dave/coolify
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

feat(acl): Change views/backend code to able to use proper ACL's later on. Currently it is not enabled.

Browse Source
This commit is contained in:
Andras Bacsai
2025-08-26 10:27:31 +02:00
parent 5a88377a67
commit 63fcc0ebc3
159 changed files with 3610 additions and 1922 deletions
Download Patch File Download Diff File Expand all files Collapse all files

109
app/Policies/ApiTokenPolicy.php Normal file
View File

@@ -0,0 +1,109 @@
<?php
namespace App\Policies;
use App\Models\User;
use Laravel\Sanctum\PersonalAccessToken;
class ApiTokenPolicy
{
/**
* Determine whether the user can view any API tokens.
*/
public function viewAny(User $user): bool
{
// Authorization temporarily disabled
/*
// Users can view their own API tokens
return true;
*/
return true;
}
/**
* Determine whether the user can view the API token.
*/
public function view(User $user, PersonalAccessToken $token): bool
{
// Authorization temporarily disabled
/*
// Users can only view their own tokens
return $user->id === $token->tokenable_id && $token->tokenable_type === User::class;
*/
return true;
}
/**
* Determine whether the user can create API tokens.
*/
public function create(User $user): bool
{
// Authorization temporarily disabled
/*
// All authenticated users can create their own API tokens
return true;
*/
return true;
}
/**
* Determine whether the user can update the API token.
*/
public function update(User $user, PersonalAccessToken $token): bool
{
// Authorization temporarily disabled
/*
// Users can only update their own tokens
return $user->id === $token->tokenable_id && $token->tokenable_type === User::class;
*/
return true;
}
/**
* Determine whether the user can delete the API token.
*/
public function delete(User $user, PersonalAccessToken $token): bool
{
// Authorization temporarily disabled
/*
// Users can only delete their own tokens
return $user->id === $token->tokenable_id && $token->tokenable_type === User::class;
*/
return true;
}
/**
* Determine whether the user can manage their own API tokens.
*/
public function manage(User $user): bool
{
// Authorization temporarily disabled
/*
// All authenticated users can manage their own API tokens
return true;
*/
return true;
}
/**
* Determine whether the user can use root permissions for API tokens.
*/
public function useRootPermissions(User $user): bool
{
// Only admins and owners can use root permissions
return $user->isAdmin() || $user->isOwner();
}
/**
* Determine whether the user can use write permissions for API tokens.
*/
public function useWritePermissions(User $user): bool
{
// Authorization temporarily disabled
/*
// Only admins and owners can use write permissions
return $user->isAdmin() || $user->isOwner();
*/
return true;
}
}

52
app/Policies/ApplicationPolicy.php
View File

@@ -13,6 +13,10 @@ class ApplicationPolicy
*/
public function viewAny(User $user): bool
{
// Authorization temporarily disabled
/*
return true;
*/
return true;
}
@@ -21,6 +25,10 @@ class ApplicationPolicy
*/
public function view(User $user, Application $application): bool
{
// Authorization temporarily disabled
/*
return true;
*/
return true;
}
@@ -29,11 +37,15 @@ class ApplicationPolicy
*/
public function create(User $user): bool
{
// Authorization temporarily disabled
/*
if ($user->isAdmin()) {
return true;
}
return false;
*/
return true;
}
/**
@@ -41,11 +53,15 @@ class ApplicationPolicy
*/
public function update(User $user, Application $application): Response
{
// Authorization temporarily disabled
/*
if ($user->isAdmin()) {
return Response::allow();
}
return Response::deny('As a member, you cannot update this application.<br/><br/>You need at least admin or owner permissions.');
*/
return Response::allow();
}
/**
@@ -53,11 +69,15 @@ class ApplicationPolicy
*/
public function delete(User $user, Application $application): bool
{
// Authorization temporarily disabled
/*
if ($user->isAdmin()) {
return true;
}
return false;
*/
return true;
}
/**
@@ -65,6 +85,10 @@ class ApplicationPolicy
*/
public function restore(User $user, Application $application): bool
{
// Authorization temporarily disabled
/*
return true;
*/
return true;
}
@@ -73,7 +97,11 @@ class ApplicationPolicy
*/
public function forceDelete(User $user, Application $application): bool
{
return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $application->team()->first()->id) !== null;
// Authorization temporarily disabled
/*
return $user->isAdmin() && $user->teams->contains('id', $application->team()->first()->id);
*/
return true;
}
/**
@@ -81,7 +109,11 @@ class ApplicationPolicy
*/
public function deploy(User $user, Application $application): bool
{
return $user->teams()->get()->firstWhere('id', $application->team()->first()->id) !== null;
// Authorization temporarily disabled
/*
return $user->teams->contains('id', $application->team()->first()->id);
*/
return true;
}
/**
@@ -89,7 +121,11 @@ class ApplicationPolicy
*/
public function manageDeployments(User $user, Application $application): bool
{
return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $application->team()->first()->id) !== null;
// Authorization temporarily disabled
/*
return $user->isAdmin() && $user->teams->contains('id', $application->team()->first()->id);
*/
return true;
}
/**
@@ -97,7 +133,11 @@ class ApplicationPolicy
*/
public function manageEnvironment(User $user, Application $application): bool
{
return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $application->team()->first()->id) !== null;
// Authorization temporarily disabled
/*
return $user->isAdmin() && $user->teams->contains('id', $application->team()->first()->id);
*/
return true;
}
/**
@@ -105,6 +145,10 @@ class ApplicationPolicy
*/
public function cleanupDeploymentQueue(User $user): bool
{
// Authorization temporarily disabled
/*
return $user->isAdmin();
*/
return true;
}
}

