From 82a176ded6d41a6d1b017d012d9862dd482b89de Mon Sep 17 00:00:00 2001 From: Thomas Kaul <4159106+dtslvr@users.noreply.github.com> Date: Sat, 4 Jul 2026 08:00:47 +0200 Subject: [PATCH] Harden endpoint by restricting to public accesses --- apps/api/src/app/endpoints/public/public.controller.ts | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/apps/api/src/app/endpoints/public/public.controller.ts b/apps/api/src/app/endpoints/public/public.controller.ts index d06e3b5fe..f43e51f7b 100644 --- a/apps/api/src/app/endpoints/public/public.controller.ts +++ b/apps/api/src/app/endpoints/public/public.controller.ts @@ -46,7 +46,10 @@ export class PublicController { public async getPublicPortfolio( @Param('accessId') accessId: string ): Promise { - const access = await this.accessService.access({ id: accessId }); + const access = await this.accessService.access({ + granteeUserId: null, + id: accessId + }); if (!access) { throw new HttpException(