bert.hausmans/crewli
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

security: round 2 — multi-tenancy isolation (OrganisationScope, scoped validation, boundary checks)

Browse Source 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
bert.hausmans
2026-04-14 06:38:19 +02:00
parent 1028498705
commit 090d2b7d89
40 changed files with 603 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
api/app/Http/Controllers/Api/V1/InvitationController.php
View File

@@ -75,6 +75,11 @@ final class InvitationController extends Controller
public function revoke(Organisation $organisation, UserInvitation $invitation): JsonResponse
{
// Verify invitation belongs to this organisation
if ($invitation->organisation_id !== $organisation->id) {
return $this->notFound('Uitnodiging niet gevonden');
}
Gate::authorize('invite', $organisation);
if (! $invitation->isPending()) {