30
app/Policies/ApplicationPreviewPolicy.php
View File

@@ -21,7 +21,8 @@ class ApplicationPreviewPolicy
*/
public function view(User $user, ApplicationPreview $applicationPreview): bool
{
return $user->teams()->get()->firstWhere('id', $applicationPreview->application->team()->first()->id) !== null;
// return $user->teams->contains('id', $applicationPreview->application->team()->first()->id);
return true;
}
/**
@@ -29,7 +30,8 @@ class ApplicationPreviewPolicy
*/
public function create(User $user): bool
{
return $user->isAdmin();
// return $user->isAdmin();
return true;
}
/**
@@ -37,11 +39,12 @@ class ApplicationPreviewPolicy
*/
public function update(User $user, ApplicationPreview $applicationPreview): Response
{
if ($user->isAdmin()) {
return Response::allow();
}
// if ($user->isAdmin()) {
// return Response::allow();
// }
return Response::deny('As a member, you cannot update this preview.<br/><br/>You need at least admin or owner permissions.');
// return Response::deny('As a member, you cannot update this preview.<br/><br/>You need at least admin or owner permissions.');
return true;
}
/**
@@ -49,7 +52,8 @@ class ApplicationPreviewPolicy
*/
public function delete(User $user, ApplicationPreview $applicationPreview): bool
{
return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $applicationPreview->application->team()->first()->id) !== null;
// return $user->isAdmin() && $user->teams->contains('id', $applicationPreview->application->team()->first()->id);
return true;
}
/**
@@ -57,7 +61,8 @@ class ApplicationPreviewPolicy
*/
public function restore(User $user, ApplicationPreview $applicationPreview): bool
{
return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $applicationPreview->application->team()->first()->id) !== null;
// return $user->isAdmin() && $user->teams->contains('id', $applicationPreview->application->team()->first()->id);
return true;
}
/**
@@ -65,7 +70,8 @@ class ApplicationPreviewPolicy
*/
public function forceDelete(User $user, ApplicationPreview $applicationPreview): bool
{
return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $applicationPreview->application->team()->first()->id) !== null;
// return $user->isAdmin() && $user->teams->contains('id', $applicationPreview->application->team()->first()->id);
return true;
}
/**
@@ -73,7 +79,8 @@ class ApplicationPreviewPolicy
*/
public function deploy(User $user, ApplicationPreview $applicationPreview): bool
{
return $user->teams()->get()->firstWhere('id', $applicationPreview->application->team()->first()->id) !== null;
// return $user->teams->contains('id', $applicationPreview->application->team()->first()->id);
return true;
}
/**
@@ -81,6 +88,7 @@ class ApplicationPreviewPolicy
*/
public function manageDeployments(User $user, ApplicationPreview $applicationPreview): bool
{
return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $applicationPreview->application->team()->first()->id) !== null;
// return $user->isAdmin() && $user->teams->contains('id', $applicationPreview->application->team()->first()->id);
return true;
}
}

