69f006aa0a
SECURITY FIX: Prevent intra-tenant unauthorized project access
Problem:
Users within the same tenant could join ANY project room via SignalR
without permission checks, causing potential data leakage. The TODO
at line 18 in ProjectHub.cs left this critical validation unimplemented.
Solution:
- Created IProjectPermissionService interface for permission checking
- Implemented ProjectPermissionService with owner-based validation
- Added permission validation to ProjectHub.JoinProject() and LeaveProject()
- Returns clear HubException if user lacks permission
- Multi-tenant isolation enforced via PMDbContext query filters
Implementation Details:
1. IProjectPermissionService.IsUserProjectMemberAsync() checks if user
is the project owner (currently based on Project.OwnerId)
2. Service registered as Scoped in DI container via ModuleExtensions
3. ProjectHub throws HubException with clear error message for unauthorized access
4. TODO comments added for future ProjectMember table implementation
Files Changed:
- Added: IProjectPermissionService.cs (Application layer interface)
- Added: ProjectPermissionService.cs (Infrastructure layer implementation)
- Modified: ProjectHub.cs (permission checks in JoinProject/LeaveProject)
- Modified: ModuleExtensions.cs (service registration)
Testing:
- All existing tests pass (437 tests, 0 failures)
- Build succeeds with no errors
- Multi-tenant isolation preserved via DbContext filters
Future Enhancement:
When ProjectMember table is implemented, extend permission check to:
return project.OwnerId == userId ||
await _dbContext.ProjectMembers.AnyAsync(pm =>
pm.ProjectId == projectId && pm.UserId == userId)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>