dave/coolify
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

feat: introduce root permission

Browse Source
This commit is contained in:
Andras Bacsai
2024-12-09 10:52:38 +01:00
parent 5bbcd7bf76
commit ff74fb7385
5 changed files with 30 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/Http/Middleware/ApiAbility.php
View File

@@ -9,6 +9,10 @@ class ApiAbility extends CheckForAnyAbility
public function handle($request, $next, ...$abilities) public function handle($request, $next, ...$abilities)
{ {
try { try {
if ($request->user()->tokenCan('root')) {
return $next($request);
}
return parent::handle($request, $next, ...$abilities); return parent::handle($request, $next, ...$abilities);
} catch (\Illuminate\Auth\AuthenticationException $e) { } catch (\Illuminate\Auth\AuthenticationException $e) {
return response()->json([ return response()->json([

19
app/Livewire/Security/ApiTokens.php
View File

@@ -23,13 +23,18 @@ class ApiTokens extends Component
public function mount() public function mount()
{ {
$this->isApiEnabled = InstanceSettings::get()->is_api_enabled; $this->isApiEnabled = InstanceSettings::get()->is_api_enabled;
$this->getTokens();
}
private function getTokens()
{
$this->tokens = auth()->user()->tokens->sortByDesc('created_at'); $this->tokens = auth()->user()->tokens->sortByDesc('created_at');
} }
public function updatedPermissions($permissionToUpdate) public function updatedPermissions($permissionToUpdate)
{ {
if ($permissionToUpdate == 'write') { if ($permissionToUpdate == 'root') {
$this->permissions = ['write', 'deploy', 'read', 'read:sensitive']; $this->permissions = ['root'];
} elseif ($permissionToUpdate == 'read:sensitive' && ! in_array('read', $this->permissions)) { } elseif ($permissionToUpdate == 'read:sensitive' && ! in_array('read', $this->permissions)) {
$this->permissions[] = 'read'; $this->permissions[] = 'read';
} elseif ($permissionToUpdate == 'deploy') { } elseif ($permissionToUpdate == 'deploy') {
@@ -49,7 +54,7 @@ class ApiTokens extends Component
'description' => 'required|min:3|max:255', 'description' => 'required|min:3|max:255',
]); ]);
$token = auth()->user()->createToken($this->description, array_values($this->permissions)); $token = auth()->user()->createToken($this->description, array_values($this->permissions));
$this->tokens = auth()->user()->tokens; $this->getTokens();
session()->flash('token', $token->plainTextToken); session()->flash('token', $token->plainTextToken);
} catch (\Exception $e) { } catch (\Exception $e) {
return handleError($e, $this); return handleError($e, $this);
@@ -58,8 +63,12 @@ class ApiTokens extends Component
public function revoke(int $id) public function revoke(int $id)
{ {
$token = auth()->user()->tokens()->where('id', $id)->first(); try {
$token = auth()->user()->tokens()->where('id', $id)->firstOrFail();
$token->delete(); $token->delete();
$this->tokens = auth()->user()->tokens; $this->getTokens();
} catch (\Exception $e) {
return handleError($e, $this);
}
} }
} }

2
database/migrations/2024_10_30_074601_rename_token_permissions.php
View File

@@ -15,7 +15,7 @@ return new class extends Migration
foreach ($tokens as $token) { foreach ($tokens as $token) {
$abilities = collect(); $abilities = collect();
if (in_array('*', $token->abilities)) { if (in_array('*', $token->abilities)) {
$abilities->push('write', 'deploy', 'read', 'read:sensitive'); $abilities->push('root');
} }
if (in_array('read-only', $token->abilities)) { if (in_array('read-only', $token->abilities)) {
$abilities->push('read'); $abilities->push('read');

11
resources/views/livewire/security/api-tokens.blade.php
View File

@@ -33,9 +33,11 @@
<h4>Token Permissions</h4> <h4>Token Permissions</h4>
<div class="w-64"> <div class="w-64">
<x-forms.checkbox label="root" wire:model.live="permissions" domValue="root"
helper="Root access, be careful!" :checked="in_array('root', $permissions)"></x-forms.checkbox>
@if (!in_array('root', $permissions))
<x-forms.checkbox label="write" wire:model.live="permissions" domValue="write" <x-forms.checkbox label="write" wire:model.live="permissions" domValue="write"
helper="Root access, be careful!" :checked="in_array('write', $permissions)"></x-forms.checkbox> helper="Write access to all resources" :checked="in_array('write', $permissions)"></x-forms.checkbox>
@if (!in_array('write', $permissions))
<x-forms.checkbox label="deploy" wire:model.live="permissions" domValue="deploy" <x-forms.checkbox label="deploy" wire:model.live="permissions" domValue="deploy"
helper="Can trigger deploy webhooks" :checked="in_array('deploy', $permissions)"></x-forms.checkbox> helper="Can trigger deploy webhooks" :checked="in_array('deploy', $permissions)"></x-forms.checkbox>
<x-forms.checkbox label="read" domValue="read" wire:model.live="permissions" domValue="read" <x-forms.checkbox label="read" domValue="read" wire:model.live="permissions" domValue="read"
@@ -45,7 +47,7 @@
:checked="in_array('read:sensitive', $permissions)"></x-forms.checkbox> :checked="in_array('read:sensitive', $permissions)"></x-forms.checkbox>
@endif @endif
</div> </div>
@if (in_array('write', $permissions)) @if (in_array('root', $permissions))
<div class="font-bold text-warning">Root access, be careful!</div> <div class="font-bold text-warning">Root access, be careful!</div>
@endif @endif
</form> </form>
@@ -58,7 +60,8 @@
<h3 class="py-4">Issued Tokens</h3> <h3 class="py-4">Issued Tokens</h3>
<div class="grid gap-2 lg:grid-cols-1"> <div class="grid gap-2 lg:grid-cols-1">
@forelse ($tokens as $token) @forelse ($tokens as $token)
<div class="flex flex-col gap-1 p-2 border dark:border-coolgray-200 hover:no-underline"> <div wire:key="token-{{ $token->id }}"
class="flex flex-col gap-1 p-2 border dark:border-coolgray-200 hover:no-underline">
<div>Description: {{ $token->name }}</div> <div>Description: {{ $token->name }}</div>
<div>Last used: {{ $token->last_used_at ? $token->last_used_at->diffForHumans() : 'Never' }}</div> <div>Last used: {{ $token->last_used_at ? $token->last_used_at->diffForHumans() : 'Never' }}</div>
<div class="flex gap-1"> <div class="flex gap-1">

3
resources/views/livewire/team/admin-view.blade.php
View File

@@ -10,7 +10,8 @@
<h3 class="pt-4">Users</h3> <h3 class="pt-4">Users</h3>
<div class="flex flex-col gap-2 "> <div class="flex flex-col gap-2 ">
@forelse ($users as $user) @forelse ($users as $user)
<div class="flex items-center justify-center gap-2 bg-white box-without-bg dark:bg-coolgray-100"> <div wire:key="user-{{ $user->id }}"
class="flex items-center justify-center gap-2 bg-white box-without-bg dark:bg-coolgray-100">
<div>{{ $user->name }}</div> <div>{{ $user->name }}</div>
<div>{{ $user->email }}</div> <div>{{ $user->email }}</div>
<div class="flex-1"></div> <div class="flex-1"></div>