18
app/Policies/ApplicationSettingPolicy.php
View File

@@ -20,7 +20,8 @@ class ApplicationSettingPolicy
*/
public function view(User $user, ApplicationSetting $applicationSetting): bool
{
return $user->teams()->get()->firstWhere('id', $applicationSetting->application->team()->first()->id) !== null;
// return $user->teams->contains('id', $applicationSetting->application->team()->first()->id);
return true;
}
/**
@@ -28,7 +29,8 @@ class ApplicationSettingPolicy
*/
public function create(User $user): bool
{
return $user->isAdmin();
// return $user->isAdmin();
return true;
}
/**
@@ -36,7 +38,8 @@ class ApplicationSettingPolicy
*/
public function update(User $user, ApplicationSetting $applicationSetting): bool
{
return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $applicationSetting->application->team()->first()->id) !== null;
// return $user->isAdmin() && $user->teams->contains('id', $applicationSetting->application->team()->first()->id);
return true;
}
/**
@@ -44,7 +47,8 @@ class ApplicationSettingPolicy
*/
public function delete(User $user, ApplicationSetting $applicationSetting): bool
{
return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $applicationSetting->application->team()->first()->id) !== null;
// return $user->isAdmin() && $user->teams->contains('id', $applicationSetting->application->team()->first()->id);
return true;
}
/**
@@ -52,7 +56,8 @@ class ApplicationSettingPolicy
*/
public function restore(User $user, ApplicationSetting $applicationSetting): bool
{
return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $applicationSetting->application->team()->first()->id) !== null;
// return $user->isAdmin() && $user->teams->contains('id', $applicationSetting->application->team()->first()->id);
return true;
}
/**
@@ -60,6 +65,7 @@ class ApplicationSettingPolicy
*/
public function forceDelete(User $user, ApplicationSetting $applicationSetting): bool
{
return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $applicationSetting->application->team()->first()->id) !== null;
// return $user->isAdmin() && $user->teams->contains('id', $applicationSetting->application->team()->first()->id);
return true;
}
}

33
app/Policies/DatabasePolicy.php
View File

@@ -20,7 +20,8 @@ class DatabasePolicy
*/
public function view(User $user, $database): bool
{
return $user->teams()->get()->firstWhere('id', $database->team()->first()->id) !== null;
// return $user->teams->contains('id', $database->team()->first()->id);
return true;
}
/**
@@ -28,7 +29,8 @@ class DatabasePolicy
*/
public function create(User $user): bool
{
return $user->isAdmin();
// return $user->isAdmin();
return true;
}
/**
@@ -36,11 +38,12 @@ class DatabasePolicy
*/
public function update(User $user, $database): Response
{
if ($user->isAdmin() && $user->teams()->get()->firstWhere('id', $database->team()->first()->id) !== null) {
return Response::allow();
}
// if ($user->isAdmin() && $user->teams->contains('id', $database->team()->first()->id)) {
// return Response::allow();
// }
return Response::deny('As a member, you cannot update this database.<br/><br/>You need at least admin or owner permissions.');
// return Response::deny('As a member, you cannot update this database.<br/><br/>You need at least admin or owner permissions.');
return true;
}
/**
@@ -48,7 +51,8 @@ class DatabasePolicy
*/
public function delete(User $user, $database): bool
{
return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $database->team()->first()->id) !== null;
// return $user->isAdmin() && $user->teams->contains('id', $database->team()->first()->id);
return true;
}
/**
@@ -56,7 +60,8 @@ class DatabasePolicy
*/
public function restore(User $user, $database): bool
{
return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $database->team()->first()->id) !== null;
// return $user->isAdmin() && $user->teams->contains('id', $database->team()->first()->id);
return true;
}
/**
@@ -64,7 +69,8 @@ class DatabasePolicy
*/
public function forceDelete(User $user, $database): bool
{
return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $database->team()->first()->id) !== null;
// return $user->isAdmin() && $user->teams->contains('id', $database->team()->first()->id);
return true;
}
/**
@@ -72,7 +78,8 @@ class DatabasePolicy
*/
public function manage(User $user, $database): bool
{
return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $database->team()->first()->id) !== null;
// return $user->isAdmin() && $user->teams->contains('id', $database->team()->first()->id);
return true;
}
/**
@@ -80,7 +87,8 @@ class DatabasePolicy
*/
public function manageBackups(User $user, $database): bool
{
return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $database->team()->first()->id) !== null;
// return $user->isAdmin() && $user->teams->contains('id', $database->team()->first()->id);
return true;
}
/**
@@ -88,6 +96,7 @@ class DatabasePolicy
*/
public function manageEnvironment(User $user, $database): bool
{
return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $database->team()->first()->id) !== null;
// return $user->isAdmin() && $user->teams->contains('id', $database->team()->first()->id);
return true;
}
}

