Enes Cakir cf0979157f Add additional project id check for billing entities ...

We check authorization for all billin-related operations once with
authorize("Project:billing", @project.id).

After that, users can provide any resource ID from other projects to
delete payment method and usage alert, or get invoice details.

It's important that customers can only access their own resources.

2025-03-28 05:28:14 +03:00

851 B

Raw Permalink Blame History

View Raw