feat(auth): implement authorization for Docker and server management
- Added authorization checks in Livewire components related to Docker and server management to ensure only authorized users can create, update, and manage Docker instances and server settings. - Introduced new policies for StandaloneDocker and SwarmDocker to define access control rules based on user roles and team associations. - Updated AuthServiceProvider to register the new policies, enhancing security and access control for Docker functionalities and server management operations.
This commit is contained in:
@@ -5,6 +5,7 @@ namespace App\Livewire\Destination\New;
|
|||||||
use App\Models\Server;
|
use App\Models\Server;
|
||||||
use App\Models\StandaloneDocker;
|
use App\Models\StandaloneDocker;
|
||||||
use App\Models\SwarmDocker;
|
use App\Models\SwarmDocker;
|
||||||
|
use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
|
||||||
use Livewire\Attributes\Locked;
|
use Livewire\Attributes\Locked;
|
||||||
use Livewire\Attributes\Validate;
|
use Livewire\Attributes\Validate;
|
||||||
use Livewire\Component;
|
use Livewire\Component;
|
||||||
@@ -12,6 +13,8 @@ use Visus\Cuid2\Cuid2;
|
|||||||
|
|
||||||
class Docker extends Component
|
class Docker extends Component
|
||||||
{
|
{
|
||||||
|
use AuthorizesRequests;
|
||||||
|
|
||||||
#[Locked]
|
#[Locked]
|
||||||
public $servers;
|
public $servers;
|
||||||
|
|
||||||
@@ -67,6 +70,7 @@ class Docker extends Component
|
|||||||
public function submit()
|
public function submit()
|
||||||
{
|
{
|
||||||
try {
|
try {
|
||||||
|
$this->authorize('create', StandaloneDocker::class);
|
||||||
$this->validate();
|
$this->validate();
|
||||||
if ($this->isSwarm) {
|
if ($this->isSwarm) {
|
||||||
$found = $this->selectedServer->swarmDockers()->where('network', $this->network)->first();
|
$found = $this->selectedServer->swarmDockers()->where('network', $this->network)->first();
|
||||||
|
@@ -6,12 +6,15 @@ use App\Helpers\SslHelper;
|
|||||||
use App\Jobs\RegenerateSslCertJob;
|
use App\Jobs\RegenerateSslCertJob;
|
||||||
use App\Models\Server;
|
use App\Models\Server;
|
||||||
use App\Models\SslCertificate;
|
use App\Models\SslCertificate;
|
||||||
|
use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
|
||||||
use Illuminate\Support\Carbon;
|
use Illuminate\Support\Carbon;
|
||||||
use Livewire\Attributes\Locked;
|
use Livewire\Attributes\Locked;
|
||||||
use Livewire\Component;
|
use Livewire\Component;
|
||||||
|
|
||||||
class Show extends Component
|
class Show extends Component
|
||||||
{
|
{
|
||||||
|
use AuthorizesRequests;
|
||||||
|
|
||||||
#[Locked]
|
#[Locked]
|
||||||
public Server $server;
|
public Server $server;
|
||||||
|
|
||||||
@@ -52,6 +55,7 @@ class Show extends Component
|
|||||||
public function saveCaCertificate()
|
public function saveCaCertificate()
|
||||||
{
|
{
|
||||||
try {
|
try {
|
||||||
|
$this->authorize('manageCaCertificate', $this->server);
|
||||||
if (! $this->certificateContent) {
|
if (! $this->certificateContent) {
|
||||||
throw new \Exception('Certificate content cannot be empty.');
|
throw new \Exception('Certificate content cannot be empty.');
|
||||||
}
|
}
|
||||||
@@ -82,6 +86,7 @@ class Show extends Component
|
|||||||
public function regenerateCaCertificate()
|
public function regenerateCaCertificate()
|
||||||
{
|
{
|
||||||
try {
|
try {
|
||||||
|
$this->authorize('manageCaCertificate', $this->server);
|
||||||
SslHelper::generateSslCertificate(
|
SslHelper::generateSslCertificate(
|
||||||
commonName: 'Coolify CA Certificate',
|
commonName: 'Coolify CA Certificate',
|
||||||
serverId: $this->server->id,
|
serverId: $this->server->id,
|
||||||
|
@@ -5,11 +5,14 @@ namespace App\Livewire\Server;
|
|||||||
use App\Models\Server;
|
use App\Models\Server;
|
||||||
use App\Models\StandaloneDocker;
|
use App\Models\StandaloneDocker;
|
||||||
use App\Models\SwarmDocker;
|
use App\Models\SwarmDocker;
|
||||||
|
use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
|
||||||
use Illuminate\Support\Collection;
|
use Illuminate\Support\Collection;
|
||||||
use Livewire\Component;