18
app/Policies/EnvironmentPolicy.php
View File

@@ -20,7 +20,8 @@ class EnvironmentPolicy
*/
public function view(User $user, Environment $environment): bool
{
return $user->teams()->get()->firstWhere('id', $environment->project->team_id) !== null;
// return $user->teams->contains('id', $environment->project->team_id);
return true;
}
/**
@@ -28,7 +29,8 @@ class EnvironmentPolicy
*/
public function create(User $user): bool
{
return $user->isAdmin();
// return $user->isAdmin();
return true;
}
/**
@@ -36,7 +38,8 @@ class EnvironmentPolicy
*/
public function update(User $user, Environment $environment): bool
{
return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $environment->project->team_id) !== null;
// return $user->isAdmin() && $user->teams->contains('id', $environment->project->team_id);
return true;
}
/**
@@ -44,7 +47,8 @@ class EnvironmentPolicy
*/
public function delete(User $user, Environment $environment): bool
{
return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $environment->project->team_id) !== null;
// return $user->isAdmin() && $user->teams->contains('id', $environment->project->team_id);
return true;
}
/**
@@ -52,7 +56,8 @@ class EnvironmentPolicy
*/
public function restore(User $user, Environment $environment): bool
{
return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $environment->project->team_id) !== null;
// return $user->isAdmin() && $user->teams->contains('id', $environment->project->team_id);
return true;
}
/**
@@ -60,6 +65,7 @@ class EnvironmentPolicy
*/
public function forceDelete(User $user, Environment $environment): bool
{
return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $environment->project->team_id) !== null;
// return $user->isAdmin() && $user->teams->contains('id', $environment->project->team_id);
return true;
}
}

79
app/Policies/GithubAppPolicy.php Normal file
View File

@@ -0,0 +1,79 @@
<?php
namespace App\Policies;
use App\Models\GithubApp;
use App\Models\User;
class GithubAppPolicy
{
/**
* Determine whether the user can view any models.
*/
public function viewAny(User $user): bool
{
return true;
}
/**
* Determine whether the user can view the model.
*/
public function view(User $user, GithubApp $githubApp): bool
{
// return $user->teams->contains('id', $githubApp->team_id) || $githubApp->is_system_wide;
return true;
}
/**
* Determine whether the user can create models.
*/
public function create(User $user): bool
{
// return $user->isAdmin();
return true;
}
/**
* Determine whether the user can update the model.
*/
public function update(User $user, GithubApp $githubApp): bool
{
if ($githubApp->is_system_wide) {
// return $user->isAdmin();
return true;
}
// return $user->isAdmin() && $user->teams->contains('id', $githubApp->team_id);
return true;
}
/**
* Determine whether the user can delete the model.
*/
public function delete(User $user, GithubApp $githubApp): bool
{
if ($githubApp->is_system_wide) {
// return $user->isAdmin();
return true;
}
// return $user->isAdmin() && $user->teams->contains('id', $githubApp->team_id);
return true;
}
/**
* Determine whether the user can restore the model.
*/
public function restore(User $user, GithubApp $githubApp): bool
{
return false;
}
/**
* Determine whether the user can permanently delete the model.
*/
public function forceDelete(User $user, GithubApp $githubApp): bool
{
return false;
}
}

56
app/Policies/NotificationPolicy.php Normal file
View File

@@ -0,0 +1,56 @@
<?php
namespace App\Policies;
use App\Models\User;
use Illuminate\Database\Eloquent\Model;
class NotificationPolicy
{
/**
* Determine whether the user can view the notification settings.
*/
public function view(User $user, Model $notificationSettings): bool
{
// Check if the notification settings belong to the user's current team
if (! $notificationSettings->team) {
return false;
}
// return $user->teams()->where('teams.id', $notificationSettings->team->id)->exists();
return true;
}
/**
* Determine whether the user can update the notification settings.
*/
public function update(User $user, Model $notificationSettings): bool
{
// Check if the notification settings belong to the user's current team
if (! $notificationSettings->team) {
return false;
}
// Only owners and admins can update notification settings
// return $user->isAdmin() || $user->isOwner();
return true;
}
/**
* Determine whether the user can manage (create, update, delete) notification settings.
*/
public function manage(User $user, Model $notificationSettings): bool
{
// return $this->update($user, $notificationSettings);
return true;
}
/**
* Determine whether the user can send test notifications.
*/
public function sendTest(User $user, Model $notificationSettings): bool
{
// return $this->update($user, $notificationSettings);
return true;
}
}

12
app/Policies/PrivateKeyPolicy.php
View File

@@ -20,7 +20,8 @@ class PrivateKeyPolicy
*/
public function view(User $user, PrivateKey $privateKey): bool
{
return $user->teams()->get()->firstWhere('id', $privateKey->team_id) !== null;
// return $user->teams->contains('id', $privateKey->team_id);
return true;
}
/**
@@ -28,7 +29,8 @@ class PrivateKeyPolicy
*/
public function create(User $user): bool
{
return $user->isAdmin();
// return $user->isAdmin();
return true;
}
/**
@@ -36,7 +38,8 @@ class PrivateKeyPolicy
*/
public function update(User $user, PrivateKey $privateKey): bool
{
return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $privateKey->team_id) !== null;
// return $user->isAdmin() && $user->teams->contains('id', $privateKey->team_id);
return true;
}
/**
@@ -44,7 +47,8 @@ class PrivateKeyPolicy
*/
public function delete(User $user, PrivateKey $privateKey): bool
{
return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $privateKey->team_id) !== null;
// return $user->isAdmin() && $user->teams->contains('id', $privateKey->team_id);
return true;
}
/**

