feat(auth): implement authorization checks for application management

2025-08-22 16:47:59 +02:00
parent 37ee6717e9
commit 40f108d6e1
14 changed files with 449 additions and 144 deletions
--- a/app/Livewire/Project/Shared/Danger.php
+++ b/app/Livewire/Project/Shared/Danger.php
@@ -7,6 +7,7 @@ use App\Models\InstanceSettings;
 use App\Models\Service;
 use App\Models\ServiceApplication;
 use App\Models\ServiceDatabase;
+use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Hash;
 use Livewire\Component;
@@ -14,6 +15,8 @@ use Visus\Cuid2\Cuid2;

 class Danger extends Component
 {
+    use AuthorizesRequests;
+
    public $resource;

    public $resourceName;
@@ -96,6 +99,7 @@ class Danger extends Component
        }

        try {
+            $this->authorize('delete', $this->resource);
            $this->resource->delete();
            DeleteResourceJob::dispatch(
                $this->resource,
--- a/app/Livewire/Project/Shared/EnvironmentVariable/All.php
+++ b/app/Livewire/Project/Shared/EnvironmentVariable/All.php
@@ -4,11 +4,12 @@ namespace App\Livewire\Project\Shared\EnvironmentVariable;

 use App\Models\EnvironmentVariable;
 use App\Traits\EnvironmentVariableProtection;
+use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
 use Livewire\Component;

 class All extends Component
 {
-    use EnvironmentVariableProtection;
+    use AuthorizesRequests, EnvironmentVariableProtection;

    public $resource;

@@ -44,6 +45,8 @@ class All extends Component

    public function instantSave()
    {
+        $this->authorize('manageEnvironment', $this->resource);
+
        $this->resource->settings->is_env_sorting_enabled = $this->is_env_sorting_enabled;
        $this->resource->settings->save();
        $this->sortEnvironmentVariables();
@@ -95,6 +98,8 @@ class All extends Component

    public function submit($data = null)
    {
+        $this->authorize('manageEnvironment', $this->resource);
+
        try {
            if ($data === null) {
                $this->handleBulkSubmit();
--- a/app/Livewire/Project/Shared/ResourceOperations.php
+++ b/app/Livewire/Project/Shared/ResourceOperations.php
@@ -12,11 +12,14 @@ use App\Models\Environment;
 use App\Models\Project;
 use App\Models\StandaloneDocker;
 use App\Models\SwarmDocker;
+use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
 use Livewire\Component;
 use Visus\Cuid2\Cuid2;

 class ResourceOperations extends Component
 {
+    use AuthorizesRequests;
+
    public $resource;

    public $projectUuid;
@@ -45,6 +48,8 @@ class ResourceOperations extends Component

    public function cloneTo($destination_id)
    {
+        $this->authorize('update', $this->resource);
+
        $new_destination = StandaloneDocker::find($destination_id);
        if (! $new_destination) {
            $new_destination = SwarmDocker::find($destination_id);
@@ -485,6 +490,7 @@ class ResourceOperations extends Component
    public function moveTo($environment_id)
    {
        try {
+            $this->authorize('update', $this->resource);
            $new_environment = Environment::findOrFail($environment_id);
            $this->resource->update([
                'environment_id' => $environment_id,