cupcakearmy/coolify
1
0
Fork 0
mirror of https://github.com/cupcakearmy/coolify.git synced 2024-10-22 08:04:19 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix: root team able to download backups

Browse Source
This commit is contained in:
Andras Bacsai 2024-05-24 09:33:09 +02:00
parent 6f3e38e392
commit 64f8583975
1 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
routes/web.php
View File

@ -254,14 +254,16 @@
$exeuctionId = request()->route('executionId');
$execution = ScheduledDatabaseBackupExecution::where('id', $exeuctionId)->firstOrFail();
$execution_team_id = $execution->scheduledDatabaseBackup->database->team()?->id;
if (is_null($execution_team_id)) {
return response()->json(['message' => 'Team not found.'], 404);
}
if ($team->id !== $execution_team_id) {
return response()->json(['message' => 'Permission denied.'], 403);
}
if (is_null($execution)) {
return response()->json(['message' => 'Backup not found.'], 404);
if ($team->id !== 0) {
if (is_null($execution_team_id)) {
return response()->json(['message' => 'Team not found.'], 404);
}
if ($team->id !== $execution_team_id) {
return response()->json(['message' => 'Permission denied.'], 403);
}
if (is_null($execution)) {
return response()->json(['message' => 'Backup not found.'], 404);
}
}
$filename = data_get($execution, 'filename');
if ($execution->scheduledDatabaseBackup->database->getMorphClass() === 'App\Models\ServiceDatabase') {