18
app/Policies/ProjectPolicy.php
View File

@@ -20,7 +20,8 @@ class ProjectPolicy
*/
public function view(User $user, Project $project): bool
{
return $user->teams()->get()->firstWhere('id', $project->team_id) !== null;
// return $user->teams->contains('id', $project->team_id);
return true;
}
/**
@@ -28,7 +29,8 @@ class ProjectPolicy
*/
public function create(User $user): bool
{
return $user->isAdmin();
// return $user->isAdmin();
return true;
}
/**
@@ -36,7 +38,8 @@ class ProjectPolicy
*/
public function update(User $user, Project $project): bool
{
return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $project->team_id) !== null;
// return $user->isAdmin() && $user->teams->contains('id', $project->team_id);
return true;
}
/**
@@ -44,7 +47,8 @@ class ProjectPolicy
*/
public function delete(User $user, Project $project): bool
{
return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $project->team_id) !== null;
// return $user->isAdmin() && $user->teams->contains('id', $project->team_id);
return true;
}
/**
@@ -52,7 +56,8 @@ class ProjectPolicy
*/
public function restore(User $user, Project $project): bool
{
return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $project->team_id) !== null;
// return $user->isAdmin() && $user->teams->contains('id', $project->team_id);
return true;
}
/**
@@ -60,6 +65,7 @@ class ProjectPolicy
*/
public function forceDelete(User $user, Project $project): bool
{
return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $project->team_id) !== null;
// return $user->isAdmin() && $user->teams->contains('id', $project->team_id);
return true;
}
}

7
app/Policies/ResourceCreatePolicy.php
View File

@@ -30,6 +30,7 @@ class ResourceCreatePolicy
StandaloneClickhouse::class,
Service::class,
Application::class,
GithubApp::class,
];
/**
@@ -37,7 +38,8 @@ class ResourceCreatePolicy
*/
public function createAny(User $user): bool
{
return $user->isAdmin();
// return $user->isAdmin();
return true;
}
/**
@@ -49,7 +51,8 @@ class ResourceCreatePolicy
return false;
}
return $user->isAdmin();
// return $user->isAdmin();
return true;
}
/**

19
app/Policies/S3StoragePolicy.php
View File

@@ -3,7 +3,6 @@
namespace App\Policies;
use App\Models\S3Storage;
use App\Models\Server;
use App\Models\User;
class S3StoragePolicy
@@ -21,7 +20,7 @@ class S3StoragePolicy
*/
public function view(User $user, S3Storage $storage): bool
{
return $user->teams()->get()->firstWhere('id', $storage->team_id)->exists();
return $user->teams->contains('id', $storage->team_id);
}
/**
@@ -35,9 +34,10 @@ class S3StoragePolicy
/**
* Determine whether the user can update the model.
*/
public function update(User $user, Server $server): bool
public function update(User $user, S3Storage $storage): bool
{
return $user->teams()->get()->firstWhere('id', $server->team_id)->exists() && $user->isAdmin();
// return $user->teams->contains('id', $storage->team_id) && $user->isAdmin();
return $user->teams->contains('id', $storage->team_id);
}
/**
@@ -45,7 +45,8 @@ class S3StoragePolicy
*/
public function delete(User $user, S3Storage $storage): bool
{
return $user->teams()->get()->firstWhere('id', $storage->team_id)->exists() && $user->isAdmin();
// return $user->teams->contains('id', $storage->team_id) && $user->isAdmin();
return $user->teams->contains('id', $storage->team_id);
}
/**
@@ -63,4 +64,12 @@ class S3StoragePolicy
{
return false;
}
/**
* Determine whether the user can validate the connection of the model.
*/
public function validateConnection(User $user, S3Storage $storage): bool
{
return $user->teams->contains('id', $storage->team_id);
}
}

