUnknown": "Modificato"
   }
-}
+}

app/_translations/klingon.json

@@ -620,7 +620,7 @@
     "visualizeRelationships": "ghItlhmey 'ej tetlhmey rar yIlegh",
     "connectedItems": "Dochmey rar",
     "noLinksFound": "lI'mey tu'be'lu'",
-    "startCreatingInternalLinks": "ghItlhDaq 'ej tetlhDaq lI'mey yIchenmoH. mIwvam yIlo':",
+    "startCreatingInternalLinks": "Start creating internal links by typing `@` in your notes to see the relationship network here.",
     "orFormat": "pagh",
     "inYourContent": "De'lIjDaq.",
     "highlyConnected": "rarqu'",
@@ -1515,4 +1515,4 @@
     "seenCount": "{count} haiku Dalegh",
     "imNoPoet": "bomwI' jIHbe'. mu'mey neH."
   }
-}
+}

app/_translations/ko.json

@@ -612,7 +612,7 @@
     "visualizeRelationships": "노트와 체크리스트 간의 관계를 시각화합니다",
     "connectedItems": "연결된 항목",
     "noLinksFound": "링크를 찾을 수 없습니다",
-    "startCreatingInternalLinks": "이곳에서 관계 네트워크를 확인하려면 노트와 체크리스트에 내부 링크를 추가하세요. 다음 형식을 사용하세요",
+    "startCreatingInternalLinks": "여기에서 관계 네트워크를 보려면 노트에 `@`를 입력하여 내부 링크 만들기를 시작하세요.",
     "orFormat": "또는",
     "inYourContent": "콘텐츠에서.",
     "highlyConnected": "연결 많음",
@@ -1500,4 +1500,4 @@
     "seenCount": "{count} {count, plural, one {하이쿠} other {하이쿠}} 를 보았습니다",
     "imNoPoet": "저는 시인이 아니며 Jotty도 마찬가지입니다. 이는 무작위로 나열된 단어들입니다."
   }
-}
+}

app/_translations/nl.json

@@ -591,7 +591,7 @@
     "visualizeRelationships": "Visualiseer relaties tussen uw notities en checklists",
     "connectedItems": "Verbonden items",
     "noLinksFound": "Geen links gevonden",
-    "startCreatingInternalLinks": "Begin met het maken van interne links in uw notities en checklists om het relatienetwerk hier te zien. Gebruik het formaat",
+    "startCreatingInternalLinks": "Begin met het maken van interne links door `@` in uw notities te typen om het relatienetwerk hier te zien.",
     "orFormat": "of",
     "inYourContent": "in uw inhoud.",
     "highlyConnected": "sterk verbonden",
@@ -1470,4 +1470,4 @@
     "seenCount": "U heeft {count} {count, plural, one {haiku} other {haiku's}} gezien",
     "imNoPoet": "Ik ben geen dichter, en Jotty ook niet. Dit zijn willekeurige woorden op een rij."
   }
-}
+}