diff --git a/app/Livewire/Server/Advanced.php b/app/Livewire/Server/Advanced.php
index 1bf8cf4c9..760c4df0d 100644
--- a/app/Livewire/Server/Advanced.php
+++ b/app/Livewire/Server/Advanced.php
@@ -76,6 +76,7 @@ class Advanced extends Component
public function syncData(bool $toModel = false)
{
if ($toModel) {
+ $this->authorize('update', $this->server);
$this->validate();
$this->server->settings->concurrent_builds = $this->concurrentBuilds;
$this->server->settings->dynamic_timeout = $this->dynamicTimeout;
diff --git a/app/Livewire/Server/CloudflareTunnel.php b/app/Livewire/Server/CloudflareTunnel.php
index b2ffa003f..24f8e022e 100644
--- a/app/Livewire/Server/CloudflareTunnel.php
+++ b/app/Livewire/Server/CloudflareTunnel.php
@@ -4,11 +4,14 @@ namespace App\Livewire\Server;
use App\Actions\Server\ConfigureCloudflared;
use App\Models\Server;
+use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
use Livewire\Attributes\Validate;
use Livewire\Component;
class CloudflareTunnel extends Component
{
+ use AuthorizesRequests;
+
public Server $server;
#[Validate(['required', 'string'])]
@@ -51,6 +54,7 @@ class CloudflareTunnel extends Component
public function toggleCloudflareTunnels()
{
try {
+ $this->authorize('update', $this->server);
remote_process(['docker rm -f coolify-cloudflared'], $this->server, false, 10);
$this->isCloudflareTunnelsEnabled = false;
$this->server->settings->is_cloudflare_tunnel = false;
@@ -68,6 +72,7 @@ class CloudflareTunnel extends Component
public function manualCloudflareConfig()
{
+ $this->authorize('update', $this->server);
$this->isCloudflareTunnelsEnabled = true;
$this->server->settings->is_cloudflare_tunnel = true;
$this->server->settings->save();
@@ -78,6 +83,7 @@ class CloudflareTunnel extends Component
public function automatedCloudflareConfig()
{
try {
+ $this->authorize('update', $this->server);
if (str($this->ssh_domain)->contains('https://')) {
$this->ssh_domain = str($this->ssh_domain)->replace('https://', '')->replace('http://', '')->trim();
$this->ssh_domain = str($this->ssh_domain)->replace('/', '');
diff --git a/app/Livewire/Server/DockerCleanup.php b/app/Livewire/Server/DockerCleanup.php
index c97a8f2c9..764e583cd 100644
--- a/app/Livewire/Server/DockerCleanup.php
+++ b/app/Livewire/Server/DockerCleanup.php
@@ -4,11 +4,14 @@ namespace App\Livewire\Server;
use App\Jobs\DockerCleanupJob;
use App\Models\Server;
+use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
use Livewire\Attributes\Validate;
use Livewire\Component;
class DockerCleanup extends Component
{
+ use AuthorizesRequests;
+
public Server $server;
public array $parameters = [];
@@ -42,6 +45,7 @@ class DockerCleanup extends Component
public function syncData(bool $toModel = false)
{
if ($toModel) {
+ $this->authorize('update', $this->server);
$this->validate();
$this->server->settings->force_docker_cleanup = $this->forceDockerCleanup;
$this->server->settings->docker_cleanup_frequency = $this->dockerCleanupFrequency;
@@ -71,6 +75,7 @@ class DockerCleanup extends Component
public function manualCleanup()
{
try {
+ $this->authorize('update', $this->server);
DockerCleanupJob::dispatch($this->server, true, $this->deleteUnusedVolumes, $this->deleteUnusedNetworks);
$this->dispatch('success', 'Manual cleanup job started. Depending on the amount of data, this might take a while.');
} catch (\Throwable $e) {
diff --git a/app/Livewire/Server/LogDrains.php b/app/Livewire/Server/LogDrains.php
index edddfc755..d4a65af81 100644
--- a/app/Livewire/Server/LogDrains.php
+++ b/app/Livewire/Server/LogDrains.php
@@ -5,11 +5,14 @@ namespace App\Livewire\Server;
use App\Actions\Server\StartLogDrain;
use App\Actions\Server\StopLogDrain;
