From fa488f15619f798a0360c96492f2928ac661d9ee Mon Sep 17 00:00:00 2001
From: Csaba Tuncsik <csaba@n8n.io>
Date: Mon, 17 Feb 2025 15:13:43 +0100
Subject: [PATCH] fix(editor): Do not show project settings for users without
 permission with direct link (#13246)

---
 packages/editor-ui/src/routes/projects.routes.ts | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/packages/editor-ui/src/routes/projects.routes.ts b/packages/editor-ui/src/routes/projects.routes.ts
index 3363e99e50..b58ab926b2 100644
--- a/packages/editor-ui/src/routes/projects.routes.ts
+++ b/packages/editor-ui/src/routes/projects.routes.ts
@@ -1,5 +1,7 @@
 import type { RouteRecordRaw } from 'vue-router';
 import { VIEWS } from '@/constants';
+import { useProjectsStore } from '@/stores/projects.store';
+import { getResourcePermissions } from '@/permissions';
 
 const MainSidebar = async () => await import('@/components/MainSidebar.vue');
 const WorkflowsView = async () => await import('@/views/WorkflowsView.vue');
@@ -95,7 +97,15 @@ export const projectsRoutes: RouteRecordRaw[] = [
 								sidebar: MainSidebar,
 							},
 							meta: {
-								middleware: ['authenticated'],
+								middleware: ['authenticated', 'custom'],
+								middlewareOptions: {
+									custom: (options) => {
+										const project = useProjectsStore().myProjects.find(
+											(p) => p.id === options?.to.params.projectId,
+										);
+										return !!getResourcePermissions(project?.scopes).project.update;
+									},
+								},
 							},
 						},
 					]),