ebfcd60c71
Unassigned (no agency) non-admin users previously saw ALL campaigns due to a truthiness check that treated None agency_id as "no filter". This was a security bug — they should see NO campaigns and be blocked from creating them. Backend: Add _NO_AGENCY sentinel to distinguish "no filter" from "no agency", add early-returns at all 5 list/analytics endpoints, fix _check_campaign_access to explicitly reject unassigned users, and block campaign creation with 403. Frontend: Add isUnassigned boolean to UserContext, show informational empty state on Campaigns view, and reinforce readOnly for defense-in-depth. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| components | ||
| contexts | ||
| hooks | ||
| services | ||
| utils | ||
| App.tsx | ||
| constants.ts | ||
| index.html | ||
| index.tsx | ||
| metadata.json | ||
| package-lock.json | ||
| package.json | ||
| README.md | ||
| tsconfig.json | ||
| types.ts | ||
| vite.config.ts | ||
Run and deploy your AI Studio app
This contains everything you need to run your app locally.
View your app in AI Studio: https://ai.studio/apps/drive/1vH-R-vj0Xkk_g2ZFdHtLxNc12sFTOl2L
Run Locally
Prerequisites: Node.js
- Install dependencies:
npm install - Set the
GEMINI_API_KEYin .env.local to your Gemini API key - Run the app:
npm run dev