revert: roll back to 7d854ff (pre-security-review state)

Restores all 27 files changed by the security commit (f8a1310) and later work back to their 7d854ff state (2026-06-16 18:05), as requested. The security rewrite regressed map functionality (tabs, inspection editor, collapsing layers panel) without adding protections the 7d854ff version did not already have (XSS escaping + IDOR checks were already present). Done as a forward commit (no history rewrite / force-push) so f8a1310, a24c8a2 and the merge remain in history and are fully recoverable. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-17 10:23:29 +02:00
parent ee3086c34b
commit c44958ac16
29 changed files with 1561 additions and 1187 deletions
@@ -20,11 +20,10 @@ class User extends Authenticatable
     * @var list<string>
     */
    protected $fillable = [
-        'name',
-        'email',
-        'password', // Intentionally kept: required for registration factory and seeding.
-                    // Sensitive — never pass unvalidated user input directly.
-                    // email_verified_at and remember_token are intentionally excluded.
+        'name', 'title', 'first_name', 'last_name',
+        'email', 'password',
+        'status', 'valid_from', 'valid_until',
+        'company_id', 'phone', 'address', 'notes',
    ];

    /**
@@ -46,14 +45,16 @@ class User extends Authenticatable
    {
        return [
            'email_verified_at' => 'datetime',
-            'password' => 'hashed',
+            'password'          => 'hashed',
+            'valid_from'        => 'date',
+            'valid_until'       => 'date',
        ];
    }
+
    public function company()
    {
-        return $this->belongsTo(Company::class);
+        return $this->belongsTo(\App\Models\Company::class);
    }
-
    // Many-to-many with projects
    public function projects()
    {