16
app/Policies/ServerPolicy.php
View File

@@ -20,7 +20,7 @@ class ServerPolicy
*/
public function view(User $user, Server $server): bool
{
return $user->teams()->get()->firstWhere('id', $server->team_id) !== null;
return $user->teams->contains('id', $server->team_id);
}
/**
@@ -36,7 +36,7 @@ class ServerPolicy
*/
public function update(User $user, Server $server): bool
{
return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $server->team_id) !== null;
return $user->isAdmin() && $user->teams->contains('id', $server->team_id);
}
/**
@@ -44,7 +44,7 @@ class ServerPolicy
*/
public function delete(User $user, Server $server): bool
{
return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $server->team_id) !== null;
return $user->isAdmin() && $user->teams->contains('id', $server->team_id);
}
/**
@@ -68,7 +68,7 @@ class ServerPolicy
*/
public function manageProxy(User $user, Server $server): bool
{
return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $server->team_id) !== null;
return $user->isAdmin() && $user->teams->contains('id', $server->team_id);
}
/**
@@ -76,7 +76,7 @@ class ServerPolicy
*/
public function manageSentinel(User $user, Server $server): bool
{
return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $server->team_id) !== null;
return $user->isAdmin() && $user->teams->contains('id', $server->team_id);
}
/**
@@ -84,7 +84,7 @@ class ServerPolicy
*/
public function manageCaCertificate(User $user, Server $server): bool
{
return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $server->team_id) !== null;
return $user->isAdmin() && $user->teams->contains('id', $server->team_id);
}
/**
@@ -92,7 +92,7 @@ class ServerPolicy
*/
public function viewTerminal(User $user, Server $server): bool
{
return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $server->team_id) !== null;
return $user->isAdmin() && $user->teams->contains('id', $server->team_id);
}
/**
@@ -100,6 +100,6 @@ class ServerPolicy
*/
public function viewSecurity(User $user, Server $server): bool
{
return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $server->team_id) !== null;
return $user->isAdmin() && $user->teams->contains('id', $server->team_id);
}
}

63
app/Policies/ServiceApplicationPolicy.php Normal file
View File

@@ -0,0 +1,63 @@
<?php
namespace App\Policies;
use App\Models\ServiceApplication;
use App\Models\User;
use Illuminate\Support\Facades\Gate;
class ServiceApplicationPolicy
{
/**
* Determine whether the user can view the model.
*/
public function view(User $user, ServiceApplication $serviceApplication): bool
{
return Gate::allows('view', $serviceApplication->service);
}
/**
* Determine whether the user can create models.
*/
public function create(User $user): bool
{
// return $user->isAdmin();
return true;
}
/**
* Determine whether the user can update the model.
*/
public function update(User $user, ServiceApplication $serviceApplication): bool
{
// return Gate::allows('update', $serviceApplication->service);
return true;
}
/**
* Determine whether the user can delete the model.
*/
public function delete(User $user, ServiceApplication $serviceApplication): bool
{
// return Gate::allows('delete', $serviceApplication->service);
return true;
}
/**
* Determine whether the user can restore the model.
*/
public function restore(User $user, ServiceApplication $serviceApplication): bool
{
// return Gate::allows('update', $serviceApplication->service);
return true;
}
/**
* Determine whether the user can permanently delete the model.
*/
public function forceDelete(User $user, ServiceApplication $serviceApplication): bool
{
// return Gate::allows('delete', $serviceApplication->service);
return true;
}
}

63
app/Policies/ServiceDatabasePolicy.php Normal file
View File

@@ -0,0 +1,63 @@
<?php
namespace App\Policies;
use App\Models\ServiceDatabase;
use App\Models\User;
use Illuminate\Support\Facades\Gate;
class ServiceDatabasePolicy
{
/**
* Determine whether the user can view the model.
*/
public function view(User $user, ServiceDatabase $serviceDatabase): bool
{
return Gate::allows('view', $serviceDatabase->service);
}
/**
* Determine whether the user can create models.
*/
public function create(User $user): bool
{
// return $user->isAdmin();
return true;
}
/**
* Determine whether the user can update the model.
*/
public function update(User $user, ServiceDatabase $serviceDatabase): bool
{
// return Gate::allows('update', $serviceDatabase->service);
return true;
}
/**
* Determine whether the user can delete the model.
*/
public function delete(User $user, ServiceDatabase $serviceDatabase): bool
{
// return Gate::allows('delete', $serviceDatabase->service);
return true;
}
/**
* Determine whether the user can restore the model.
*/
public function restore(User $user, ServiceDatabase $serviceDatabase): bool
{
// return Gate::allows('update', $serviceDatabase->service);
return true;
}
/**
* Determine whether the user can permanently delete the model.
*/
public function forceDelete(User $user, ServiceDatabase $serviceDatabase): bool
{
// return Gate::allows('delete', $serviceDatabase->service);
return true;
}
}

