From ce134cb8b10961eda1b9428cef197a51e2fb911c Mon Sep 17 00:00:00 2001
From: Andras Bacsai <5845193+andrasbacsai@users.noreply.github.com>
Date: Wed, 26 Nov 2025 09:55:04 +0100
Subject: [PATCH] fix: add authorization checks for environment and project
 views

---
 .../SharedVariables/Environment/Show.php      |  1 +
 app/Livewire/SharedVariables/Project/Show.php | 19 +++++++------------
 app/Livewire/SharedVariables/Team/Index.php   | 14 +++++++-------
 3 files changed, 15 insertions(+), 19 deletions(-)

diff --git a/app/Livewire/SharedVariables/Environment/Show.php b/app/Livewire/SharedVariables/Environment/Show.php
index 328986cea..0bdc1503f 100644
--- a/app/Livewire/SharedVariables/Environment/Show.php
+++ b/app/Livewire/SharedVariables/Environment/Show.php
@@ -60,6 +60,7 @@ public function mount()
 
     public function switch()
     {
+        $this->authorize('view', $this->environment);
         $this->view = $this->view === 'normal' ? 'dev' : 'normal';
         $this->getDevView();
     }
diff --git a/app/Livewire/SharedVariables/Project/Show.php b/app/Livewire/SharedVariables/Project/Show.php
index 93ead33a3..b205ea1ec 100644
--- a/app/Livewire/SharedVariables/Project/Show.php
+++ b/app/Livewire/SharedVariables/Project/Show.php
@@ -57,6 +57,7 @@ public function mount()
 
     public function switch()
     {
+        $this->authorize('view', $this->project);
         $this->view = $this->view === 'normal' ? 'dev' : 'normal';
         $this->getDevView();
     }
@@ -97,25 +98,19 @@ private function handleBulkSubmit()
     {
         $variables = parseEnvFormatToArray($this->variables);
 
-        DB::transaction(function () use ($variables) {
-            $changesMade = false;
-
+        $changesMade = DB::transaction(function () use ($variables) {
             // Delete removed variables
             $deletedCount = $this->deleteRemovedVariables($variables);
-            if ($deletedCount > 0) {
-                $changesMade = true;
-            }
 
             // Update or create variables
             $updatedCount = $this->updateOrCreateVariables($variables);
-            if ($updatedCount > 0) {
-                $changesMade = true;
-            }
 
-            if ($changesMade) {
-                $this->dispatch('success', 'Environment variables updated.');
-            }
+            return $deletedCount > 0 || $updatedCount > 0;
         });
+
+        if ($changesMade) {
+            $this->dispatch('success', 'Environment variables updated.');
+        }
     }
 
     private function deleteRemovedVariables($variables)
diff --git a/app/Livewire/SharedVariables/Team/Index.php b/app/Livewire/SharedVariables/Team/Index.php
index bd23bca82..e420686f0 100644
--- a/app/Livewire/SharedVariables/Team/Index.php
+++ b/app/Livewire/SharedVariables/Team/Index.php
@@ -51,6 +51,7 @@ public function mount()
 
     public function switch()
     {
+        $this->authorize('view', $this->team);
         $this->view = $this->view === 'normal' ? 'dev' : 'normal';
         $this->getDevView();
     }
@@ -90,10 +91,9 @@ public function submit()
     private function handleBulkSubmit()
     {
         $variables = parseEnvFormatToArray($this->variables);
+        $changesMade = false;
 
-        DB::transaction(function () use ($variables) {
-            $changesMade = false;
-
+        DB::transaction(function () use ($variables, &$changesMade) {
             // Delete removed variables
             $deletedCount = $this->deleteRemovedVariables($variables);
             if ($deletedCount > 0) {
@@ -105,11 +105,11 @@ private function handleBulkSubmit()
             if ($updatedCount > 0) {
                 $changesMade = true;
             }
-
-            if ($changesMade) {
-                $this->dispatch('success', 'Environment variables updated.');
-            }
         });
+
+        if ($changesMade) {
+            $this->dispatch('success', 'Environment variables updated.');
+        }
     }
 
     private function deleteRemovedVariables($variables)