bert.hausmans/crewli
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

security: round 2 — multi-tenancy isolation (OrganisationScope, scoped validation, boundary checks)

Browse Source 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
bert.hausmans
2026-04-14 06:38:19 +02:00
parent 1028498705
commit 090d2b7d89
40 changed files with 603 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
api/app/Policies/ShiftAssignmentPolicy.php
View File

@@ -18,16 +18,28 @@ final class ShiftAssignmentPolicy
public function approve(User $user, ShiftAssignment $assignment, Event $event): bool
{
if ($assignment->shift->festivalSection->event_id !== $event->id) {
return false;
}
return $this->canManageEvent($user, $event);
}
public function reject(User $user, ShiftAssignment $assignment, Event $event): bool
{
if ($assignment->shift->festivalSection->event_id !== $event->id) {
return false;
}
return $this->canManageEvent($user, $event);
}
public function cancel(User $user, ShiftAssignment $assignment, Event $event): bool
{
if ($assignment->shift->festivalSection->event_id !== $event->id) {
return false;
}
if ($this->canManageEvent($user, $event)) {
return true;
}