|
use Livewire\Component;
|
||||||
|
|
||||||
class Destinations extends Component
|
class Destinations extends Component
|
||||||
{
|
{
|
||||||
|
use AuthorizesRequests;
|
||||||
|
|
||||||
public Server $server;
|
public Server $server;
|
||||||
|
|
||||||
public Collection $networks;
|
public Collection $networks;
|
||||||
@@ -33,6 +36,7 @@ class Destinations extends Component
|
|||||||
public function add($name)
|
public function add($name)
|
||||||
{
|
{
|
||||||
if ($this->server->isSwarm()) {
|
if ($this->server->isSwarm()) {
|
||||||
|
$this->authorize('create', SwarmDocker::class);
|
||||||
$found = $this->server->swarmDockers()->where('network', $name)->first();
|
$found = $this->server->swarmDockers()->where('network', $name)->first();
|
||||||
if ($found) {
|
if ($found) {
|
||||||
$this->dispatch('error', 'Network already added to this server.');
|
$this->dispatch('error', 'Network already added to this server.');
|
||||||
@@ -46,6 +50,7 @@ class Destinations extends Component
|
|||||||
]);
|
]);
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
$this->authorize('create', StandaloneDocker::class);
|
||||||
$found = $this->server->standaloneDockers()->where('network', $name)->first();
|
$found = $this->server->standaloneDockers()->where('network', $name)->first();
|
||||||
if ($found) {
|
if ($found) {
|
||||||
$this->dispatch('error', 'Network already added to this server.');
|
$this->dispatch('error', 'Network already added to this server.');
|
||||||
|
@@ -8,10 +8,13 @@ use App\Actions\Proxy\StopProxy;
|
|||||||
use App\Jobs\RestartProxyJob;
|
use App\Jobs\RestartProxyJob;
|
||||||
use App\Models\Server;
|
use App\Models\Server;
|
||||||
use App\Services\ProxyDashboardCacheService;
|
use App\Services\ProxyDashboardCacheService;
|
||||||
|
use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
|
||||||
use Livewire\Component;
|
use Livewire\Component;
|
||||||
|
|
||||||
class Navbar extends Component
|
class Navbar extends Component
|
||||||
{
|
{
|
||||||
|
use AuthorizesRequests;
|
||||||
|
|
||||||
public Server $server;
|
public Server $server;
|
||||||
|
|
||||||
public bool $isChecking = false;
|
public bool $isChecking = false;
|
||||||
@@ -57,6 +60,7 @@ class Navbar extends Component
|
|||||||
public function restart()
|
public function restart()
|
||||||
{
|
{
|
||||||
try {
|
try {
|
||||||
|
$this->authorize('manageProxy', $this->server);
|
||||||
RestartProxyJob::dispatch($this->server);
|
RestartProxyJob::dispatch($this->server);
|
||||||
} catch (\Throwable $e) {
|
} catch (\Throwable $e) {
|
||||||
return handleError($e, $this);
|
return handleError($e, $this);
|
||||||
@@ -66,6 +70,7 @@ class Navbar extends Component
|
|||||||
public function checkProxy()
|
public function checkProxy()
|
||||||
{
|
{
|
||||||
try {
|
try {
|
||||||
|
$this->authorize('manageProxy', $this->server);
|
||||||
CheckProxy::run($this->server, true);
|
CheckProxy::run($this->server, true);
|
||||||
$this->dispatch('startProxy')->self();
|
$this->dispatch('startProxy')->self();
|
||||||
} catch (\Throwable $e) {
|
} catch (\Throwable $e) {
|
||||||
@@ -76,6 +81,7 @@ class Navbar extends Component
|
|||||||
public function startProxy()
|
public function startProxy()
|
||||||
{
|
{
|
||||||
try {
|
try {
|
||||||
|
$this->authorize('manageProxy', $this->server);
|
||||||
$activity = StartProxy::run($this->server, force: true);
|
$activity = StartProxy::run($this->server, force: true);
|
||||||
$this->dispatch('activityMonitor', $activity->id);
|
$this->dispatch('activityMonitor', $activity->id);
|
||||||
} catch (\Throwable $e) {
|
} catch (\Throwable $e) {
|
||||||
@@ -86,6 +92,7 @@ class Navbar extends Component
|
|||||||
public function stop(bool $forceStop = true)
|
public function stop(bool $forceStop = true)
|
||||||
{
|
{
|
||||||
try {
|
try {
|
||||||
|
$this->authorize('manageProxy', $this->server);
|
||||||
StopProxy::dispatch($this->server, $forceStop);
|
StopProxy::dispatch($this->server, $forceStop);
|
||||||
} catch (\Throwable $e) {
|
} catch (\Throwable $e) {
|
||||||
return handleError($e, $this);
|
return handleError($e, $this);
