Skip to content

fix: hide Edit Amount and Delete buttons for unauthorized users#253

Open
nguyenquockhang1610 wants to merge 1 commit into
algora-io:mainfrom
nguyenquockhang1610:fix/bounty-buttons-visibility
Open

fix: hide Edit Amount and Delete buttons for unauthorized users#253
nguyenquockhang1610 wants to merge 1 commit into
algora-io:mainfrom
nguyenquockhang1610:fix/bounty-buttons-visibility

Conversation

@nguyenquockhang1610
Copy link
Copy Markdown

@nguyenquockhang1610 nguyenquockhang1610 commented May 12, 2026

Problem

The "Edit Amount" and "Delete" buttons on the org bounties page are visible to all logged-in users, even though the backend correctly rejects unauthorized actions with a flash message.

Fix

Wrap the action buttons in a current_user_role in [:admin, :mod] check, matching the same authorization logic already used in the event handlers (handle_event("delete-bounty", ...) and handle_event("edit-bounty-amount", ...)).

Buttons are now only rendered for users with admin or mod roles.

Fixes #238

@nguyenquockhang1610
fix: hide Edit Amount and Delete buttons for unauthorized users
cd89f88 
The Edit Amount and Delete buttons on the org bounties page were
visible to all logged-in users, even though the backend correctly
rejects unauthorized actions. Now the buttons are only rendered
when current_user_role is :admin or :mod.

Fixes algora-io#238
@CLAassistant
Copy link
Copy Markdown

CLAassistant commented May 12, 2026
edited
Loading

CLA assistant check
All committers have signed the CLA.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[UI Bug] Unauthorized 'Edit' and 'Delete' buttons visible on /bounties page

2 participants

@nguyenquockhang1610 @CLAassistant