60
app/Policies/ServicePolicy.php
View File

@@ -28,7 +28,8 @@ class ServicePolicy
*/
public function create(User $user): bool
{
return $user->isAdmin();
// return $user->isAdmin();
return true;
}
/**
@@ -36,7 +37,13 @@ class ServicePolicy
*/
public function update(User $user, Service $service): bool
{
return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $service->team()->first()->id) !== null;
$team = $service->team();
if (! $team) {
return false;
}
// return $user->isAdmin() && $user->teams->contains('id', $team->id);
return true;
}
/**
@@ -44,11 +51,12 @@ class ServicePolicy
*/
public function delete(User $user, Service $service): bool
{
if ($user->isAdmin()) {
return true;
}
// if ($user->isAdmin()) {
// return true;
// }
return false;
// return false;
return true;
}
/**
@@ -56,6 +64,7 @@ class ServicePolicy
*/
public function restore(User $user, Service $service): bool
{
// return true;
return true;
}
@@ -64,16 +73,23 @@ class ServicePolicy
*/
public function forceDelete(User $user, Service $service): bool
{
if ($user->isAdmin()) {
return true;
}
// if ($user->isAdmin()) {
// return true;
// }
return false;
// return false;
return true;
}
public function stop(User $user, Service $service): bool
{
return $user->teams()->get()->firstWhere('id', $service->team()->first()->id) !== null;
$team = $service->team();
if (! $team) {
return false;
}
// return $user->teams->contains('id', $team->id);
return true;
}
/**
@@ -81,7 +97,13 @@ class ServicePolicy
*/
public function manageEnvironment(User $user, Service $service): bool
{
return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $service->team()->first()->id) !== null;
$team = $service->team();
if (! $team) {
return false;
}
// return $user->isAdmin() && $user->teams->contains('id', $team->id);
return true;
}
/**
@@ -89,6 +111,18 @@ class ServicePolicy
*/
public function deploy(User $user, Service $service): bool
{
return $user->teams()->get()->firstWhere('id', $service->team()->first()->id) !== null;
$team = $service->team();
if (! $team) {
return false;
}
// return $user->teams->contains('id', $team->id);
return true;
}
public function accessTerminal(User $user, Service $service): bool
{
// return $user->isAdmin() || $user->teams->contains('id', $service->team()->id);
return true;
}
}

79
app/Policies/SharedEnvironmentVariablePolicy.php Normal file
View File

@@ -0,0 +1,79 @@
<?php
namespace App\Policies;
use App\Models\SharedEnvironmentVariable;
use App\Models\User;
class SharedEnvironmentVariablePolicy
{
/**
* Determine whether the user can view any models.
*/
public function viewAny(User $user): bool
{
return true;
}
/**
* Determine whether the user can view the model.
*/
public function view(User $user, SharedEnvironmentVariable $sharedEnvironmentVariable): bool
{
return $user->teams->contains('id', $sharedEnvironmentVariable->team_id);
}
/**
* Determine whether the user can create models.
*/
public function create(User $user): bool
{
// return $user->isAdmin();
return true;
}
/**
* Determine whether the user can update the model.
*/
public function update(User $user, SharedEnvironmentVariable $sharedEnvironmentVariable): bool
{
// return $user->isAdmin() && $user->teams->contains('id', $sharedEnvironmentVariable->team_id);
return true;
}
/**
* Determine whether the user can delete the model.
*/
public function delete(User $user, SharedEnvironmentVariable $sharedEnvironmentVariable): bool
{
// return $user->isAdmin() && $user->teams->contains('id', $sharedEnvironmentVariable->team_id);
return true;
}
/**
* Determine whether the user can restore the model.
*/
public function restore(User $user, SharedEnvironmentVariable $sharedEnvironmentVariable): bool
{
// return $user->isAdmin() && $user->teams->contains('id', $sharedEnvironmentVariable->team_id);
return true;
}
/**
* Determine whether the user can permanently delete the model.
*/
public function forceDelete(User $user, SharedEnvironmentVariable $sharedEnvironmentVariable): bool
{
// return $user->isAdmin() && $user->teams->contains('id', $sharedEnvironmentVariable->team_id);
return true;
}
/**
* Determine whether the user can manage environment variables.
*/
public function manageEnvironment(User $user, SharedEnvironmentVariable $sharedEnvironmentVariable): bool
{
// return $user->isAdmin() && $user->teams->contains('id', $sharedEnvironmentVariable->team_id);
return true;
}
}

