From eb7da5c082342cc2b81e0bbbc705b7811becebc3 Mon Sep 17 00:00:00 2001 From: Andras Bacsai <5845193+andrasbacsai@users.noreply.github.com> Date: Thu, 28 May 2026 20:48:18 +0200 Subject: [PATCH] fix(database): gate import form controls by update access Require database import form controls to declare update authorization against the resource and add coverage to prevent unguarded controls. --- .../project/database/import-form.blade.php | 28 +++++++++---------- .../DatabaseImportFormAuthorizationTest.php | 20 +++++++++++++ 2 files changed, 34 insertions(+), 14 deletions(-) create mode 100644 tests/Feature/DatabaseImportFormAuthorizationTest.php diff --git a/resources/views/livewire/project/database/import-form.blade.php b/resources/views/livewire/project/database/import-form.blade.php index ae74e0cbd..1e384ac8d 100644 --- a/resources/views/livewire/project/database/import-form.blade.php +++ b/resources/views/livewire/project/database/import-form.blade.php @@ -58,9 +58,9 @@ @if ($resourceDbType === 'standalone-postgresql') @if ($dumpAll) + wire:model='restoreCommandText' canGate="update" :canResource="$this->resource"> @else - +
You can add "--clean" to drop objects before creating them, avoiding conflicts. @@ -68,27 +68,27 @@
@endif
- +
@elseif ($resourceDbType === 'standalone-mysql') @if ($dumpAll) + wire:model='restoreCommandText' canGate="update" :canResource="$this->resource"> @else - + @endif
- +
@elseif ($resourceDbType === 'standalone-mariadb') @if ($dumpAll) + wire:model='restoreCommandText' canGate="update" :canResource="$this->resource"> @else - + @endif
- +
@endif @@ -128,8 +128,8 @@

Backup File

- Check File + wire:model='customLocation' x-model="$wire.customLocation" canGate="update" :canResource="$this->resource"> + Check File
Or @@ -168,7 +168,7 @@

Restore from S3

- + @foreach ($availableS3Storages as $storage)