safety stuff

2025-02-21 03:15:45 -08:00 · 2023-12-05 20:36:59 -06:00 · 2023-12-05 20:36:59 -06:00 · 18720b3302
parent 12e546e63a
commit 18720b3302
2 changed files with 14 additions and 2 deletions
--- a/app/Http/Livewire/OauthClients.php
+++ b/app/Http/Livewire/OauthClients.php
@ -52,7 +52,12 @@ class OauthClients extends Component
    {
        // test for safety
        // ->delete must be of type Client - thus the model binding
-        $this->clientRepository->delete($clientId);
+        if ($clientId->user_id == auth()->user()->id) {
+            $this->clientRepository->delete($clientId);
+        } else {
+            Log::warning('User ' . auth()->user()->id . ' attempted to delete client ' . $clientId->id . ' which belongs to user ' . $clientId->user_id);
+            $this->authorizationError = 'You are not authorized to delete this client.';
+        }
    }

    public function editClient(Client $editClientId): void
--- a/resources/views/livewire/oauth-clients.blade.php
+++ b/resources/views/livewire/oauth-clients.blade.php
@ -5,6 +5,13 @@
                <h2>
                    (Livewire) OAuth Clients
                </h2>
+                @if($authorizationError)
+                    <div class="alert alert-danger">
+                        <p><strong>Whoops!</strong> Something went wrong!</p>
+                        <br>
+                        {{ $authorizationError }}
+                    </div>
+                @endif

                <a class="button button-small"
                        wire:click="$emit('openModal')"
@ -183,7 +190,7 @@
                                @if($errors->has('newRedirect'))
                                    <li>{{ $errors->first('newRedirect') }}</li>
                                @endif
-                                @if($authCodeError)
+                                @if($authorizationError)
                                    <li>{{ $authorizationError }}</li>
                                @endif
                            </ul>