tiennm99/coolify
1
0
Fork 0
mirror of https://github.com/tiennm99/coolify.git synced 2026-04-17 19:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: add authorization checks to database Livewire components

Browse Source 
Added authorization checks to 11 database-related Livewire components
that were loading sensitive database configuration without verifying
user permissions.

Changes:
- Added authorize('view', $database) to all 8 database type General.php mount() methods
- Added authorization to Configuration.php before loading database
- Added authorization to BackupEdit.php before loading backup config
- Added authorization to Import.php before loading database resource

This prevents unauthorized users from accessing database credentials,
connection strings, and configuration details.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Andras Bacsai
2025-10-14 17:33:42 +02:00
parent a3d9ca5c5c
commit e20327b9c4
11 changed files with 14 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
app/Livewire/Project/Database/Import.php
View File

@@ -131,6 +131,7 @@ EOD;
if (is_null($resource)) {
abort(404);
}
$this->authorize('view', $resource);
$this->resource = $resource;
$this->server = $this->resource->destination->server;
$this->container = $this->resource->uuid;