QT/InvoiceShelf
1
0
Fork 0
mirror of https://github.com/InvoiceShelf/InvoiceShelf.git synced 2026-04-08 14:04:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
f17c7be5f02c01d2ee4cf689257e025bb6753fa1
InvoiceShelf/app/Http/Controllers/V1/Admin/Estimate
History
Darko Gjorgjijoski 3d871604ae Add company ownership check to clone endpoints (#606) 
Verify the source record belongs to the current company before cloning.
Previously, users could clone invoices/estimates from other companies,
leaking sensitive data (amounts, customer details, items, taxes, notes).

The view policy already includes hasCompany() check, so authorizing
view on the source record gates both ability and company ownership.

Ref #574
2026-04-03 14:32:12 +02:00
..
ChangeEstimateStatusController.php
Pint
2026-03-21 18:59:53 +01:00
CloneEstimateController.php
Add company ownership check to clone endpoints (#606)
2026-04-03 14:32:12 +02:00
ConvertEstimateController.php
Laravel 13 upgrade, updates and fixes
2026-03-21 18:53:33 +01:00
EstimatesController.php
Scope all bulk deletes to current company and fix inverted ownership transfer (#605)
2026-04-03 14:16:42 +02:00
EstimateTemplatesController.php
Refactor Custom Invoice/Estimate PDF Templates (#277)
2025-01-13 01:20:13 +01:00
SendEstimateController.php
Pint
2026-03-21 18:59:53 +01:00
SendEstimatePreviewController.php
Pint
2026-03-21 18:59:53 +01:00