bert.hausmans/crewli
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

security: round 2 — multi-tenancy isolation (OrganisationScope, scoped validation, boundary checks)

Browse Source 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
bert.hausmans
2026-04-14 06:38:19 +02:00
parent 1028498705
commit 090d2b7d89
40 changed files with 603 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
api/app/Http/Requests/Api/V1/StoreEventRequest.php
View File

@@ -5,6 +5,7 @@ declare(strict_types=1);
namespace App\Http\Requests\Api\V1;
use Illuminate\Foundation\Http\FormRequest;
use Illuminate\Validation\Rule;
final class StoreEventRequest extends FormRequest
{
@@ -23,7 +24,7 @@ final class StoreEventRequest extends FormRequest
'end_date' => ['required', 'date', 'after_or_equal:start_date'],
'timezone' => ['sometimes', 'string', 'max:50'],
'status' => ['sometimes', 'string', 'in:draft,published,registration_open,buildup,showday,teardown,closed'],
'parent_event_id' => ['nullable', 'ulid', 'exists:events,id'],
'parent_event_id' => ['nullable', 'ulid', Rule::exists('events', 'id')->where('organisation_id', $this->route('organisation')->id)],
'event_type' => ['nullable', 'in:event,festival,series'],
'event_type_label' => ['nullable', 'string', 'max:50'],
'sub_event_label' => ['nullable', 'string', 'max:50'],