Dashboard Data Leakage (Major Privacy/Security Issue)

- **Filename:** `app/Http/Controllers/DashboardController.php`
- **Error Message:** Logic Error - Returns all orders in the system instead of the authenticated user's orders.
- **Code Snippet:**
```php
public function __invoke()
{
    // ...
    return Inertia::render('Dashboard', [
        'orders' => OrderResource::collection(
            Order::latest()->with('orderable')->get()
        ),
        // ...
    ]);
}
```
- **Description:** The `DashboardController` fetches and returns all orders from the `Order` model without filtering by the current user's ID. This means any authenticated user can see all orders made by all other users on their dashboard.

https://github.com/asciisd/traderfactory_12/blame/df9fcd7c2e7e641960649e1b458d95f73f4f81ec/database/factories/UserFactory.php#L27

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Dashboard Data Leakage (Major Privacy/Security Issue) #5

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Dashboard Data Leakage (Major Privacy/Security Issue) #5

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions