feat(auth): implement authorization for PrivateKey management
- Added authorization checks in the Create and Show Livewire components to ensure only authorized users can create, update, and delete PrivateKey instances. - Introduced a new PrivateKeyPolicy to define access control rules for viewing, creating, updating, and deleting PrivateKey models based on user roles and team associations. - Updated AuthServiceProvider to register the new PrivateKeyPolicy, enhancing security and access control for PrivateKey functionalities.
This commit is contained in:
Andras Bacsai
@@ -4,10 +4,13 @@ namespace App\Livewire\Security\PrivateKey;
|
||||
|
||||
use App\Models\PrivateKey;
|
||||
use App\Support\ValidationPatterns;
|
||||
use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
|
||||
use Livewire\Component;
|
||||
|
||||
class Create extends Component
|
||||
{
|
||||
use AuthorizesRequests;
|
||||
|
||||
public string $name = '';
|
||||
|
||||
public string $value = '';
|
||||
@@ -66,6 +69,7 @@ class Create extends Component
|
||||
$this->validate();
|
||||
|
||||
try {
|
||||
$this->authorize('create', PrivateKey::class);
|
||||
$privateKey = PrivateKey::createAndStore([
|
||||
'name' => $this->name,
|
||||
'description' => $this->description,
|
||||
|
||||
@@ -4,10 +4,13 @@ namespace App\Livewire\Security\PrivateKey;
|
||||
|
||||
use App\Models\PrivateKey;
|
||||
use App\Support\ValidationPatterns;
|
||||
use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
|
||||
use Livewire\Component;
|
||||
|
||||
class Show extends Component
|
||||
{
|
||||
use AuthorizesRequests;
|
||||
|
||||
public PrivateKey $private_key;
|
||||
|
||||
public $public_key = 'Loading...';
|
||||
@@ -62,6 +65,7 @@ class Show extends Component
|
||||
public function delete()
|
||||
{
|
||||
try {
|
||||
$this->authorize('delete', $this->private_key);
|
||||
$this->private_key->safeDelete();
|
||||
currentTeam()->privateKeys = PrivateKey::where('team_id', currentTeam()->id)->get();
|
||||
|
||||
@@ -76,6 +80,7 @@ class Show extends Component
|
||||
public function changePrivateKey()
|
||||
{
|
||||
try {
|
||||
$this->authorize('update', $this->private_key);
|
||||
$this->private_key->updatePrivateKey([
|
||||
'private_key' => formatPrivateKey($this->private_key->private_key),
|
||||
]);
|
||||
|
||||
65
app/Policies/PrivateKeyPolicy.php
Normal file
65
app/Policies/PrivateKeyPolicy.php
Normal file
@@ -0,0 +1,65 @@
|
||||
<?php
|
||||
|
||||
namespace App\Policies;
|
||||
|
||||
use App\Models\PrivateKey;
|
||||
use App\Models\User;
|
||||
|
||||
class PrivateKeyPolicy
|
||||
{
|
||||
/**
|
||||
* Determine whether the user can view any models.
|
||||
*/
|
||||
public function viewAny(User $user): bool
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can view the model.
|
||||
*/
|
||||
public function view(User $user, PrivateKey $privateKey): bool
|
||||
{
|
||||
return $user->teams()->get()->firstWhere('id', $privateKey->team_id) !== null;
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can create models.
|
||||
*/
|
||||
public function create(User $user): bool
|
||||
{
|
||||
return $user->isAdmin();
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can update the model.
|
||||
*/
|
||||
public function update(User $user, PrivateKey $privateKey): bool
|
||||
{
|
||||
return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $privateKey->team_id) !== null;
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can delete the model.
|
||||
*/
|
||||
public function delete(User $user, PrivateKey $privateKey): bool
|
||||
{
|
||||
return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $privateKey->team_id) !== null;
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can restore the model.
|
||||
*/
|
||||
public function restore(User $user, PrivateKey $privateKey): bool
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine whether the user can permanently delete the model.
|
||||
*/
|
||||
public function forceDelete(User $user, PrivateKey $privateKey): bool
|
||||
{
|
||||
return false;
|
||||
}
|
||||
}
|
||||
@@ -13,7 +13,8 @@ class AuthServiceProvider extends ServiceProvider
|
||||
* @var array<class-string, class-string>
|
||||
*/
|
||||
protected $policies = [
|
||||
// 'App\Models\Model' => 'App\Policies\ModelPolicy',
|
||||
\App\Models\Server::class => \App\Policies\ServerPolicy::class,
|
||||
\App\Models\PrivateKey::class => \App\Policies\PrivateKeyPolicy::class,
|
||||
];
|
||||
|
||||
/**
|
||||
|
||||
Reference in New Issue
Block a user