dave/coolify
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

feat: add deploy-only token permission

Browse Source
This commit is contained in:
Kael
2024-10-30 17:00:55 +11:00
parent 491b228580
commit d4d63ff273
3 changed files with 17 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
app/Livewire/Security/ApiTokens.php
View File

@@ -12,10 +12,9 @@ class ApiTokens extends Component
public $tokens = [];
public bool $viewSensitiveData = false;
public bool $readOnly = true;
public bool $rootAccess = false;
public bool $triggerDeploy = false;
public array $permissions = ['read-only'];
@@ -62,12 +61,25 @@ class ApiTokens extends Component
$this->permissions = ['*'];
$this->readOnly = false;
$this->viewSensitiveData = false;
$this->triggerDeploy = false;
} else {
$this->readOnly = true;
$this->permissions = ['read-only'];
}
}
public function updatedTriggerDeploy()
{
if ($this->triggerDeploy) {
$this->permissions[] = 'trigger-deploy';
$this->permissions = array_diff($this->permissions, ['*']);
$this->rootAccess = false;
} else {
$this->permissions = array_diff($this->permissions, ['trigger-deploy']);
}
$this->makeSureOneIsSelected();
}
public function makeSureOneIsSelected()
{
if (count($this->permissions) == 0) {

1
resources/views/livewire/security/api-tokens.blade.php
View File

@@ -39,6 +39,7 @@
<x-forms.checkbox label="Root Access" wire:model.live="rootAccess"></x-forms.checkbox>
<x-forms.checkbox label="Read-only" wire:model.live="readOnly"></x-forms.checkbox>
<x-forms.checkbox label="View Sensitive Data" wire:model.live="viewSensitiveData"></x-forms.checkbox>
<x-forms.checkbox label="Trigger Deploy Webhooks" wire:model.live="triggerDeploy"></x-forms.checkbox>
</div>
</form>
@if (session()->has('token'))

3
routes/api.php
View File

@@ -54,7 +54,8 @@ Route::group([
Route::patch('/security/keys/{uuid}', [SecurityController::class, 'update_key'])->middleware([IgnoreReadOnlyApiToken::class]);
Route::delete('/security/keys/{uuid}', [SecurityController::class, 'delete_key'])->middleware([IgnoreReadOnlyApiToken::class]);
Route::match(['get', 'post'], '/deploy', [DeployController::class, 'deploy'])->middleware([IgnoreReadOnlyApiToken::class]);
Route::match(['get', 'post'], '/deploy', [DeployController::class, 'deploy'])
->middleware([IgnoreReadOnlyApiToken::class, 'auth:sanctum', 'ability:trigger-deploy']);
Route::get('/deployments', [DeployController::class, 'deployments']);
Route::get('/deployments/{uuid}', [DeployController::class, 'deployment_by_uuid']);