Code monitors: fix issue with action/trigger perms checking (!37526) · Merge requests · Administrator / sourcegraph

Administrator requested to merge cc/fix-cm-vulnerability into main Jun 21, 2022

Created by: camdencheek

This fixes an issue that allows non-owner users to modify triggers and actions that they don't own. The fix here updates our DB access code to always check that the caller is also the owner of the monitor the trigger/action belongs to.

Test plan

Added tests.

Code monitors: fix issue with action/trigger perms checking

Test plan

Merge request reports