Skip to content

Commit e12e894

Browse files
authored
Merge pull request #921 from AnushKamble/fix/902-dashboard-session-privacy
[Bug] Dashboard session query has no user filter — privacy violation
2 parents 4a8c321 + 324733b commit e12e894

1 file changed

Lines changed: 6 additions & 1 deletion

File tree

src/pages/Dashboard.tsx

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -233,10 +233,15 @@ const Dashboard = () => {
233233
const fetchSessions = async () => {
234234
// SECURITY/PERF: Limit fetch to top 4 to prevent downloading 10,000 global sessions
235235
// which would cause massive browser OOM crashes and render thrashing.
236+
if (!user?.id) {
237+
setUpcomingSessions([]);
238+
return;
239+
}
236240
const { data, error } = await supabase
237241
.from("sessions")
238242
.select("*")
239243
.eq("status", "upcoming")
244+
.or(`mentor_id.eq.${user.id},student_id.eq.${user.id}`)
240245
.limit(4);
241246

242247
if (error || !data) {
@@ -248,7 +253,7 @@ const Dashboard = () => {
248253
};
249254

250255
fetchSessions();
251-
}, []);
256+
}, [user?.id]);
252257

253258
const [globalRank, setGlobalRank] = useState<number>(0);
254259

0 commit comments

Comments
 (0)