Follow-up to PR #375 (which fixed the sidebar admin-leak on GET /api/pods + GET /api/pods/:id).
While sweeping for related gaps as xcjsam (global admin), the following routes still admin-bypass even when the target pod is a personal type (agent-room, agent-dm, agent-admin):
GET /api/posts?podId=<other-user-room> → 200 (returns posts)GET /api/pods/:id/external-links → 200 (returns links)
Likely also affected (untested): announcements, files index.
Note: GET /api/pods/:id/context is already 403 — that's the correct shape.
Risk is low (admins are explicitly trusted; agent-rooms rarely have posts/links) but the principle from PR #375 should extend here: the default read should not surface personal-pod content for non-members, even admins. The instance-wide audit is a separate admin tool.
Suggested fix shape: a shared assertCanReadPodMetadata(req, pod) helper that personal-pod read endpoints call before returning content. Mirrors getPodById's new 404-for-non-members rule.
Follow-up to PR #375 (which fixed the sidebar admin-leak on
GET /api/pods+GET /api/pods/:id).While sweeping for related gaps as xcjsam (global admin), the following routes still admin-bypass even when the target pod is a personal type (
agent-room,agent-dm,agent-admin):GET /api/posts?podId=<other-user-room>→ 200 (returns posts)GET /api/pods/:id/external-links→ 200 (returns links)Likely also affected (untested): announcements, files index.
Note:
GET /api/pods/:id/contextis already 403 — that's the correct shape.Risk is low (admins are explicitly trusted; agent-rooms rarely have posts/links) but the principle from PR #375 should extend here: the default read should not surface personal-pod content for non-members, even admins. The instance-wide audit is a separate admin tool.
Suggested fix shape: a shared
assertCanReadPodMetadata(req, pod)helper that personal-pod read endpoints call before returning content. MirrorsgetPodById's new 404-for-non-members rule.