From 6cd3bc04617bb8a2dc7010c2b8aa9ef5050e9c27 Mon Sep 17 00:00:00 2001
From: Andras Bacsai <5845193+andrasbacsai@users.noreply.github.com>
Date: Thu, 25 Sep 2025 11:44:58 +0200
Subject: [PATCH] fix(security): implement authorization checks for terminal
 access management

---
 app/Livewire/Server/Security/TerminalAccess.php | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/app/Livewire/Server/Security/TerminalAccess.php b/app/Livewire/Server/Security/TerminalAccess.php
index c5898314b..284eea7dd 100644
--- a/app/Livewire/Server/Security/TerminalAccess.php
+++ b/app/Livewire/Server/Security/TerminalAccess.php
@@ -4,6 +4,7 @@
 
 use App\Models\InstanceSettings;
 use App\Models\Server;
+use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Hash;
 use Livewire\Attributes\Validate;
@@ -11,6 +12,8 @@
 
 class TerminalAccess extends Component
 {
+    use AuthorizesRequests;
+
     public Server $server;
 
     public array $parameters = [];
@@ -22,6 +25,7 @@ public function mount(string $server_uuid)
     {
         try {
             $this->server = Server::ownedByCurrentTeam()->whereUuid($server_uuid)->firstOrFail();
+            $this->authorize('update', $this->server);
             $this->parameters = get_route_parameters();
             $this->syncData();
 
@@ -33,6 +37,8 @@ public function mount(string $server_uuid)
     public function toggleTerminal($password)
     {
         try {
+            $this->authorize('update', $this->server);
+
             // Check if user is admin or owner
             if (! auth()->user()->isAdmin()) {
                 throw new \Exception('Only team administrators and owners can modify terminal access.');
@@ -76,4 +82,4 @@ public function render()
     {
         return view('livewire.server.security.terminal-access');
     }
-}
\ No newline at end of file
+}