dave/coolify
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

feat(auth): enhance authorization checks in Livewire components for resource management

Browse Source
This commit is contained in:
Andras Bacsai
2025-08-24 17:14:55 +02:00
parent ae79a98d72
commit ae1b0de561
13 changed files with 184 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
app/Livewire/Dashboard.php
View File

@@ -2,6 +2,7 @@
namespace App\Livewire;
use App\Models\Application;
use App\Models\ApplicationDeploymentQueue;
use App\Models\PrivateKey;
use App\Models\Project;
@@ -30,6 +31,12 @@ class Dashboard extends Component
public function cleanupQueue()
{
try {
$this->authorize('cleanupDeploymentQueue', Application::class);
} catch (\Illuminate\Auth\Access\AuthorizationException $e) {
return handleError($e, $this);
}
Artisan::queue('cleanup:deployment-queue', [
'--team-id' => currentTeam()->id,
]);

5
app/Livewire/Project/DeleteEnvironment.php
View File

@@ -3,10 +3,13 @@
namespace App\Livewire\Project;
use App\Models\Environment;
use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
use Livewire\Component;
class DeleteEnvironment extends Component
{
use AuthorizesRequests;
public int $environment_id;
public bool $disabled = false;
@@ -31,6 +34,8 @@ class DeleteEnvironment extends Component
'environment_id' => 'required|int',
]);
$environment = Environment::findOrFail($this->environment_id);
$this->authorize('delete', $environment);
if ($environment->isEmpty()) {
$environment->delete();

5
app/Livewire/Project/DeleteProject.php
View File

@@ -3,10 +3,13 @@
namespace App\Livewire\Project;
use App\Models\Project;
use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
use Livewire\Component;
class DeleteProject extends Component
{
use AuthorizesRequests;
public array $parameters;
public int $project_id;
@@ -27,6 +30,8 @@ class DeleteProject extends Component
'project_id' => 'required|int',
]);
$project = Project::findOrFail($this->project_id);
$this->authorize('delete', $project);
if ($project->isEmpty()) {
$project->delete();

30
app/Livewire/Project/Resource/Create.php
View File

@@ -2,41 +2,19 @@
namespace App\Livewire\Project\Resource;
use App\Models\Application;
use App\Models\EnvironmentVariable;
use App\Models\Service;
use App\Models\StandaloneClickhouse;
use App\Models\StandaloneDocker;
use App\Models\StandaloneDragonfly;
use App\Models\StandaloneKeydb;
use App\Models\StandaloneMariadb;
use App\Models\StandaloneMongodb;
use App\Models\StandaloneMysql;
use App\Models\StandalonePostgresql;
use App\Models\StandaloneRedis;
use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
use Livewire\Component;
class Create extends Component
{
use AuthorizesRequests;
public $type;
public $project;
public function mount()
{
$this->authorize('create', StandalonePostgresql::class);
$this->authorize('create', StandaloneRedis::class);
$this->authorize('create', StandaloneMongodb::class);
$this->authorize('create', StandaloneMysql::class);
$this->authorize('create', StandaloneMariadb::class);
$this->authorize('create', StandaloneKeydb::class);
$this->authorize('create', StandaloneDragonfly::class);
$this->authorize('create', StandaloneClickhouse::class);
$this->authorize('create', Service::class);
$this->authorize('create', Application::class);
$type = str(request()->query('type'));
$destination_uuid = request()->query('destination');
@@ -57,32 +35,24 @@ class Create extends Component
if (in_array($type, DATABASE_TYPES)) {
if ($type->value() === 'postgresql') {
$this->authorize('create', StandalonePostgresql::class);
$database = create_standalone_postgresql(
environmentId: $environment->id,
destinationUuid: $destination_uuid,
databaseImage: $database_image
);
} elseif ($type->value() === 'redis') {
$this->authorize('create', StandaloneRedis::class);
$database = create_standalone_redis($environment->id, $destination_uuid);
} elseif ($type->value() === 'mongodb') {
$this->authorize('create', StandaloneMongodb::class);
$database = create_standalone_mongodb($environment->id, $destination_uuid);
} elseif ($type->value() === 'mysql') {
$this->authorize('create', StandaloneMysql::class);
$database = create_standalone_mysql($environment->id, $destination_uuid);
} elseif ($type->value() === 'mariadb') {
$this->authorize('create', StandaloneMariadb::class);
$database = create_standalone_mariadb($environment->id, $destination_uuid);
} elseif ($type->value() === 'keydb') {
$this->authorize('create', StandaloneKeydb::class);
$database = create_standalone_keydb($environment->id, $destination_uuid);
} elseif ($type->value() === 'dragonfly') {
$this->authorize('create', StandaloneDragonfly::class);
$database = create_standalone_dragonfly($environment->id, $destination_uuid);
} elseif ($type->value() === 'clickhouse') {
$this->authorize('create', StandaloneClickhouse::class);
$database = create_standalone_clickhouse($environment->id, $destination_uuid);
}

9
app/Livewire/Project/Shared/Danger.php
View File

@@ -37,6 +37,8 @@ class Danger extends Component
public string $resourceDomain = '';
public bool $canDelete = false;
public function mount()
{
$parameters = get_route_parameters();
@@ -80,6 +82,13 @@ class Danger extends Component
'service-database' => $this->resource->name ?? 'Service Database',
default => 'Unknown Resource',
};
// Check if user can delete this resource
try {
$this->canDelete = auth()->user()->can('delete', $this->resource);
} catch (\Exception $e) {
$this->canDelete = false;
}
}
public function delete($password)