df166ac689
Scope DeleteEnvironment::mount() and delete() lookups through Environment::ownedByCurrentTeam() so an environment_id that belongs to another team resolves to a 404 instead of loading the foreign record. Mark $environment_id as #[Locked] so the public Livewire property can no longer be reassigned from the client. Add tests/Feature/DeleteEnvironmentTeamScopingTest.php covering mount, delete, the #[Locked] guard, and the team-scoped helper for both the cross-team and own-team cases. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| Application | ||
| Database | ||
| New | ||
| Resource | ||
| Service | ||
| Shared | ||
| AddEmpty.php | ||
| CloneMe.php | ||
| DeleteEnvironment.php | ||
| DeleteProject.php | ||
| Edit.php | ||
| EnvironmentEdit.php | ||
| Index.php | ||
| Show.php | ||