|
||||||
|
@@ -4,11 +4,14 @@ namespace App\Livewire\Server\Proxy;
|
|||||||
|
|
||||||
use App\Enums\ProxyTypes;
|
use App\Enums\ProxyTypes;
|
||||||
use App\Models\Server;
|
use App\Models\Server;
|
||||||
|
use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
|
||||||
use Livewire\Component;
|
use Livewire\Component;
|
||||||
use Symfony\Component\Yaml\Yaml;
|
use Symfony\Component\Yaml\Yaml;
|
||||||
|
|
||||||
class NewDynamicConfiguration extends Component
|
class NewDynamicConfiguration extends Component
|
||||||
{
|
{
|
||||||
|
use AuthorizesRequests;
|
||||||
|
|
||||||
public string $fileName = '';
|
public string $fileName = '';
|
||||||
|
|
||||||
public string $value = '';
|
public string $value = '';
|
||||||
@@ -23,6 +26,7 @@ class NewDynamicConfiguration extends Component
|
|||||||
|
|
||||||
public function mount()
|
public function mount()
|
||||||
{
|
{
|
||||||
|
$this->server = Server::ownedByCurrentTeam()->whereId($this->server_id)->first();
|
||||||
$this->parameters = get_route_parameters();
|
$this->parameters = get_route_parameters();
|
||||||
if ($this->fileName !== '') {
|
if ($this->fileName !== '') {
|
||||||
$this->fileName = str_replace('|', '.', $this->fileName);
|
$this->fileName = str_replace('|', '.', $this->fileName);
|
||||||
@@ -32,6 +36,7 @@ class NewDynamicConfiguration extends Component
|
|||||||
public function addDynamicConfiguration()
|
public function addDynamicConfiguration()
|
||||||
{
|
{
|
||||||
try {
|
try {
|
||||||
|
$this->authorize('update', $this->server);
|
||||||
$this->validate([
|
$this->validate([
|
||||||
'fileName' => 'required',
|
'fileName' => 'required',
|
||||||
'value' => 'required',
|
'value' => 'required',
|
||||||
@@ -39,9 +44,7 @@ class NewDynamicConfiguration extends Component
|
|||||||
if (data_get($this->parameters, 'server_uuid')) {
|
if (data_get($this->parameters, 'server_uuid')) {
|
||||||
$this->server = Server::ownedByCurrentTeam()->whereUuid(data_get($this->parameters, 'server_uuid'))->first();
|
$this->server = Server::ownedByCurrentTeam()->whereUuid(data_get($this->parameters, 'server_uuid'))->first();
|
||||||
}
|
}
|
||||||
if (! is_null($this->server_id)) {
|
|
||||||
$this->server = Server::ownedByCurrentTeam()->whereId($this->server_id)->first();
|
|
||||||
}
|
|
||||||
if (is_null($this->server)) {
|
if (is_null($this->server)) {
|
||||||
return redirect()->route('server.index');
|
return redirect()->route('server.index');
|
||||||
}
|
}
|
||||||
|
@@ -7,10 +7,13 @@ use App\Actions\Server\UpdatePackage;
|
|||||||
use App\Events\ServerPackageUpdated;
|
use App\Events\ServerPackageUpdated;
|
||||||
use App\Models\Server;
|
use App\Models\Server;
|
||||||
use App\Notifications\Server\ServerPatchCheck;
|
use App\Notifications\Server\ServerPatchCheck;
|
||||||
|
use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
|
||||||
use Livewire\Component;
|
use Livewire\Component;
|
||||||
|
|
||||||
class Patches extends Component
|
class Patches extends Component
|
||||||
{
|
{
|
||||||
|
use AuthorizesRequests;
|
||||||
|
|
||||||
public array $parameters;
|
public array $parameters;
|
||||||
|
|
||||||
public Server $server;
|
public Server $server;
|
||||||
@@ -36,11 +39,9 @@ class Patches extends Component
|
|||||||
|
|
||||||
public function mount()
|
public function mount()
|
||||||
{
|
{
|
||||||
if (! auth()->user()->isAdmin()) {
|
|
||||||
abort(403);
|
|
||||||
}
|
|
||||||
$this->parameters = get_route_parameters();
|
$this->parameters = get_route_parameters();
|
||||||
$this->server = Server::ownedByCurrentTeam()->whereUuid($this->parameters['server_uuid'])->firstOrFail();
|
$this->server = Server::ownedByCurrentTeam()->whereUuid($this->parameters['server_uuid'])->firstOrFail();
|
||||||
|
$this->authorize('viewSecurity', $this->server);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function checkForUpdatesDispatch()
|
public function checkForUpdatesDispatch()
|
||||||
|
@@ -152,6 +152,7 @@ class Show extends Component
|
|||||||
if ($toModel) {
|
if ($toModel) {
|
||||||
$this->validate();
|
$this->validate();
|
||||||
|
|
||||||
