einundzwanzig/einundzwanzig-verein
1
0
Fork 0
mirror of https://github.com/HolgerHatGarKeineNode/einundzwanzig-nostr.git synced 2026-06-04 02:05:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

🚀 Enhance authorization and exception handling across Livewire components and SecurityMonitor

Browse Source 
- **SecurityMonitor:** Added logic to record and prevent logging of locked-property exceptions, while ensuring non-security exceptions are properly forwarded.
- **Livewire `Members/Admin`:** Centralized authorization logic in private methods, enforced access control on actions, and moved allowed pubkeys to class constant for maintainability.
- **Livewire `News`:** Enforced authorization for editing and deleting news with guard methods and ensured unauthorized users can't access data.
- **Bootstrap exceptions:** Implemented custom exception handling to record Livewire-related security issues while preventing redundant logs.
- Updated tests with new behavior verification covering access control and exception responses.
This commit is contained in:
HolgerHatGarKeineNode
2026-06-02 19:23:51 +02:00
parent 59bc440a59
commit 5f28bfedd4
6 changed files with 251 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tests/Feature/Livewire/Association/NewsTest.php
+52
View File
@@ -112,6 +112,58 @@ it('can delete news entry', function () {
expect(Notification::find($news->id))->toBeNull();
});
it('forbids guests from deleting news', function () {
$author = EinundzwanzigPleb::factory()->create();
$news = Notification::factory()->create([
'einundzwanzig_pleb_id' => $author->id,
]);
Livewire::test('association.news')
->call('delete')
->assertForbidden();
expect(Notification::find($news->id))->not->toBeNull();
});
it('forbids non-board members from deleting news', function () {
$author = EinundzwanzigPleb::factory()->create();
$news = Notification::factory()->create([
'einundzwanzig_pleb_id' => $author->id,
]);
$pleb = EinundzwanzigPleb::factory()->active()->withPaidCurrentYear()->create();
NostrAuth::login($pleb->pubkey);
Livewire::test('association.news')
->call('delete')
->assertForbidden();
expect(Notification::find($news->id))->not->toBeNull();
});
it('forbids non-board members from creating news', function () {
$pleb = EinundzwanzigPleb::factory()->active()->withPaidCurrentYear()->create();
NostrAuth::login($pleb->pubkey);
Livewire::test('association.news')
->call('save')
->assertForbidden();
expect(Notification::count())->toBe(0);
});
it('does not load news for unauthorized visitors', function () {
$author = EinundzwanzigPleb::factory()->create();
Notification::factory()->count(2)->create([
'einundzwanzig_pleb_id' => $author->id,
]);
Livewire::test('association.news')
->assertSet('isAllowed', false)
->assertSet('news', []);
});
it('displays news list', function () {
$pleb = EinundzwanzigPleb::factory()->active()->withPaidCurrentYear()->create();
$news1 = Notification::factory()->create();