DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2025-02-21 03:15:45 -08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

safety stuff

Browse source
This commit is contained in:
spencerrlongg 2023-12-05 20:36:59 -06:00
parent 12e546e63a
commit 18720b3302
2 changed files with 14 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
app/Http/Livewire/OauthClients.php
View file

@ -52,7 +52,12 @@ class OauthClients extends Component
{ {
// test for safety // test for safety
// ->delete must be of type Client - thus the model binding // ->delete must be of type Client - thus the model binding
$this->clientRepository->delete($clientId); if ($clientId->user_id == auth()->user()->id) {
$this->clientRepository->delete($clientId);
} else {
Log::warning('User ' . auth()->user()->id . ' attempted to delete client ' . $clientId->id . ' which belongs to user ' . $clientId->user_id);
$this->authorizationError = 'You are not authorized to delete this client.';
}
} }
public function editClient(Client $editClientId): void public function editClient(Client $editClientId): void

9
resources/views/livewire/oauth-clients.blade.php
View file

@ -5,6 +5,13 @@
<h2> <h2>
(Livewire) OAuth Clients (Livewire) OAuth Clients
</h2> </h2>
@if($authorizationError)
<div class="alert alert-danger">
<p><strong>Whoops!</strong> Something went wrong!</p>
<br>
{{ $authorizationError }}
</div>
@endif
<a class="button button-small" <a class="button button-small"
wire:click="$emit('openModal')" wire:click="$emit('openModal')"
@ -183,7 +190,7 @@
@if($errors->has('newRedirect')) @if($errors->has('newRedirect'))
<li>{{ $errors->first('newRedirect') }}</li> <li>{{ $errors->first('newRedirect') }}</li>
@endif @endif
@if($authCodeError) @if($authorizationError)
<li>{{ $authorizationError }}</li> <li>{{ $authorizationError }}</li>
@endif @endif
</ul> </ul>