Skip to content

Code monitors: fix issue with action/trigger perms checking

Warren Gifford requested to merge cc/fix-cm-vulnerability into main

Created by: camdencheek

This fixes an issue that allows non-owner users to modify triggers and actions that they don't own. The fix here updates our DB access code to always check that the caller is also the owner of the monitor the trigger/action belongs to.

Test plan

Added tests.

Merge request reports

Loading