Merge pull request #7262 from overleaf/jpa-missing-required-login

[web] require a logged in user for (un-)archiving/(un-)trashing projects GitOrigin-RevId: 90e6d1654065d759dce612bd6714e6e0018b19ff
2026-05-30 20:31:34 +02:00 · 2022-03-28 11:23:47 +01:00
parent 0614b5617f
commit fc2c2d0aa3
1 changed files with 4 additions and 0 deletions
--- a/services/web/app/src/router.js
+++ b/services/web/app/src/router.js
@@ -530,21 +530,25 @@ function initialize(webRouter, privateApiRouter, publicApiRouter) {

  webRouter.post(
    '/Project/:Project_id/archive',
+    AuthenticationController.requireLogin(),
    AuthorizationMiddleware.ensureUserCanReadProject,
    ProjectController.archiveProject
  )
  webRouter.delete(
    '/Project/:Project_id/archive',
+    AuthenticationController.requireLogin(),
    AuthorizationMiddleware.ensureUserCanReadProject,
    ProjectController.unarchiveProject
  )
  webRouter.post(
    '/project/:project_id/trash',
+    AuthenticationController.requireLogin(),
    AuthorizationMiddleware.ensureUserCanReadProject,
    ProjectController.trashProject
  )
  webRouter.delete(
    '/project/:project_id/trash',
+    AuthenticationController.requireLogin(),
    AuthorizationMiddleware.ensureUserCanReadProject,
    ProjectController.untrashProject
  )