use App\Models\Server;
+use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
use Livewire\Attributes\Validate;
use Livewire\Component;
class LogDrains extends Component
{
+ use AuthorizesRequests;
+
public Server $server;
#[Validate(['boolean'])]
@@ -160,6 +163,7 @@ class LogDrains extends Component
public function instantSave()
{
try {
+ $this->authorize('update', $this->server);
$this->syncData(true);
if ($this->server->isLogDrainEnabled()) {
StartLogDrain::run($this->server);
@@ -176,6 +180,7 @@ class LogDrains extends Component
public function submit(string $type)
{
try {
+ $this->authorize('update', $this->server);
$this->syncData(true, $type);
$this->dispatch('success', 'Settings saved.');
} catch (\Throwable $e) {
diff --git a/app/Livewire/Server/New/ByIp.php b/app/Livewire/Server/New/ByIp.php
index 6b4bfc15e..116775a6f 100644
--- a/app/Livewire/Server/New/ByIp.php
+++ b/app/Livewire/Server/New/ByIp.php
@@ -6,12 +6,15 @@ use App\Enums\ProxyTypes;
use App\Models\Server;
use App\Models\Team;
use App\Support\ValidationPatterns;
+use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
use Illuminate\Support\Collection;
use Livewire\Attributes\Locked;
use Livewire\Component;
class ByIp extends Component
{
+ use AuthorizesRequests;
+
#[Locked]
public $private_keys;
@@ -115,6 +118,7 @@ class ByIp extends Component
{
$this->validate();
try {
+ $this->authorize('create', Server::class);
if (Server::where('team_id', currentTeam()->id)
->where('ip', $this->ip)
->exists()) {
diff --git a/app/Livewire/Server/PrivateKey/Show.php b/app/Livewire/Server/PrivateKey/Show.php
index 64aa1884b..845d568ce 100644
--- a/app/Livewire/Server/PrivateKey/Show.php
+++ b/app/Livewire/Server/PrivateKey/Show.php
@@ -4,10 +4,13 @@ namespace App\Livewire\Server\PrivateKey;
use App\Models\PrivateKey;
use App\Models\Server;
+use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
use Livewire\Component;
class Show extends Component
{
+ use AuthorizesRequests;
+
public Server $server;
public $privateKeys = [];
@@ -35,6 +38,7 @@ class Show extends Component
$originalPrivateKeyId = $this->server->getOriginal('private_key_id');
try {
+ $this->authorize('update', $this->server);
$this->server->update(['private_key_id' => $privateKeyId]);
['uptime' => $uptime, 'error' => $error] = $this->server->validateConnection(justCheckingNewKey: true);
if ($uptime) {
diff --git a/app/Livewire/Server/Proxy.php b/app/Livewire/Server/Proxy.php
index 1cf8c839e..49adf7fe6 100644
--- a/app/Livewire/Server/Proxy.php
+++ b/app/Livewire/Server/Proxy.php
@@ -5,10 +5,13 @@ namespace App\Livewire\Server;
use App\Actions\Proxy\CheckConfiguration;
use App\Actions\Proxy\SaveConfiguration;
use App\Models\Server;
+use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
use Livewire\Component;
class Proxy extends Component
{
+ use AuthorizesRequests;
+
public Server $server;
public ?string $selectedProxy = null;
@@ -47,6 +50,7 @@ class Proxy extends Component
public function changeProxy()
{
+ $this->authorize('update', $this->server);
$this->server->proxy = null;
$this->server->save();
@@ -56,6 +60,7 @@ class Proxy extends Component
public function selectProxy($proxy_type)
{
try {
+ $this->authorize('update', $this->server);
$this->server->changeProxy($proxy_type, async: false);
$this->selectedProxy = $this->server->proxy->type;
@@ -68,6 +73,7 @@ class Proxy extends Component
public function instantSave()
{
try {
+ $this->authorize('update', $this->server);
$this->validate();
$this->server->settings->save();
$this->dispatch('success', 'Settings saved.');
@@ -79,6 +85,7 @@ class Proxy extends Component
public function instantSaveRedirect()
{
try {
+ $this->authorize('update', $this->server);
