feat(auth): implement authorization for PrivateKey management
- Added authorization checks in the Create and Show Livewire components to ensure only authorized users can create, update, and delete PrivateKey instances. - Introduced a new PrivateKeyPolicy to define access control rules for viewing, creating, updating, and deleting PrivateKey models based on user roles and team associations. - Updated AuthServiceProvider to register the new PrivateKeyPolicy, enhancing security and access control for PrivateKey functionalities.
This commit is contained in:
Andras Bacsai
@@ -4,10 +4,13 @@ namespace App\Livewire\Security\PrivateKey;
|
|||||||
|
|
||||||
use App\Models\PrivateKey;
|
use App\Models\PrivateKey;
|
||||||
use App\Support\ValidationPatterns;
|
use App\Support\ValidationPatterns;
|
||||||
|
use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
|
||||||
use Livewire\Component;
|
use Livewire\Component;
|
||||||
|
|
||||||
class Create extends Component
|
class Create extends Component
|
||||||
{
|
{
|
||||||
|
use AuthorizesRequests;
|
||||||
|
|
||||||
public string $name = '';
|
public string $name = '';
|
||||||
|
|
||||||
public string $value = '';
|
public string $value = '';
|
||||||
@@ -66,6 +69,7 @@ class Create extends Component
|
|||||||
$this->validate();
|
$this->validate();
|
||||||
|
|
||||||
try {
|
try {
|
||||||
|
$this->authorize('create', PrivateKey::class);
|
||||||
$privateKey = PrivateKey::createAndStore([
|
$privateKey = PrivateKey::createAndStore([
|
||||||
'name' => $this->name,
|
'name' => $this->name,
|
||||||
'description' => $this->description,
|
'description' => $this->description,
|
||||||
|
|||||||
@@ -4,10 +4,13 @@ namespace App\Livewire\Security\PrivateKey;
|
|||||||
|
|
||||||
use App\Models\PrivateKey;
|
use App\Models\PrivateKey;
|
||||||
use App\Support\ValidationPatterns;
|
use App\Support\ValidationPatterns;
|
||||||
|
use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
|
||||||
use Livewire\Component;
|
use Livewire\Component;
|
||||||
|
|
||||||
class Show extends Component
|
class Show extends Component
|
||||||
{
|
{
|
||||||
|
use AuthorizesRequests;
|
||||||
|
|
||||||
public PrivateKey $private_key;
|
public PrivateKey $private_key;
|
||||||
|
|
||||||
public $public_key = 'Loading...';
|
public $public_key = 'Loading...';
|
||||||
@@ -62,6 +65,7 @@ class Show extends Component
|
|||||||
public function delete()
|
public function delete()
|
||||||
{
|
{
|
||||||
try {
|
try {
|
||||||
|
$this->authorize('delete', $this->private_key);
|
||||||
$this->private_key->safeDelete();
|
$this->private_key->safeDelete();
|
||||||
currentTeam()->privateKeys = PrivateKey::where('team_id', currentTeam()->id)->get();
|
currentTeam()->privateKeys = PrivateKey::where('team_id', currentTeam()->id)->get();
|
||||||
|
|
||||||
@@ -76,6 +80,7 @@ class Show extends Component
|
|||||||
public function changePrivateKey()
|
public function changePrivateKey()
|
||||||
{
|
{
|
||||||
try {
|
try {
|
||||||
|
$this->authorize('update', $this->private_key);
|
||||||
$this->private_key->updatePrivateKey([
|
$this->private_key->updatePrivateKey([
|
||||||
'private_key' => formatPrivateKey($this->private_key->private_key),
|
'private_key' => formatPrivateKey($this->private_key->private_key),
|
||||||
]);
|
]);
|
||||||
|
|||||||
65
app/Policies/PrivateKeyPolicy.php
Normal file
65
app/Policies/PrivateKeyPolicy.php
Normal file
@@ -0,0 +1,65 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
namespace App\Policies;
|
||||||
|
|
||||||
|
use App\Models\PrivateKey;
|
||||||
|
use App\Models\User;
|
||||||
|
|
||||||
|
class PrivateKeyPolicy
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* Determine whether the user can view any models.
|
||||||
|
*/
|
||||||
|
public function viewAny(User $user): bool
|
||||||
|
{
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Determine whether the user can view the model.
|
||||||
|
*/
|
||||||
|
public function view(User $user, PrivateKey $privateKey): bool
|
||||||
|
{
|
||||||
|
return $user->teams()->get()->firstWhere('id', $privateKey->team_id) !== null;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Determine whether the user can create models.
|
||||||
|
*/
|
||||||
|
public function create(User $user): bool
|
||||||
|
{
|
||||||
|
return $user->isAdmin();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Determine whether the user can update the model.
|
||||||
|
*/
|
||||||
|
public function update(User $user, PrivateKey $privateKey): bool
|
||||||
|
{
|
||||||
|
return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $privateKey->team_id) !== null;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Determine whether the user can delete the model.
|
||||||
|
*/
|
||||||
|
public function delete(User $user, PrivateKey $privateKey): bool
|
||||||
|
{
|
||||||
|
return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $privateKey->team_id) !== null;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Determine whether the user can restore the model.
|
||||||
|
*/
|
||||||
|
public function restore(User $user, PrivateKey $privateKey): bool
|
||||||
|
{
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Determine whether the user can permanently delete the model.
|
||||||
|
*/
|
||||||
|
public function forceDelete(User $user, PrivateKey $privateKey): bool
|
||||||
|
{
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -13,7 +13,8 @@ class AuthServiceProvider extends ServiceProvider
|
|||||||
* @var array<class-string, class-string>
|
* @var array<class-string, class-string>
|
||||||
*/
|
*/
|
||||||
protected $policies = [
|
protected $policies = [
|
||||||
// 'App\Models\Model' => 'App\Policies\ModelPolicy',
|
\App\Models\Server::class => \App\Policies\ServerPolicy::class,
|
||||||
|
\App\Models\PrivateKey::class => \App\Policies\PrivateKeyPolicy::class,
|
||||||
];
|
];
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
Reference in New Issue
Block a user