From 18720b3302506373e722e3447d668e3cbf01f147 Mon Sep 17 00:00:00 2001 From: spencerrlongg Date: Tue, 5 Dec 2023 20:36:59 -0600 Subject: [PATCH] safety stuff --- app/Http/Livewire/OauthClients.php | 7 ++++++- resources/views/livewire/oauth-clients.blade.php | 9 ++++++++- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/app/Http/Livewire/OauthClients.php b/app/Http/Livewire/OauthClients.php index 98582c072..39813a50d 100644 --- a/app/Http/Livewire/OauthClients.php +++ b/app/Http/Livewire/OauthClients.php @@ -52,7 +52,12 @@ class OauthClients extends Component { // test for safety // ->delete must be of type Client - thus the model binding - $this->clientRepository->delete($clientId); + if ($clientId->user_id == auth()->user()->id) { + $this->clientRepository->delete($clientId); + } else { + Log::warning('User ' . auth()->user()->id . ' attempted to delete client ' . $clientId->id . ' which belongs to user ' . $clientId->user_id); + $this->authorizationError = 'You are not authorized to delete this client.'; + } } public function editClient(Client $editClientId): void diff --git a/resources/views/livewire/oauth-clients.blade.php b/resources/views/livewire/oauth-clients.blade.php index bb43fccbd..be03c3518 100644 --- a/resources/views/livewire/oauth-clients.blade.php +++ b/resources/views/livewire/oauth-clients.blade.php @@ -5,6 +5,13 @@

(Livewire) OAuth Clients

+ @if($authorizationError) +
+

Whoops! Something went wrong!

+
+ {{ $authorizationError }} +
+ @endif has('newRedirect'))
  • {{ $errors->first('newRedirect') }}
    • @endif - @if($authCodeError) + @if($authorizationError)
  • {{ $authorizationError }}
    • @endif