diff --git a/app/Http/Middleware/ApiAbility.php b/app/Http/Middleware/ApiAbility.php index 96bf4f471..324eeebaa 100644 --- a/app/Http/Middleware/ApiAbility.php +++ b/app/Http/Middleware/ApiAbility.php @@ -9,6 +9,10 @@ class ApiAbility extends CheckForAnyAbility public function handle($request, $next, ...$abilities) { try { + if ($request->user()->tokenCan('root')) { + return $next($request); + } + return parent::handle($request, $next, ...$abilities); } catch (\Illuminate\Auth\AuthenticationException $e) { return response()->json([ diff --git a/app/Livewire/Security/ApiTokens.php b/app/Livewire/Security/ApiTokens.php index be11e0bda..72684bdc6 100644 --- a/app/Livewire/Security/ApiTokens.php +++ b/app/Livewire/Security/ApiTokens.php @@ -23,13 +23,18 @@ class ApiTokens extends Component public function mount() { $this->isApiEnabled = InstanceSettings::get()->is_api_enabled; + $this->getTokens(); + } + + private function getTokens() + { $this->tokens = auth()->user()->tokens->sortByDesc('created_at'); } public function updatedPermissions($permissionToUpdate) { - if ($permissionToUpdate == 'write') { - $this->permissions = ['write', 'deploy', 'read', 'read:sensitive']; + if ($permissionToUpdate == 'root') { + $this->permissions = ['root']; } elseif ($permissionToUpdate == 'read:sensitive' && ! in_array('read', $this->permissions)) { $this->permissions[] = 'read'; } elseif ($permissionToUpdate == 'deploy') { @@ -49,7 +54,7 @@ class ApiTokens extends Component 'description' => 'required|min:3|max:255', ]); $token = auth()->user()->createToken($this->description, array_values($this->permissions)); - $this->tokens = auth()->user()->tokens; + $this->getTokens(); session()->flash('token', $token->plainTextToken); } catch (\Exception $e) { return handleError($e, $this); @@ -58,8 +63,12 @@ class ApiTokens extends Component public function revoke(int $id) { - $token = auth()->user()->tokens()->where('id', $id)->first(); - $token->delete(); - $this->tokens = auth()->user()->tokens; + try { + $token = auth()->user()->tokens()->where('id', $id)->firstOrFail(); + $token->delete(); + $this->getTokens(); + } catch (\Exception $e) { + return handleError($e, $this); + } } } diff --git a/database/migrations/2024_10_30_074601_rename_token_permissions.php b/database/migrations/2024_10_30_074601_rename_token_permissions.php index 2021ba287..2ca98d090 100644 --- a/database/migrations/2024_10_30_074601_rename_token_permissions.php +++ b/database/migrations/2024_10_30_074601_rename_token_permissions.php @@ -15,7 +15,7 @@ return new class extends Migration foreach ($tokens as $token) { $abilities = collect(); if (in_array('*', $token->abilities)) { - $abilities->push('write', 'deploy', 'read', 'read:sensitive'); + $abilities->push('root'); } if (in_array('read-only', $token->abilities)) { $abilities->push('read'); diff --git a/resources/views/livewire/security/api-tokens.blade.php b/resources/views/livewire/security/api-tokens.blade.php index b07f1f1cf..5c3c4c81c 100644 --- a/resources/views/livewire/security/api-tokens.blade.php +++ b/resources/views/livewire/security/api-tokens.blade.php @@ -33,9 +33,11 @@

Token Permissions

- - @if (!in_array('write', $permissions)) + + @if (!in_array('root', $permissions)) + @endif
- @if (in_array('write', $permissions)) + @if (in_array('root', $permissions))
Root access, be careful!
@endif @@ -58,7 +60,8 @@

Issued Tokens

@forelse ($tokens as $token) -
+
Description: {{ $token->name }}
Last used: {{ $token->last_used_at ? $token->last_used_at->diffForHumans() : 'Never' }}
diff --git a/resources/views/livewire/team/admin-view.blade.php b/resources/views/livewire/team/admin-view.blade.php index 26da967ab..7aa623122 100644 --- a/resources/views/livewire/team/admin-view.blade.php +++ b/resources/views/livewire/team/admin-view.blade.php @@ -10,7 +10,8 @@

Users

@forelse ($users as $user) -
+
{{ $user->name }}
{{ $user->email }}