feat: introduce root permission

2024-12-09 10:52:38 +01:00
parent 5bbcd7bf76
commit ff74fb7385
5 changed files with 30 additions and 13 deletions
--- a/app/Http/Middleware/ApiAbility.php
+++ b/app/Http/Middleware/ApiAbility.php
@@ -9,6 +9,10 @@ class ApiAbility extends CheckForAnyAbility
    public function handle($request, $next, ...$abilities)
    {
        try {
+            if ($request->user()->tokenCan('root')) {
+                return $next($request);
+            }
+
            return parent::handle($request, $next, ...$abilities);
        } catch (\Illuminate\Auth\AuthenticationException $e) {
            return response()->json([
--- a/app/Livewire/Security/ApiTokens.php
+++ b/app/Livewire/Security/ApiTokens.php
@@ -23,13 +23,18 @@ class ApiTokens extends Component
    public function mount()
    {
        $this->isApiEnabled = InstanceSettings::get()->is_api_enabled;
+        $this->getTokens();
+    }
+
+    private function getTokens()
+    {
        $this->tokens = auth()->user()->tokens->sortByDesc('created_at');
    }

    public function updatedPermissions($permissionToUpdate)
    {
-        if ($permissionToUpdate == 'write') {
-            $this->permissions = ['write', 'deploy', 'read', 'read:sensitive'];
+        if ($permissionToUpdate == 'root') {
+            $this->permissions = ['root'];
        } elseif ($permissionToUpdate == 'read:sensitive' && ! in_array('read', $this->permissions)) {
            $this->permissions[] = 'read';
        } elseif ($permissionToUpdate == 'deploy') {
@@ -49,7 +54,7 @@ class ApiTokens extends Component
                'description' => 'required|min:3|max:255',
            ]);
            $token = auth()->user()->createToken($this->description, array_values($this->permissions));
-            $this->tokens = auth()->user()->tokens;
+            $this->getTokens();
            session()->flash('token', $token->plainTextToken);
        } catch (\Exception $e) {
            return handleError($e, $this);
@@ -58,8 +63,12 @@ class ApiTokens extends Component

    public function revoke(int $id)
    {
-        $token = auth()->user()->tokens()->where('id', $id)->first();
-        $token->delete();
-        $this->tokens = auth()->user()->tokens;
+        try {
+            $token = auth()->user()->tokens()->where('id', $id)->firstOrFail();
+            $token->delete();
+            $this->getTokens();
+        } catch (\Exception $e) {
+            return handleError($e, $this);
+        }
    }
 }