restore: roll back to 7d854ff (stable pre-security state)

Full restore of the 7d854ff snapshot (2026-06-16 18:05, before the security
review). Forward commit, no history rewrite — f8a1310 and all later commits
remain recoverable in history.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

app/Livewire/ProjectList.php

@@ -16,15 +16,11 @@ class ProjectList extends Component
 
     public function deleteProject($id)
     {
-        $user = Auth::user();
-        if (!$user->can('delete projects')) {
-            session()->flash('error', 'Sin permisos para eliminar proyectos.');
-            return;
+        $project = Project::findOrFail($id);
+        if (Auth::user()->can('delete projects')) {
+            $project->delete();
+            session()->flash('message', 'Proyecto eliminado');
         }
-        // Scope to accessible projects to prevent IDOR (deleting another user's project by ID)
-        $project = Project::accessibleBy($user)->findOrFail($id);
-        $project->delete();
-        session()->flash('message', 'Proyecto eliminado');
     }
 
     public function render()