From 6e8c557ed3f9a3d37f8684da0008e43533342bb0 Mon Sep 17 00:00:00 2001
From: Andras Bacsai <5845193+andrasbacsai@users.noreply.github.com>
Date: Thu, 16 Oct 2025 13:04:44 +0200
Subject: [PATCH] fix: ensure authorization checks are in place for viewing and
 updating the application

---
 app/Livewire/Project/Service/EditDomain.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/app/Livewire/Project/Service/EditDomain.php b/app/Livewire/Project/Service/EditDomain.php
index 9f526c964..c45386d2e 100644
--- a/app/Livewire/Project/Service/EditDomain.php
+++ b/app/Livewire/Project/Service/EditDomain.php
@@ -26,7 +26,8 @@ class EditDomain extends Component
 
     public function mount()
     {
-        $this->application = ServiceApplication::find($this->applicationId);
+        $this->application = ServiceApplication::query()->findOrFail($this->applicationId);
+        $this->authorize('view', $this->application);
         $this->syncData(false);
     }
 
@@ -49,6 +50,7 @@ public function confirmDomainUsage()
     public function submit()
     {
         try {
+            $this->authorize('update', $this->application);
             $this->fqdn = str($this->fqdn)->replaceEnd(',', '')->trim()->toString();
             $this->fqdn = str($this->fqdn)->replaceStart(',', '')->trim()->toString();
             $domains = str($this->fqdn)->trim()->explode(',')->map(function ($domain) {