$this->server->proxy->redirect_enabled = $this->redirect_enabled;
$this->server->save();
$this->server->setupDefaultRedirect();
@@ -91,6 +98,7 @@ class Proxy extends Component
public function submit()
{
try {
+ $this->authorize('update', $this->server);
SaveConfiguration::run($this->server, $this->proxy_settings);
$this->server->proxy->redirect_url = $this->redirect_url;
$this->server->save();
@@ -104,6 +112,7 @@ class Proxy extends Component
public function reset_proxy_configuration()
{
try {
+ $this->authorize('update', $this->server);
$this->proxy_settings = CheckConfiguration::run($this->server, true);
SaveConfiguration::run($this->server, $this->proxy_settings);
$this->server->save();
diff --git a/app/Livewire/Server/Show.php b/app/Livewire/Server/Show.php
index a6702a39b..db2cef880 100644
--- a/app/Livewire/Server/Show.php
+++ b/app/Livewire/Server/Show.php
@@ -7,12 +7,15 @@ use App\Actions\Server\StopSentinel;
use App\Events\ServerReachabilityChanged;
use App\Models\Server;
use App\Support\ValidationPatterns;
+use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
use Livewire\Attributes\Computed;
use Livewire\Attributes\Locked;
use Livewire\Component;
class Show extends Component
{
+ use AuthorizesRequests;
+
public Server $server;
public string $name;
@@ -157,6 +160,8 @@ class Show extends Component
throw new \Exception('This IP/Domain is already in use by another server in your team.');
}
+ $this->authorize('update', $this->server);
+
$this->server->name = $this->name;
$this->server->description = $this->description;
$this->server->ip = $this->ip;
@@ -220,6 +225,7 @@ class Show extends Component
public function validateServer($install = true)
{
try {
+ $this->authorize('update', $this->server);
$this->validationLogs = $this->server->validation_logs = null;
$this->server->save();
$this->dispatch('init', $install);
diff --git a/app/Livewire/Server/ValidateAndInstall.php b/app/Livewire/Server/ValidateAndInstall.php
index 479fdef22..c75474e44 100644
--- a/app/Livewire/Server/ValidateAndInstall.php
+++ b/app/Livewire/Server/ValidateAndInstall.php
@@ -5,10 +5,13 @@ namespace App\Livewire\Server;
use App\Actions\Proxy\CheckProxy;
use App\Actions\Proxy\StartProxy;
use App\Models\Server;
+use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
use Livewire\Component;
class ValidateAndInstall extends Component
{
+ use AuthorizesRequests;
+
public Server $server;
public int $number_of_tries = 0;
@@ -62,6 +65,7 @@ class ValidateAndInstall extends Component
public function validateConnection()
{
+ $this->authorize('update', $this->server);
['uptime' => $this->uptime, 'error' => $error] = $this->server->validateConnection();
if (! $this->uptime) {
$this->error = 'Server is not reachable. Please validate your configuration and connection.
Check this documentation for further help.
Error: '.$error.'
';
diff --git a/app/Policies/ServerPolicy.php b/app/Policies/ServerPolicy.php
index ad59b7140..bf3c1bd30 100644
--- a/app/Policies/ServerPolicy.php
+++ b/app/Policies/ServerPolicy.php
@@ -28,7 +28,7 @@ class ServerPolicy
*/
public function create(User $user): bool
{
- return true;
+ return $user->isAdmin();
}
/**
@@ -36,7 +36,7 @@ class ServerPolicy
*/
public function update(User $user, Server $server): bool
{
- return $user->teams()->get()->firstWhere('id', $server->team_id) !== null;
+ return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $server->team_id) !== null;
}
/**
@@ -44,7 +44,7 @@ class ServerPolicy
*/
public function delete(User $user, Server $server): bool
{
- return $user->teams()->get()->firstWhere('id', $server->team_id) !== null;
+ return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $server->team_id) !== null;
}
/**