feat: introduce root permission

app/Http/Middleware/ApiAbility.php

@@ -9,6 +9,10 @@ class ApiAbility extends CheckForAnyAbility
     public function handle($request, $next, ...$abilities)
     {
         try {
+            if ($request->user()->tokenCan('root')) {
+                return $next($request);
+            }
+
             return parent::handle($request, $next, ...$abilities);
         } catch (\Illuminate\Auth\AuthenticationException $e) {
             return response()->json([

app/Livewire/Security/ApiTokens.php

@@ -23,13 +23,18 @@ class ApiTokens extends Component
     public function mount()
     {
         $this->isApiEnabled = InstanceSettings::get()->is_api_enabled;
+        $this->getTokens();
+    }
+
+    private function getTokens()
+    {
         $this->tokens = auth()->user()->tokens->sortByDesc('created_at');
     }
 
     public function updatedPermissions($permissionToUpdate)
     {
-        if ($permissionToUpdate == 'write') {
-            $this->permissions = ['write', 'deploy', 'read', 'read:sensitive'];
+        if ($permissionToUpdate == 'root') {
+            $this->permissions = ['root'];
         } elseif ($permissionToUpdate == 'read:sensitive' && ! in_array('read', $this->permissions)) {
             $this->permissions[] = 'read';
         } elseif ($permissionToUpdate == 'deploy') {
@@ -49,7 +54,7 @@ class ApiTokens extends Component
                 'description' => 'required|min:3|max:255',
             ]);
             $token = auth()->user()->createToken($this->description, array_values($this->permissions));
-            $this->tokens = auth()->user()->tokens;
+            $this->getTokens();
             session()->flash('token', $token->plainTextToken);
         } catch (\Exception $e) {
             return handleError($e, $this);
@@ -58,8 +63,12 @@ class ApiTokens extends Component
 
     public function revoke(int $id)
     {
-        $token = auth()->user()->tokens()->where('id', $id)->first();
-        $token->delete();
-        $this->tokens = auth()->user()->tokens;
+        try {
+            $token = auth()->user()->tokens()->where('id', $id)->firstOrFail();
+            $token->delete();
+            $this->getTokens();
+        } catch (\Exception $e) {
+            return handleError($e, $this);
+        }
     }
 }

database/migrations/2024_10_30_074601_rename_token_permissions.php

@@ -15,7 +15,7 @@ return new class extends Migration
             foreach ($tokens as $token) {
                 $abilities = collect();
                 if (in_array('*', $token->abilities)) {
-                    $abilities->push('write', 'deploy', 'read', 'read:sensitive');
+                    $abilities->push('root');
                 }
                 if (in_array('read-only', $token->abilities)) {
                     $abilities->push('read');

resources/views/livewire/security/api-tokens.blade.php

@@ -33,9 +33,11 @@
 
         <h4>Token Permissions</h4>
         <div class="w-64">
-            <x-forms.checkbox label="write" wire:model.live="permissions" domValue="write"
-                helper="Root access, be careful!" :checked="in_array('write', $permissions)"></x-forms.checkbox>
-            @if (!in_array('write', $permissions))
+            <x-forms.checkbox label="root" wire:model.live="permissions" domValue="root"
+                helper="Root access, be careful!" :checked="in_array('root', $permissions)"></x-forms.checkbox>
+            @if (!in_array('root', $permissions))
+                <x-forms.checkbox label="write" wire:model.live="permissions" domValue="write"
+                    helper="Write access to all resources" :checked="in_array('write', $permissions)"></x-forms.checkbox>
                 <x-forms.checkbox label="deploy" wire:model.live="permissions" domValue="deploy"
                     helper="Can trigger deploy webhooks" :checked="in_array('deploy', $permissions)"></x-forms.checkbox>
                 <x-forms.checkbox label="read" domValue="read" wire:model.live="permissions" domValue="read"
@@ -45,7 +47,7 @@
                     :checked="in_array('read:sensitive', $permissions)"></x-forms.checkbox>
             @endif
         </div>
-        @if (in_array('write', $permissions))
+        @if (in_array('root', $permissions))
             <div class="font-bold text-warning">Root access, be careful!</div>
         @endif
     </form>
@@ -58,7 +60,8 @@
     <h3 class="py-4">Issued Tokens</h3>
     <div class="grid gap-2 lg:grid-cols-1">
         @forelse ($tokens as $token)
-            <div class="flex flex-col gap-1 p-2 border dark:border-coolgray-200 hover:no-underline">
+            <div wire:key="token-{{ $token->id }}"
+                class="flex flex-col gap-1 p-2 border dark:border-coolgray-200 hover:no-underline">
                 <div>Description: {{ $token->name }}</div>
                 <div>Last used: {{ $token->last_used_at ? $token->last_used_at->diffForHumans() : 'Never' }}</div>
                 <div class="flex gap-1">

resources/views/livewire/team/admin-view.blade.php

@@ -10,7 +10,8 @@
     <h3 class="pt-4">Users</h3>
     <div class="flex flex-col gap-2 ">
         @forelse ($users as $user)
-            <div class="flex items-center justify-center gap-2 bg-white box-without-bg dark:bg-coolgray-100">
+            <div wire:key="user-{{ $user->id }}"
+                class="flex items-center justify-center gap-2 bg-white box-without-bg dark:bg-coolgray-100">
                 <div>{{ $user->name }}</div>
                 <div>{{ $user->email }}</div>
                 <div class="flex-1"></div>