|
$this->authorize('update', $this->server);
|
||||||
if (Server::where('team_id', currentTeam()->id)
|
if (Server::where('team_id', currentTeam()->id)
|
||||||
->where('ip', $this->ip)
|
->where('ip', $this->ip)
|
||||||
->where('id', '!=', $this->server->id)
|
->where('id', '!=', $this->server->id)
|
||||||
@@ -160,8 +161,6 @@ class Show extends Component
|
|||||||
throw new \Exception('This IP/Domain is already in use by another server in your team.');
|
throw new \Exception('This IP/Domain is already in use by another server in your team.');
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->authorize('update', $this->server);
|
|
||||||
|
|
||||||
$this->server->name = $this->name;
|
$this->server->name = $this->name;
|
||||||
$this->server->description = $this->description;
|
$this->server->description = $this->description;
|
||||||
$this->server->ip = $this->ip;
|
$this->server->ip = $this->ip;
|
||||||
@@ -253,38 +252,57 @@ class Show extends Component
|
|||||||
|
|
||||||
public function restartSentinel()
|
public function restartSentinel()
|
||||||
{
|
{
|
||||||
$this->server->restartSentinel();
|
try {
|
||||||
$this->dispatch('success', 'Sentinel restarted.');
|
$this->authorize('manageSentinel', $this->server);
|
||||||
|
$this->server->restartSentinel();
|
||||||
|
$this->dispatch('success', 'Sentinel restarted.');
|
||||||
|
} catch (\Throwable $e) {
|
||||||
|
return handleError($e, $this);
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public function updatedIsSentinelDebugEnabled($value)
|
public function updatedIsSentinelDebugEnabled($value)
|
||||||
{
|
{
|
||||||
$this->submit();
|
try {
|
||||||
$this->restartSentinel();
|
$this->submit();
|
||||||
|
$this->restartSentinel();
|
||||||
|
} catch (\Throwable $e) {
|
||||||
|
return handleError($e, $this);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public function updatedIsMetricsEnabled($value)
|
public function updatedIsMetricsEnabled($value)
|
||||||
{
|
{
|
||||||
$this->submit();
|
try {
|
||||||
$this->restartSentinel();
|
$this->submit();
|
||||||
|
$this->restartSentinel();
|
||||||
|
} catch (\Throwable $e) {
|
||||||
|
return handleError($e, $this);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public function updatedIsSentinelEnabled($value)
|
public function updatedIsSentinelEnabled($value)
|
||||||
{
|
{
|
||||||
if ($value === true) {
|
try {
|
||||||
StartSentinel::run($this->server, true);
|
$this->authorize('manageSentinel', $this->server);
|
||||||
} else {
|
if ($value === true) {
|
||||||
$this->isMetricsEnabled = false;
|
StartSentinel::run($this->server, true);
|
||||||
$this->isSentinelDebugEnabled = false;
|
} else {
|
||||||
StopSentinel::dispatch($this->server);
|
$this->isMetricsEnabled = false;
|
||||||
|
$this->isSentinelDebugEnabled = false;
|
||||||
|
StopSentinel::dispatch($this->server);
|
||||||
|
}
|
||||||
|
$this->submit();
|
||||||
|
} catch (\Throwable $e) {
|
||||||
|
return handleError($e, $this);
|
||||||
}
|
}
|
||||||
$this->submit();
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public function regenerateSentinelToken()
|
public function regenerateSentinelToken()
|
||||||
{
|
{
|
||||||
try {
|
try {
|
||||||
|
$this->authorize('manageSentinel', $this->server);
|
||||||
$this->server->settings->generateSentinelToken();
|
$this->server->settings->generateSentinelToken();
|
||||||
$this->dispatch('success', 'Token regenerated & Sentinel restarted.');
|
$this->dispatch('success', 'Token regenerated & Sentinel restarted.');
|
||||||
} catch (\Throwable $e) {
|
} catch (\Throwable $e) {
|
||||||
@@ -294,7 +312,11 @@ class Show extends Component
|
|||||||
|
|
||||||
public function instantSave()
|
public function instantSave()
|
||||||
{
|
{
|
||||||
$this->submit();
|
try {
|
||||||
|
$this->submit();
|
||||||
|
} catch (\Throwable $e) {
|
||||||
|
return handleError($e, $this);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public function submit()
|
public function submit()
|
||||||
|
@@ -18,9 +18,7 @@ class Index extends Component
|
|||||||
|
|
||||||
public function mount()
|
public function mount()
