bert.hausmans/crewli
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

security: round 2 — multi-tenancy isolation (OrganisationScope, scoped validation, boundary checks)

Browse Source 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
bert.hausmans
2026-04-14 06:38:19 +02:00
parent 1028498705
commit 090d2b7d89
40 changed files with 603 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
api/app/Http/Controllers/Api/V1/ShiftController.php
View File

@@ -71,7 +71,8 @@ final class ShiftController extends Controller
{
Gate::authorize('assign', [$shift, $event, $section]);
$person = Person::findOrFail($request->validated('person_id'));
$festivalEventId = $event->parent_event_id ?? $event->id;
$person = Person::where('event_id', $festivalEventId)->findOrFail($request->validated('person_id'));
$assignment = $this->shiftAssignmentService->assign($shift, $person, $request->user());
return $this->created(new ShiftAssignmentResource($assignment));
@@ -81,7 +82,8 @@ final class ShiftController extends Controller
{
Gate::authorize('claim', [$shift, $event, $section]);
$person = Person::findOrFail($request->validated('person_id'));
$festivalEventId = $event->parent_event_id ?? $event->id;
$person = Person::where('event_id', $festivalEventId)->findOrFail($request->validated('person_id'));
$assignment = $this->shiftAssignmentService->claim($shift, $person);
return $this->created(new ShiftAssignmentResource($assignment));