feat(auth): implement comprehensive authorization checks across API controllers

2025-08-23 18:51:10 +02:00
parent b5fe5dd909
commit b1334a1bc6
5 changed files with 103 additions and 1 deletions
--- a/app/Http/Controllers/Api/ResourcesController.php
+++ b/app/Http/Controllers/Api/ResourcesController.php
@@ -43,6 +43,10 @@ class ResourcesController extends Controller
        if (is_null($teamId)) {
            return invalidTokenResponse();
        }
+
+        // General authorization check for viewing resources - using Project as base resource type
+        $this->authorize('viewAny', Project::class);
+
        $projects = Project::where('team_id', $teamId)->get();
        $resources = collect();
        $resources->push($projects->pluck('applications')->flatten());