From 37ee6717e95317de4d474ee4b4514901722da117 Mon Sep 17 00:00:00 2001
From: Andras Bacsai <5845193+andrasbacsai@users.noreply.github.com>
Date: Fri, 22 Aug 2025 14:43:18 +0200
Subject: [PATCH] feat(security): add authorization checks for package updates
 in Livewire components

---
 app/Livewire/Server/Security/Patches.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/app/Livewire/Server/Security/Patches.php b/app/Livewire/Server/Security/Patches.php
index ae114c224..b4d151424 100644
--- a/app/Livewire/Server/Security/Patches.php
+++ b/app/Livewire/Server/Security/Patches.php
@@ -69,8 +69,9 @@ class Patches extends Component
 
     public function updateAllPackages()
     {
+        $this->authorize('update', $this->server);
         if (! $this->packageManager || ! $this->osId) {
-            $this->dispatch('error', message: 'Run “Check for updates” first.');
+            $this->dispatch('error', message: 'Run "Check for updates" first.');
 
             return;
         }
@@ -91,6 +92,7 @@ class Patches extends Component
     public function updatePackage($package)
     {
         try {
+            $this->authorize('update', $this->server);
             $activity = UpdatePackage::run(server: $this->server, packageManager: $this->packageManager, osId: $this->osId, package: $package);
             $this->dispatch('activityMonitor', $activity->id, ServerPackageUpdated::class);
         } catch (\Exception $e) {