|
||||||
{
|
{
|
||||||
if (! auth()->user()->isAdmin()) {
|
$this->authorize('useTerminal', Server::class);
|
||||||
abort(403);
|
|
||||||
}
|
|
||||||
$this->servers = Server::isReachable()->get()->filter(function ($server) {
|
$this->servers = Server::isReachable()->get()->filter(function ($server) {
|
||||||
return $server->isTerminalEnabled();
|
return $server->isTerminalEnabled();
|
||||||
});
|
});
|
||||||
|
@@ -62,4 +62,44 @@ class ServerPolicy
|
|||||||
{
|
{
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Determine whether the user can manage proxy (start/stop/restart).
|
||||||
|
*/
|
||||||
|
public function manageProxy(User $user, Server $server): bool
|
||||||
|
{
|
||||||
|
return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $server->team_id) !== null;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Determine whether the user can manage sentinel (start/stop).
|
||||||
|
*/
|
||||||
|
public function manageSentinel(User $user, Server $server): bool
|
||||||
|
{
|
||||||
|
return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $server->team_id) !== null;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Determine whether the user can manage CA certificates.
|
||||||
|
*/
|
||||||
|
public function manageCaCertificate(User $user, Server $server): bool
|
||||||
|
{
|
||||||
|
return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $server->team_id) !== null;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Determine whether the user can view terminal.
|
||||||
|
*/
|
||||||
|
public function viewTerminal(User $user, Server $server): bool
|
||||||
|
{
|
||||||
|
return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $server->team_id) !== null;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Determine whether the user can view security views.
|
||||||
|
*/
|
||||||
|
public function viewSecurity(User $user, Server $server): bool
|
||||||
|
{
|
||||||
|
return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $server->team_id) !== null;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
65
app/Policies/StandaloneDockerPolicy.php
Normal file
65
app/Policies/StandaloneDockerPolicy.php
Normal file
@@ -0,0 +1,65 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
namespace App\Policies;
|
||||||
|
|
||||||
|
use App\Models\StandaloneDocker;
|
||||||
|
use App\Models\User;
|
||||||
|
|
||||||
|
class StandaloneDockerPolicy
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* Determine whether the user can view any models.
|
||||||
|
*/
|
||||||
|
public function viewAny(User $user): bool
|
||||||
|
{
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Determine whether the user can view the model.
|
||||||
|
*/
|
||||||
|
public function view(User $user, StandaloneDocker $standaloneDocker): bool
|
||||||
|
{
|
||||||
|
return $user->teams()->get()->firstWhere('id', $standaloneDocker->server->team_id) !== null;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Determine whether the user can create models.
|
||||||
|
*/
|
||||||
|
public function create(User $user): bool
|
||||||
|
{
|
||||||
|
return $user->isAdmin();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Determine whether the user can update the model.
|
||||||
|
*/
|
||||||
|
public function update(User $user, StandaloneDocker $standaloneDocker): bool
|
||||||
|
{
|
||||||
|
return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $standaloneDocker->server->team_id) !== null;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Determine whether the user can delete the model.
|
||||||
|
*/
|
||||||
|
public function delete(User $user, StandaloneDocker $standaloneDocker): bool
|
||||||
|
{
|
||||||
|
return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $standaloneDocker->server->team_id) !== null;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Determine whether the user can restore the model.
|
||||||
|
*/
|
||||||
|
public function restore(User $user, StandaloneDocker $standaloneDocker): bool
|
||||||
|
{
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Determine whether the user can permanently delete the model.
