df166ac689
Scope DeleteEnvironment::mount() and delete() lookups through Environment::ownedByCurrentTeam() so an environment_id that belongs to another team resolves to a 404 instead of loading the foreign record. Mark $environment_id as #[Locked] so the public Livewire property can no longer be reassigned from the client. Add tests/Feature/DeleteEnvironmentTeamScopingTest.php covering mount, delete, the #[Locked] guard, and the team-scoped helper for both the cross-team and own-team cases. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| Browser | ||
| Feature | ||
| Traits | ||
| Unit | ||
| v4 | ||
| CreatesApplication.php | ||
| DuskTestCase.php | ||
| Pest.php | ||
| TestCase.php | ||