dave/coolify
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

feat(auth): implement authorization checks for server updates across multiple components

Browse Source 
- Added authorization checks using the `authorize` method in various Livewire components to ensure only authorized users can update server settings.
- Updated `ServerPolicy` to restrict update permissions to admin users and their respective teams.
- Enhanced security and access control for server management functionalities.
This commit is contained in:
Andras Bacsai
2025-08-22 13:02:11 +02:00
parent 0748ef3ee5
commit 3ffc751f1a
10 changed files with 47 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
app/Policies/ServerPolicy.php
View File

@@ -28,7 +28,7 @@ class ServerPolicy
*/
public function create(User $user): bool
{
return true;
return $user->isAdmin();
}
/**
@@ -36,7 +36,7 @@ class ServerPolicy
*/
public function update(User $user, Server $server): bool
{
return $user->teams()->get()->firstWhere('id', $server->team_id) !== null;
return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $server->team_id) !== null;
}
/**
@@ -44,7 +44,7 @@ class ServerPolicy
*/
public function delete(User $user, Server $server): bool
{
return $user->teams()->get()->firstWhere('id', $server->team_id) !== null;
return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $server->team_id) !== null;
}
/**