1a603a10ed
Replace all uses of `forceFill`, `forceCreate`, and `forceFill` with their non-force equivalents across models, actions, controllers, and Livewire components. Add explicit `$fillable` arrays to all affected Eloquent models to enforce mass assignment protection. Add ModelFillableCreationTest and ModelFillableRegressionTest to verify that model creation respects fillable constraints and prevent regressions.
121 lines
3.2 KiB
PHP
121 lines
3.2 KiB
PHP
<?php
|
|
|
|
namespace App\Models;
|
|
|
|
use Illuminate\Database\Eloquent\Casts\Attribute;
|
|
|
|
class GithubApp extends BaseModel
|
|
{
|
|
protected $fillable = [
|
|
'team_id',
|
|
'private_key_id',
|
|
'name',
|
|
'organization',
|
|
'api_url',
|
|
'html_url',
|
|
'custom_user',
|
|
'custom_port',
|
|
'app_id',
|
|
'installation_id',
|
|
'client_id',
|
|
'client_secret',
|
|
'webhook_secret',
|
|
'is_system_wide',
|
|
'is_public',
|
|
'contents',
|
|
'metadata',
|
|
'pull_requests',
|
|
'administration',
|
|
];
|
|
|
|
protected $appends = ['type'];
|
|
|
|
protected $casts = [
|
|
'is_public' => 'boolean',
|
|
'is_system_wide' => 'boolean',
|
|
'type' => 'string',
|
|
];
|
|
|
|
protected $hidden = [
|
|
'client_secret',
|
|
'webhook_secret',
|
|
];
|
|
|
|
protected static function booted(): void
|
|
{
|
|
static::deleting(function (GithubApp $github_app) {
|
|
$applications_count = Application::where('source_id', $github_app->id)->count();
|
|
if ($applications_count > 0) {
|
|
throw new \Exception('You cannot delete this GitHub App because it is in use by '.$applications_count.' application(s). Delete them first.');
|
|
}
|
|
|
|
$privateKey = $github_app->privateKey;
|
|
if ($privateKey) {
|
|
// Check if key is used by anything EXCEPT this GitHub app
|
|
$isUsedElsewhere = $privateKey->servers()->exists()
|
|
|| $privateKey->applications()->exists()
|
|
|| $privateKey->githubApps()->where('id', '!=', $github_app->id)->exists()
|
|
|| $privateKey->gitlabApps()->exists();
|
|
|
|
if (! $isUsedElsewhere) {
|
|
$privateKey->delete();
|
|
} else {
|
|
}
|
|
}
|
|
});
|
|
}
|
|
|
|
public static function ownedByCurrentTeam()
|
|
{
|
|
return GithubApp::where(function ($query) {
|
|
$query->where('team_id', currentTeam()->id)
|
|
->orWhere('is_system_wide', true);
|
|
});
|
|
}
|
|
|
|
public static function public()
|
|
{
|
|
return GithubApp::where(function ($query) {
|
|
$query->where(function ($q) {
|
|
$q->where('team_id', currentTeam()->id)
|
|
->orWhere('is_system_wide', true);
|
|
})->where('is_public', true);
|
|
})->whereNotNull('app_id')->get();
|
|
}
|
|
|
|
public static function private()
|
|
{
|
|
return GithubApp::where(function ($query) {
|
|
$query->where(function ($q) {
|
|
$q->where('team_id', currentTeam()->id)
|
|
->orWhere('is_system_wide', true);
|
|
})->where('is_public', false);
|
|
})->whereNotNull('app_id')->get();
|
|
}
|
|
|
|
public function team()
|
|
{
|
|
return $this->belongsTo(Team::class);
|
|
}
|
|
|
|
public function applications()
|
|
{
|
|
return $this->morphMany(Application::class, 'source');
|
|
}
|
|
|
|
public function privateKey()
|
|
{
|
|
return $this->belongsTo(PrivateKey::class);
|
|
}
|
|
|
|
public function type(): Attribute
|
|
{
|
|
return Attribute::make(
|
|
get: function () {
|
|
if ($this->getMorphClass() === GithubApp::class) {
|
|
return 'github';
|
|
}
|
|
},
|
|
);
|
|
}
|
|
}
|