Does this template check for user permission before deleting/editing a site?

[iammarkps]

It seems that there is no permission checking logic (if the user owns the site) before the operation can be performed.

For example, https://github.com/vercel/platforms/blob/main/lib/api/site.ts#L124 is called by https://github.com/vercel/platforms/blob/main/pages/api/site.ts#L19 directly.

[steven-tey]

Great catch!! I just pushed some changes that should enforce auth for site edit/delete, as well as post create/edit/delete.

Thank you for the headsup!