coolify/tasks/lessons.md
Andras Bacsai 86b05b902a fix(auth): enforce authorization checks across API and Livewire components
- Add authorization checks to API controller endpoints (view, create, update, delete)
- Wrap Livewire component methods with try-catch for consistent error handling
- Add AuthorizesRequests trait to components requiring authorization checks
- Ensure all sensitive operations verify user permissions before execution
- Implement unified error handling with handleError() helper function
2026-02-25 14:20:29 +01:00

681 B

Lessons Learned

Docker / Worktree Setup

  • The Docker dev container mounts from young-stork worktree, NOT ivory-raccoon
  • Do NOT copy files to young-stork or use docker cp — only modify files in the ivory-raccoon worktree
  • Do NOT use docker exec to run tests — work entirely within the ivory-raccoon worktree

Policy Tests

  • Policy methods have typed parameters (e.g., Server $server) — anonymous classes cause TypeError
  • Must use Mockery::mock(Model::class)->makePartial() instead of anonymous classes for model stubs
  • Use shouldReceive('getAttribute')->with('property')->andReturn(value) for model properties accessed via relationship chains