tiennm99/coolify
1
0
Fork 0
mirror of https://github.com/tiennm99/coolify.git synced 2026-04-17 19:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: add authorization checks to database Livewire components

Browse Source 
Added authorization checks to 11 database-related Livewire components
that were loading sensitive database configuration without verifying
user permissions.

Changes:
- Added authorize('view', $database) to all 8 database type General.php mount() methods
- Added authorization to Configuration.php before loading database
- Added authorization to BackupEdit.php before loading backup config
- Added authorization to Import.php before loading database resource

This prevents unauthorized users from accessing database credentials,
connection strings, and configuration details.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Andras Bacsai
2025-10-14 17:33:42 +02:00
parent a3d9ca5c5c
commit e20327b9c4
11 changed files with 14 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
app/Livewire/Project/Database/Mariadb/General.php
View File

@@ -122,6 +122,7 @@ class General extends Component
public function mount()
{
try {
$this->authorize('view', $this->database);
$this->syncData();
$this->server = data_get($this->database, 'destination.server');
if (! $this->server) {