Skip to content

refactor(auth): enforce member authorization and hide sensitive data#8651

Closed
andrasbacsai wants to merge 13 commits intonextfrom
hide-env-values-from-members
Closed

refactor(auth): enforce member authorization and hide sensitive data#8651
andrasbacsai wants to merge 13 commits intonextfrom
hide-env-values-from-members

Conversation

@andrasbacsai
Copy link
Member

@andrasbacsai andrasbacsai commented Feb 27, 2026

Summary

  • Restrict team members from accessing owner/admin-only API permissions (root, write, deploy, read:sensitive)
  • Hide environment variable values from team members in API responses
  • Add authorization checks to all API endpoints touching teams, servers, projects, environments, and security resources
  • Wrap Livewire action methods with authorization checks and unified error handling
  • Update API middleware to enforce role-based access control for sensitive operations
  • Add comprehensive browser and unit tests for member authorization scenarios

Breaking Changes

Team members with existing API tokens containing owner-level permissions (root, write, deploy, read:sensitive) will no longer be able to use those permissions. Tokens with restricted abilities should be revoked and recreated with read-only permissions.

Key Changes

API Authorization:

  • ApiAbility middleware now validates that members cannot use owner-only abilities
  • ApiSensitiveData middleware restricts sensitive data access based on user role
  • Added explicit authorization checks before resource mutations across all controllers

Livewire Authorization:

  • All action methods wrapped in try-catch with shared handleError() handler
  • Added authorization checks to deployment, backup, deletion, and configuration methods
  • Improved error handling for authorization failures in components

Data Filtering:

  • Environment variable values hidden from team members in Application/Service API responses
  • Only owners and admins can read sensitive environment variable values

Documentation:

  • Added browser test best practices and Livewire mount() error handling guidance to CLAUDE.md
  • Documented Docker worktree setup, policy test patterns, and browser test conventions in .ai/lessons.md

Related to #8628

@andrasbacsai
fix(auth): enforce authorization checks across API and Livewire compo…
86b05b9 
…nents

- Add authorization checks to API controller endpoints (view, create, update, delete)
- Wrap Livewire component methods with try-catch for consistent error handling
- Add AuthorizesRequests trait to components requiring authorization checks
- Ensure all sensitive operations verify user permissions before execution
- Implement unified error handling with handleError() helper function
@andrasbacsai
fix(auth): enforce dashboard authorization and improve team deletion
fcc58ca 
Add authorization gates to Project and Server creation buttons in the dashboard to prevent non-admin users from accessing resource creation. Improve team deletion to clear cache before deletion and automatically switch to the user's next available team.

- Hide create buttons from non-admin users in dashboard
- Clear cache before team deletion to prevent stale session resolution
- Switch user session to next available team when current team is deleted
- Handle refreshSession when user has no remaining teams
- Add tests for dashboard authorization enforcement and team deletion flow
@andrasbacsai
fix(auth): enforce proxy authorization checks in server navbar
41e1248 
Add authorization gate using @can('manageProxy') directive to ensure only
authorized users can view and interact with proxy control buttons (restart,
stop, start) in the server navbar component. Refactor tests to validate that
members cannot see proxy buttons while admins can.
@andrasbacsai
fix(auth): enforce authorization checks in Livewire components
94dfd6a 
- Replace manual ownership checks with authorize() in Destination/Show, NavbarDeleteTeam, and Project/Show
- Add authorization checks for team deletion and environment creation
- Add proper exception handling with try-catch blocks
- Add comprehensive feature and browser tests for authorization scenarios
- Update CLAUDE.md with Pest Browser Plugin testing guidelines
@andrasbacsai
test(browser): expand server/project auth coverage
ede7528
@andrasbacsai
Merge remote-tracking branch 'origin/next' into audit-policies
f09bbb4 
# Conflicts:
#	tests/Unit/Policies/GithubAppPolicyTest.php
#	tests/Unit/Policies/SharedEnvironmentVariablePolicyTest.php
@andrasbacsai
test(browser): cover resource settings persistence
37eac11
@andrasbacsai
test(browser): remove notification prompt helper
9c1ca42
@andrasbacsai
test(browser): improve "ResourceSettingsPersistence" assertions
52b8813 
Adjusted Discord notification setup, Livewire form submission handling, and checkbox interactions in `ResourceSettingsPersistenceTest` to better reflect page flows.
@andrasbacsai
test(auth): cover authorization scenarios for api and ui
34d8499
@andrasbacsai
chore(tests): reorganize feature suites and expand team auth coverage
347af07
@andrasbacsai
test: refresh api and job feature suites
e82942b
@andrasbacsai
refactor(auth): enforce team member authorization across app
b878dc8 
Restrict sensitive operations to admins/owners and hide sensitive data
from team members:
- Add authorization checks to Livewire components and API endpoints
- Restrict team members from accessing sensitive permissions and data
- Hide environment variable values from non-admin team members
- Update policies to enforce team-level admin status requirement
- Add useSensitivePermissions policy for read:sensitive tokens
- Improve disabled button UX with auth-specific tooltips
- Add authorization checks in middleware for API tokens

Closes authorization gaps in project management, server management,
and settings components.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@andrasbacsai