mirror of
https://github.com/coollabsio/coolify.git
synced 2026-03-11 08:55:47 +00:00
Never trust Livewire component properties for authorization decisions, as snapshots can be replayed from another user's session. Re-evaluate all permission checks fresh using auth()->user()->can() against current policies to ensure the authenticated user is being authorized, not a replayed copy. - Replace cached canUse* booleans with fresh policy evaluation - Add comprehensive security tests for token creation permissions - Update API authorization tests to verify middleware blocking behavior |
||
|---|---|---|
| .. | ||
| ApiAuthorizationTest.php | ||
| ApiTokenPermissionTest.php | ||
| ApplicationConfigAuthorizationTest.php | ||
| CloudProviderAuthorizationTest.php | ||
| DashboardAuthorizationTest.php | ||
| DatabaseConfigAuthorizationTest.php | ||
| DestinationOwnershipTest.php | ||
| EnvironmentVariableValueHidingTest.php | ||
| LegacyMemberTokenTest.php | ||
| NavbarDeleteTeamAuthorizationTest.php | ||
| NotificationAuthorizationTest.php | ||
| ProjectEnvironmentAuthorizationTest.php | ||
| ResourceHeadingAuthorizationTest.php | ||
| ResourceOperationsCrossTenantTest.php | ||
| SecurityPageAuthorizationTest.php | ||
| ServerAuthorizationTest.php | ||
| ServiceConfigAuthorizationTest.php | ||
| SharedResourceAuthorizationTest.php | ||
| TeamAuthorizationTest.php | ||