mirror of
https://github.com/baz-scm/awesome-reviewers.git
synced 2025-08-20 18:58:52 +03:00
1.1 KiB
1.1 KiB
title, description, repository, label, language, comments_count, repository_stars
| title | description | repository | label | language | comments_count | repository_stars |
|---|---|---|---|---|---|---|
| Use proper authorization attributes | Avoid using Django framework attributes like `is_staff` and `is_impersonated` for application role checking, as these serve different purposes (admin panel access and user impersonation respectively). Instead, use application-specific role validation methods to ensure proper authorization. | PostHog/posthog | Security | TSX | 1 | 28460 |
Avoid using Django framework attributes like is_staff and is_impersonated for application role checking, as these serve different purposes (admin panel access and user impersonation respectively). Instead, use application-specific role validation methods to ensure proper authorization.
For role-based access control, import and use the appropriate organization logic:
const { isAdminOrOwner } = useValues(organizationLogic)
// Use this instead of user?.is_staff
if (isAdminOrOwner) {
// Admin/owner specific logic
}
This prevents potential authorization bypass vulnerabilities that could occur when framework attributes are misused for application-level access control decisions.