bert.hausmans/crewli
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

security: round 2 — multi-tenancy isolation (OrganisationScope, scoped validation, boundary checks)

Browse Source 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
bert.hausmans
2026-04-14 06:38:19 +02:00
parent 1028498705
commit 090d2b7d89
40 changed files with 603 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
api/tests/Feature/Event/EventTest.php
View File

@@ -255,7 +255,7 @@ class EventTest extends TestCase
$response = $this->getJson("/api/v1/organisations/{$this->organisation->id}/events/{$event->id}");
$response->assertForbidden();
$response->assertNotFound();
}
public function test_update_event_from_other_org_is_blocked(): void
@@ -269,7 +269,7 @@ class EventTest extends TestCase
'name' => 'Cross-org hack',
]);
$response->assertForbidden();
$response->assertNotFound();
}
// --- UNAUTHENTICATED ---
@@ -370,7 +370,7 @@ class EventTest extends TestCase
$response = $this->deleteJson("/api/v1/organisations/{$this->organisation->id}/events/{$event->id}");
$response->assertForbidden();
$response->assertNotFound();
}
public function test_soft_deleted_event_not_in_index(): void