17
app/Policies/StandaloneDockerPolicy.php
View File

@@ -20,7 +20,7 @@ class StandaloneDockerPolicy
*/
public function view(User $user, StandaloneDocker $standaloneDocker): bool
{
return $user->teams()->get()->firstWhere('id', $standaloneDocker->server->team_id) !== null;
return $user->teams->contains('id', $standaloneDocker->server->team_id);
}
/**
@@ -28,7 +28,8 @@ class StandaloneDockerPolicy
*/
public function create(User $user): bool
{
return $user->isAdmin();
// return $user->isAdmin();
return true;
}
/**
@@ -36,7 +37,8 @@ class StandaloneDockerPolicy
*/
public function update(User $user, StandaloneDocker $standaloneDocker): bool
{
return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $standaloneDocker->server->team_id) !== null;
// return $user->isAdmin() && $user->teams->contains('id', $standaloneDocker->server->team_id);
return true;
}
/**
@@ -44,7 +46,8 @@ class StandaloneDockerPolicy
*/
public function delete(User $user, StandaloneDocker $standaloneDocker): bool
{
return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $standaloneDocker->server->team_id) !== null;
// return $user->isAdmin() && $user->teams->contains('id', $standaloneDocker->server->team_id);
return true;
}
/**
@@ -52,7 +55,8 @@ class StandaloneDockerPolicy
*/
public function restore(User $user, StandaloneDocker $standaloneDocker): bool
{
return false;
// return false;
return true;
}
/**
@@ -60,6 +64,7 @@ class StandaloneDockerPolicy
*/
public function forceDelete(User $user, StandaloneDocker $standaloneDocker): bool
{
return false;
// return false;
return true;
}
}

17
app/Policies/SwarmDockerPolicy.php
View File

@@ -20,7 +20,7 @@ class SwarmDockerPolicy
*/
public function view(User $user, SwarmDocker $swarmDocker): bool
{
return $user->teams()->get()->firstWhere('id', $swarmDocker->server->team_id) !== null;
return $user->teams->contains('id', $swarmDocker->server->team_id);
}
/**
@@ -28,7 +28,8 @@ class SwarmDockerPolicy
*/
public function create(User $user): bool
{
return $user->isAdmin();
// return $user->isAdmin();
return true;
}
/**
@@ -36,7 +37,8 @@ class SwarmDockerPolicy
*/
public function update(User $user, SwarmDocker $swarmDocker): bool
{
return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $swarmDocker->server->team_id) !== null;
// return $user->isAdmin() && $user->teams->contains('id', $swarmDocker->server->team_id);
return true;
}
/**
@@ -44,7 +46,8 @@ class SwarmDockerPolicy
*/
public function delete(User $user, SwarmDocker $swarmDocker): bool
{
return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $swarmDocker->server->team_id) !== null;
// return $user->isAdmin() && $user->teams->contains('id', $swarmDocker->server->team_id);
return true;
}
/**
@@ -52,7 +55,8 @@ class SwarmDockerPolicy
*/
public function restore(User $user, SwarmDocker $swarmDocker): bool
{
return false;
// return false;
return true;
}
/**
@@ -60,6 +64,7 @@ class SwarmDockerPolicy
*/
public function forceDelete(User $user, SwarmDocker $swarmDocker): bool
{
return false;
// return false;
return true;
}
}

104
app/Policies/TeamPolicy.php Normal file
View File

@@ -0,0 +1,104 @@
<?php
namespace App\Policies;
use App\Models\Team;
use App\Models\User;
class TeamPolicy
{
/**
* Determine whether the user can view any models.
*/
public function viewAny(User $user): bool
{
return true;
}
/**
* Determine whether the user can view the model.
*/
public function view(User $user, Team $team): bool
{
return $user->teams->contains('id', $team->id);
}
/**
* Determine whether the user can create models.
*/
public function create(User $user): bool
{
// All authenticated users can create teams
return true;
}
/**
* Determine whether the user can update the model.
*/
public function update(User $user, Team $team): bool
{
// Only admins and owners can update team settings
if (! $user->teams->contains('id', $team->id)) {
return false;
}
// return $user->isAdmin() || $user->isOwner();
return true;
}
/**
* Determine whether the user can delete the model.
*/
public function delete(User $user, Team $team): bool
{
// Only admins and owners can delete teams
if (! $user->teams->contains('id', $team->id)) {
return false;
}
// return $user->isAdmin() || $user->isOwner();
return true;
}
/**
* Determine whether the user can manage team members.
*/
public function manageMembers(User $user, Team $team): bool
{
// Only admins and owners can manage team members
if (! $user->teams->contains('id', $team->id)) {
return false;
}
// return $user->isAdmin() || $user->isOwner();
return true;
}
/**
* Determine whether the user can view admin panel.
*/
public function viewAdmin(User $user, Team $team): bool
{
// Only admins and owners can view admin panel
if (! $user->teams->contains('id', $team->id)) {
return false;
}
// return $user->isAdmin() || $user->isOwner();
return true;
}
/**
* Determine whether the user can manage invitations.
*/
public function manageInvitations(User $user, Team $team): bool
{
// Only admins and owners can manage invitations
if (! $user->teams->contains('id', $team->id)) {
return false;
}
// return $user->isAdmin() || $user->isOwner();
return true;
}
}