refactor(auth): simplify access control logic in CanAccessTerminal and ServerPolicy by allowing all users to perform actions
This commit is contained in:
Andras Bacsai
@@ -15,17 +15,15 @@ class CanAccessTerminal
|
||||
*/
|
||||
public function handle(Request $request, Closure $next): Response
|
||||
{
|
||||
if (! auth()->check()) {
|
||||
abort(401, 'Authentication required');
|
||||
}
|
||||
|
||||
// Only admins/owners can access terminal functionality
|
||||
if (! auth()->user()->can('canAccessTerminal')) {
|
||||
abort(403, 'Access to terminal functionality is restricted to team administrators');
|
||||
}
|
||||
|
||||
return $next($request);
|
||||
|
||||
// if (! auth()->check()) {
|
||||
// abort(401, 'Authentication required');
|
||||
// }
|
||||
|
||||
// // Only admins/owners can access terminal functionality
|
||||
// if (! auth()->user()->can('canAccessTerminal')) {
|
||||
// abort(403, 'Access to terminal functionality is restricted to team administrators');
|
||||
// }
|
||||
|
||||
// return $next($request);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -28,7 +28,8 @@ class ServerPolicy
|
||||
*/
|
||||
public function create(User $user): bool
|
||||
{
|
||||
return $user->isAdmin();
|
||||
// return $user->isAdmin();
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -36,7 +37,8 @@ class ServerPolicy
|
||||
*/
|
||||
public function update(User $user, Server $server): bool
|
||||
{
|
||||
return $user->isAdmin() && $user->teams->contains('id', $server->team_id);
|
||||
// return $user->isAdmin() && $user->teams->contains('id', $server->team_id);
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -44,7 +46,8 @@ class ServerPolicy
|
||||
*/
|
||||
public function delete(User $user, Server $server): bool
|
||||
{
|
||||
return $user->isAdmin() && $user->teams->contains('id', $server->team_id);
|
||||
// return $user->isAdmin() && $user->teams->contains('id', $server->team_id);
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -68,7 +71,8 @@ class ServerPolicy
|
||||
*/
|
||||
public function manageProxy(User $user, Server $server): bool
|
||||
{
|
||||
return $user->isAdmin() && $user->teams->contains('id', $server->team_id);
|
||||
// return $user->isAdmin() && $user->teams->contains('id', $server->team_id);
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -76,7 +80,8 @@ class ServerPolicy
|
||||
*/
|
||||
public function manageSentinel(User $user, Server $server): bool
|
||||
{
|
||||
return $user->isAdmin() && $user->teams->contains('id', $server->team_id);
|
||||
// return $user->isAdmin() && $user->teams->contains('id', $server->team_id);
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -84,15 +89,8 @@ class ServerPolicy
|
||||
*/
|
||||
public function manageCaCertificate(User $user, Server $server): bool
|
||||
{
|
||||
return $user->isAdmin() && $user->teams->contains('id', $server->team_id);
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can view terminal.
|
||||
*/
|
||||
public function viewTerminal(User $user, Server $server): bool
|
||||
{
|
||||
return $user->isAdmin() && $user->teams->contains('id', $server->team_id);
|
||||
// return $user->isAdmin() && $user->teams->contains('id', $server->team_id);
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -100,6 +98,7 @@ class ServerPolicy
|
||||
*/
|
||||
public function viewSecurity(User $user, Server $server): bool
|
||||
{
|
||||
return $user->isAdmin() && $user->teams->contains('id', $server->team_id);
|
||||
// return $user->isAdmin() && $user->teams->contains('id', $server->team_id);
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -67,8 +67,7 @@ class AuthServiceProvider extends ServiceProvider
|
||||
|
||||
// Register gate for terminal access
|
||||
Gate::define('canAccessTerminal', function ($user) {
|
||||
// return $user->isAdmin() || $user->isOwner();
|
||||
return true;
|
||||
return $user->isAdmin() || $user->isOwner();
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user