fix: add authorization checks to database Livewire components

Added authorization checks to 11 database-related Livewire components that were loading sensitive database configuration without verifying user permissions. Changes: - Added authorize('view', $database) to all 8 database type General.php mount() methods - Added authorization to Configuration.php before loading database - Added authorization to BackupEdit.php before loading backup config - Added authorization to Import.php before loading database resource This prevents unauthorized users from accessing database credentials, connection strings, and configuration details. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2026-04-18 03:20:26 +00:00 · 2025-10-14 17:33:42 +02:00
parent a3d9ca5c5c
commit e20327b9c4
11 changed files with 14 additions and 0 deletions
--- a/app/Livewire/Project/Database/BackupEdit.php
+++ b/app/Livewire/Project/Database/BackupEdit.php
@@ -85,6 +85,7 @@ class BackupEdit extends Component
    public function mount()
    {
        try {
+            $this->authorize('view', $this->backup->database);
            $this->parameters = get_route_parameters();
            $this->syncData();
        } catch (Exception $e) {
--- a/app/Livewire/Project/Database/Clickhouse/General.php
+++ b/app/Livewire/Project/Database/Clickhouse/General.php
@@ -56,6 +56,7 @@ class General extends Component
    public function mount()
    {
        try {
+            $this->authorize('view', $this->database);
            $this->syncData();
            $this->server = data_get($this->database, 'destination.server');
            if (! $this->server) {
--- a/app/Livewire/Project/Database/Configuration.php
+++ b/app/Livewire/Project/Database/Configuration.php
@@ -3,10 +3,12 @@
 namespace App\Livewire\Project\Database;

 use Auth;
+use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
 use Livewire\Component;

 class Configuration extends Component
 {
+    use AuthorizesRequests;
    public $currentRoute;

    public $database;
@@ -42,6 +44,8 @@ class Configuration extends Component
                ->where('uuid', request()->route('database_uuid'))
                ->firstOrFail();

+            $this->authorize('view', $database);
+
            $this->database = $database;
            $this->project = $project;
            $this->environment = $environment;
--- a/app/Livewire/Project/Database/Dragonfly/General.php
+++ b/app/Livewire/Project/Database/Dragonfly/General.php
@@ -62,6 +62,7 @@ class General extends Component
    public function mount()
    {
        try {
+            $this->authorize('view', $this->database);
            $this->syncData();
            $this->server = data_get($this->database, 'destination.server');
            if (! $this->server) {
--- a/app/Livewire/Project/Database/Import.php
+++ b/app/Livewire/Project/Database/Import.php
@@ -131,6 +131,7 @@ EOD;
        if (is_null($resource)) {
            abort(404);
        }
+        $this->authorize('view', $resource);
        $this->resource = $resource;
        $this->server = $this->resource->destination->server;
        $this->container = $this->resource->uuid;
--- a/app/Livewire/Project/Database/Keydb/General.php
+++ b/app/Livewire/Project/Database/Keydb/General.php
@@ -64,6 +64,7 @@ class General extends Component
    public function mount()
    {
        try {
+            $this->authorize('view', $this->database);
            $this->syncData();
            $this->server = data_get($this->database, 'destination.server');
            if (! $this->server) {
--- a/app/Livewire/Project/Database/Mariadb/General.php
+++ b/app/Livewire/Project/Database/Mariadb/General.php
@@ -122,6 +122,7 @@ class General extends Component
    public function mount()
    {
        try {
+            $this->authorize('view', $this->database);
            $this->syncData();
            $this->server = data_get($this->database, 'destination.server');
            if (! $this->server) {
--- a/app/Livewire/Project/Database/Mongodb/General.php
+++ b/app/Livewire/Project/Database/Mongodb/General.php
@@ -122,6 +122,7 @@ class General extends Component
    public function mount()
    {
        try {
+            $this->authorize('view', $this->database);
            $this->syncData();
            $this->server = data_get($this->database, 'destination.server');
            if (! $this->server) {
--- a/app/Livewire/Project/Database/Mysql/General.php
+++ b/app/Livewire/Project/Database/Mysql/General.php
@@ -127,6 +127,7 @@ class General extends Component
    public function mount()
    {
        try {
+            $this->authorize('view', $this->database);
            $this->syncData();
            $this->server = data_get($this->database, 'destination.server');
            if (! $this->server) {
--- a/app/Livewire/Project/Database/Postgresql/General.php
+++ b/app/Livewire/Project/Database/Postgresql/General.php
@@ -140,6 +140,7 @@ class General extends Component
    public function mount()
    {
        try {
+            $this->authorize('view', $this->database);
            $this->syncData();
            $this->server = data_get($this->database, 'destination.server');
            if (! $this->server) {
--- a/app/Livewire/Project/Database/Redis/General.php
+++ b/app/Livewire/Project/Database/Redis/General.php
@@ -115,6 +115,7 @@ class General extends Component
    public function mount()
    {
        try {
+            $this->authorize('view', $this->database);
            $this->syncData();
            $this->server = data_get($this->database, 'destination.server');
            if (! $this->server) {