bert.hausmans/crewli
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

security: round 2 — multi-tenancy isolation (OrganisationScope, scoped validation, boundary checks)

Browse Source 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
bert.hausmans
2026-04-14 06:38:19 +02:00
parent 1028498705
commit 090d2b7d89
40 changed files with 603 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
api/app/Http/Requests/Api/V1/UpdateCrowdListRequest.php
View File

@@ -19,10 +19,10 @@ final class UpdateCrowdListRequest extends FormRequest
public function rules(): array
{
return [
'crowd_type_id' => ['sometimes', 'ulid', 'exists:crowd_types,id'],
'crowd_type_id' => ['sometimes', 'ulid', Rule::exists('crowd_types', 'id')->where('organisation_id', $this->route('event')->organisation_id)],
'name' => ['sometimes', 'string', 'max:255'],
'type' => ['sometimes', Rule::enum(CrowdListType::class)],
'recipient_company_id' => ['nullable', 'ulid', 'exists:companies,id'],
'recipient_company_id' => ['nullable', 'ulid', Rule::exists('companies', 'id')->where('organisation_id', $this->route('event')->organisation_id)],
'auto_approve' => ['sometimes', 'boolean'],
'max_persons' => ['nullable', 'integer', 'min:1'],
];