diff --git a/app/Livewire/Security/PrivateKey/Create.php b/app/Livewire/Security/PrivateKey/Create.php index ff196bd35..0f36037ff 100644 --- a/app/Livewire/Security/PrivateKey/Create.php +++ b/app/Livewire/Security/PrivateKey/Create.php @@ -4,10 +4,13 @@ use App\Models\PrivateKey; use App\Support\ValidationPatterns; +use Illuminate\Foundation\Auth\Access\AuthorizesRequests; use Livewire\Component; class Create extends Component { + use AuthorizesRequests; + public string $name = ''; public string $value = ''; @@ -66,6 +69,7 @@ public function createPrivateKey() $this->validate(); try { + $this->authorize('create', PrivateKey::class); $privateKey = PrivateKey::createAndStore([ 'name' => $this->name, 'description' => $this->description, diff --git a/app/Livewire/Security/PrivateKey/Show.php b/app/Livewire/Security/PrivateKey/Show.php index b78367464..2ff06c349 100644 --- a/app/Livewire/Security/PrivateKey/Show.php +++ b/app/Livewire/Security/PrivateKey/Show.php @@ -4,10 +4,13 @@ use App\Models\PrivateKey; use App\Support\ValidationPatterns; +use Illuminate\Foundation\Auth\Access\AuthorizesRequests; use Livewire\Component; class Show extends Component { + use AuthorizesRequests; + public PrivateKey $private_key; public $public_key = 'Loading...'; @@ -62,6 +65,7 @@ public function loadPublicKey() public function delete() { try { + $this->authorize('delete', $this->private_key); $this->private_key->safeDelete(); currentTeam()->privateKeys = PrivateKey::where('team_id', currentTeam()->id)->get(); @@ -76,6 +80,7 @@ public function delete() public function changePrivateKey() { try { + $this->authorize('update', $this->private_key); $this->private_key->updatePrivateKey([ 'private_key' => formatPrivateKey($this->private_key->private_key), ]); diff --git a/app/Policies/PrivateKeyPolicy.php b/app/Policies/PrivateKeyPolicy.php new file mode 100644 index 000000000..6b9fd2171 --- /dev/null +++ b/app/Policies/PrivateKeyPolicy.php @@ -0,0 +1,65 @@ +teams()->get()->firstWhere('id', $privateKey->team_id) !== null; + } + + /** + * Determine whether the user can create models. + */ + public function create(User $user): bool + { + return $user->isAdmin(); + } + + /** + * Determine whether the user can update the model. + */ + public function update(User $user, PrivateKey $privateKey): bool + { + return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $privateKey->team_id) !== null; + } + + /** + * Determine whether the user can delete the model. + */ + public function delete(User $user, PrivateKey $privateKey): bool + { + return $user->isAdmin() && $user->teams()->get()->firstWhere('id', $privateKey->team_id) !== null; + } + + /** + * Determine whether the user can restore the model. + */ + public function restore(User $user, PrivateKey $privateKey): bool + { + return false; + } + + /** + * Determine whether the user can permanently delete the model. + */ + public function forceDelete(User $user, PrivateKey $privateKey): bool + { + return false; + } +} diff --git a/app/Providers/AuthServiceProvider.php b/app/Providers/AuthServiceProvider.php index dafcbee79..476e064d6 100644 --- a/app/Providers/AuthServiceProvider.php +++ b/app/Providers/AuthServiceProvider.php @@ -13,7 +13,8 @@ class AuthServiceProvider extends ServiceProvider * @var array */ protected $policies = [ - // 'App\Models\Model' => 'App\Policies\ModelPolicy', + \App\Models\Server::class => \App\Policies\ServerPolicy::class, + \App\Models\PrivateKey::class => \App\Policies\PrivateKeyPolicy::class, ]; /**