dave/coolify
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

feat(auth): refine authorization checks for S3 storage and service management

Browse Source
This commit is contained in:
Andras Bacsai
2025-08-23 18:50:50 +02:00
parent adb8f9d88e
commit b5fe5dd909
4 changed files with 146 additions and 100 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/Policies/S3StoragePolicy.php
View File

@@ -29,7 +29,7 @@ class S3StoragePolicy
*/
public function create(User $user): bool
{
return true;
return $user->isAdmin();
}
/**

24
app/Policies/ServicePolicy.php
View File

@@ -28,7 +28,7 @@ class ServicePolicy
*/
public function create(User $user): bool
{
return true;
return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $service->team()->first()->id) !== null;
}
/**
@@ -36,7 +36,7 @@ class ServicePolicy
*/
public function update(User $user, Service $service): bool
{
return true;
return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $service->team()->first()->id) !== null;
}
/**
@@ -73,10 +73,22 @@ class ServicePolicy
public function stop(User $user, Service $service): bool
{
if ($user->isAdmin()) {
return true;
}
return $user->teams()->get()->firstWhere('id', $service->team()->first()->id) !== null;
}
return false;
/**
* Determine whether the user can manage environment variables.
*/
public function manageEnvironment(User $user, Service $service): bool
{
return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $service->team()->first()->id) !== null;
}
/**
* Determine whether the user can deploy the service.
*/
public function deploy(User $user, Service $service): bool
{
return $user->teams()->get()->firstWhere('id', $service->team()->first()->id) !== null;
}
}