dave/coolify
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

feat(auth): implement authorization checks for application management

Browse Source
This commit is contained in:
Andras Bacsai
2025-08-22 16:47:59 +02:00
parent 37ee6717e9
commit 40f108d6e1
14 changed files with 449 additions and 144 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
app/Policies/ApplicationPolicy.php
View File

@@ -4,6 +4,7 @@ namespace App\Policies;
use App\Models\Application;
use App\Models\User;
use Illuminate\Auth\Access\Response;
class ApplicationPolicy
{
@@ -28,15 +29,23 @@ class ApplicationPolicy
*/
public function create(User $user): bool
{
return true;
if ($user->isAdmin()) {
return true;
}
return false;
}
/**
* Determine whether the user can update the model.
*/
public function update(User $user, Application $application): bool
public function update(User $user, Application $application): Response
{
return true;
if ($user->isAdmin()) {
return Response::allow();
}
return Response::deny('As a member, you cannot update this application.<br/><br/>You need at least admin or owner permissions.');
}
/**
@@ -64,6 +73,30 @@ class ApplicationPolicy
*/
public function forceDelete(User $user, Application $application): bool
{
return true;
return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $application->team()->first()->id) !== null;
}
/**
* Determine whether the user can deploy the application.
*/
public function deploy(User $user, Application $application): bool
{
return $user->teams()->get()->firstWhere('id', $application->team()->first()->id) !== null;
}
/**
* Determine whether the user can manage deployments.
*/
public function manageDeployments(User $user, Application $application): bool
{
return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $application->team()->first()->id) !== null;
}
/**
* Determine whether the user can manage environment variables.
*/
public function manageEnvironment(User $user, Application $application): bool
{
return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $application->team()->first()->id) !== null;
}
}