|
||||||
|
*/
|
||||||
|
public function forceDelete(User $user, StandaloneDocker $standaloneDocker): bool
|
||||||
|
{
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
65
app/Policies/SwarmDockerPolicy.php
Normal file
65
app/Policies/SwarmDockerPolicy.php
Normal file
@@ -0,0 +1,65 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
namespace App\Policies;
|
||||||
|
|
||||||
|
use App\Models\SwarmDocker;
|
||||||
|
use App\Models\User;
|
||||||
|
|
||||||
|
class SwarmDockerPolicy
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* Determine whether the user can view any models.
|
||||||
|
*/
|
||||||
|
public function viewAny(User $user): bool
|
||||||
|
{
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Determine whether the user can view the model.
|
||||||
|
*/
|
||||||
|
public function view(User $user, SwarmDocker $swarmDocker): bool
|
||||||
|
{
|
||||||
|
return $user->teams()->get()->firstWhere('id', $swarmDocker->server->team_id) !== null;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Determine whether the user can create models.
|
||||||
|
*/
|
||||||
|
public function create(User $user): bool
|
||||||
|
{
|
||||||
|
return $user->isAdmin();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Determine whether the user can update the model.
|
||||||
|
*/
|
||||||
|
public function update(User $user, SwarmDocker $swarmDocker): bool
|
||||||
|
{
|
||||||
|
return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $swarmDocker->server->team_id) !== null;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Determine whether the user can delete the model.
|
||||||
|
*/
|
||||||
|
public function delete(User $user, SwarmDocker $swarmDocker): bool
|
||||||
|
{
|
||||||
|
return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $swarmDocker->server->team_id) !== null;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Determine whether the user can restore the model.
|
||||||
|
*/
|
||||||
|
public function restore(User $user, SwarmDocker $swarmDocker): bool
|
||||||
|
{
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Determine whether the user can permanently delete the model.
|
||||||
|
*/
|
||||||
|
public function forceDelete(User $user, SwarmDocker $swarmDocker): bool
|
||||||
|
{
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
@@ -15,6 +15,8 @@ class AuthServiceProvider extends ServiceProvider
|
|||||||
protected $policies = [
|
protected $policies = [
|
||||||
\App\Models\Server::class => \App\Policies\ServerPolicy::class,
|
\App\Models\Server::class => \App\Policies\ServerPolicy::class,
|
||||||
\App\Models\PrivateKey::class => \App\Policies\PrivateKeyPolicy::class,
|
\App\Models\PrivateKey::class => \App\Policies\PrivateKeyPolicy::class,
|
||||||
|
\App\Models\StandaloneDocker::class => \App\Policies\StandaloneDockerPolicy::class,
|
||||||
|
\App\Models\SwarmDocker::class => \App\Policies\SwarmDockerPolicy::class,
|
||||||
];
|
];
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@@ -7,14 +7,13 @@
|
|||||||
<x-server.sidebar-proxy :server="$server" :parameters="$parameters" />
|
<x-server.sidebar-proxy :server="$server" :parameters="$parameters" />
|
||||||
@if ($server->isFunctional())
|
@if ($server->isFunctional())
|
||||||
<div class="w-full">
|
<div class="w-full">
|
||||||
|
|
||||||
<div class="flex gap-2">
|
<div class="flex gap-2">
|
||||||
<div>
|
<div>
|
||||||
<div class="flex gap-2">
|
<div class="flex gap-2">
|
||||||
<h2>Dynamic Configurations</h2>
|
<h2>Dynamic Configurations</h2>
|
||||||
<x-forms.button wire:click="loadDynamicConfigurations">Reload</x-forms.button>
|
<x-forms.button wire:click="loadDynamicConfigurations">Reload</x-forms.button>
|
||||||
<x-modal-input buttonTitle="+ Add" title="New Dynamic Configuration">
|
<x-modal-input buttonTitle="+ Add" title="New Dynamic Configuration">
|
||||||
<livewire:server.proxy.new-dynamic-configuration />
|
<livewire:server.proxy.new-dynamic-configuration :server_id="$server->id" />
|
||||||
</x-modal-input>
|
</x-modal-input>
|
||||||
</div>
|
</div>
|
||||||
<div class='pb-4'>You can add dynamic proxy configurations here.</div>
|
<div class='pb-4'>You can add dynamic proxy configurations here.</div>
|
||||||
|
Reference in New Issue
Block a user