mirror of
https://github.com/coollabsio/coolify.git
synced 2026-06-14 03:19:51 +00:00
Andras Bacsai
df166ac689
Scope DeleteEnvironment::mount() and delete() lookups through Environment::ownedByCurrentTeam() so an environment_id that belongs to another team resolves to a 404 instead of loading the foreign record. Mark $environment_id as #[Locked] so the public Livewire property can no longer be reassigned from the client. Add tests/Feature/DeleteEnvironmentTeamScopingTest.php covering mount, delete, the #[Locked] guard, and the team-scoped helper for both the cross-team and own-team cases. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
46 lines
1.2 KiB
PHP
46 lines
1.2 KiB
PHP
<?php
|
|
|
|
namespace App\Livewire\Project;
|
|
|
|
use App\Models\Environment;
|
|
use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
|
|
use Livewire\Attributes\Locked;
|
|
use Livewire\Component;
|
|
|
|
class DeleteEnvironment extends Component
|
|
{
|
|
use AuthorizesRequests;
|
|
|
|
#[Locked]
|
|
public int $environment_id;
|
|
|
|
public bool $disabled = false;
|
|
|
|
public string $environmentName = '';
|
|
|
|
public array $parameters;
|
|
|
|
public function mount()
|
|
{
|
|
$this->parameters = get_route_parameters();
|
|
$this->environmentName = Environment::ownedByCurrentTeam()->findOrFail($this->environment_id)->name;
|
|
}
|
|
|
|
public function delete()
|
|
{
|
|
$this->validate([
|
|
'environment_id' => 'required|int',
|
|
]);
|
|
$environment = Environment::ownedByCurrentTeam()->findOrFail($this->environment_id);
|
|
$this->authorize('delete', $environment);
|
|
|
|
if ($environment->isEmpty()) {
|
|
$environment->delete();
|
|
|
|
return redirectRoute($this, 'project.show', ['project_uuid' => $this->parameters['project_uuid']]);
|
|
}
|
|
|
|
return $this->dispatch('error', "<strong>Environment {$environment->name}</strong> has defined resources, please delete them first.");
|
|
}
|
|
}
|