fix(auth): enforce policies across API and Livewire#8663
Closed
andrasbacsai wants to merge 22 commits intonextfrom
Closed
fix(auth): enforce policies across API and Livewire#8663andrasbacsai wants to merge 22 commits intonextfrom
andrasbacsai wants to merge 22 commits intonextfrom
Conversation
…nents - Add authorization checks to API controller endpoints (view, create, update, delete) - Wrap Livewire component methods with try-catch for consistent error handling - Add AuthorizesRequests trait to components requiring authorization checks - Ensure all sensitive operations verify user permissions before execution - Implement unified error handling with handleError() helper function
Add authorization gates to Project and Server creation buttons in the dashboard to prevent non-admin users from accessing resource creation. Improve team deletion to clear cache before deletion and automatically switch to the user's next available team. - Hide create buttons from non-admin users in dashboard - Clear cache before team deletion to prevent stale session resolution - Switch user session to next available team when current team is deleted - Handle refreshSession when user has no remaining teams - Add tests for dashboard authorization enforcement and team deletion flow
Add authorization gate using @can('manageProxy') directive to ensure only authorized users can view and interact with proxy control buttons (restart, stop, start) in the server navbar component. Refactor tests to validate that members cannot see proxy buttons while admins can.
- Replace manual ownership checks with authorize() in Destination/Show, NavbarDeleteTeam, and Project/Show - Add authorization checks for team deletion and environment creation - Add proper exception handling with try-catch blocks - Add comprehensive feature and browser tests for authorization scenarios - Update CLAUDE.md with Pest Browser Plugin testing guidelines
# Conflicts: # tests/Unit/Policies/GithubAppPolicyTest.php # tests/Unit/Policies/SharedEnvironmentVariablePolicyTest.php
Adjusted Discord notification setup, Livewire form submission handling, and checkbox interactions in `ResourceSettingsPersistenceTest` to better reflect page flows.
Restrict sensitive operations to admins/owners and hide sensitive data from team members: - Add authorization checks to Livewire components and API endpoints - Restrict team members from accessing sensitive permissions and data - Hide environment variable values from non-admin team members - Update policies to enforce team-level admin status requirement - Add useSensitivePermissions policy for read:sensitive tokens - Improve disabled button UX with auth-specific tooltips - Add authorization checks in middleware for API tokens Closes authorization gaps in project management, server management, and settings components.
Wrap email notification logic in try-catch to prevent email sending failures from breaking the connection test. If notification fails, log a warning and continue instead of letting the exception propagate.
Instance-level databases like coolify-db (with id = 0) should always be assigned to the root team (id = 0) rather than attempting to resolve their team from the database object itself.
Add authorization checks to multiple Livewire components to ensure users have proper permissions before performing sensitive operations. This includes: - Adding AuthorizesRequests trait to components handling deployments, backups, services, and configuration uploads - Enforcing 'deploy', 'update', and 'manageBackups' authorization checks - Adding instance admin check for system upgrade operations - Improving database queries with team ownership scope - Moving backup trigger from component to button with new backupNow() method
Hide database passwords, connection URLs, and debug logs from team members: - Database components: hide passwords and connection URLs for members - Deployment UI: gate debug log toggle behind update permission - Debug logs: prevent members from viewing debug output - Storage/services: hide sensitive credentials from members Members can still view non-sensitive configuration while admins retain full access to all data.
Never trust Livewire component properties for authorization decisions, as snapshots can be replayed from another user's session. Re-evaluate all permission checks fresh using auth()->user()->can() against current policies to ensure the authenticated user is being authorized, not a replayed copy. - Replace cached canUse* booleans with fresh policy evaluation - Add comprehensive security tests for token creation permissions - Update API authorization tests to verify middleware blocking behavior
Add fallback to resolve team from Sanctum access token when session team is unavailable, enabling proper team context for stateless API requests.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Changes
API Controllers
$this->authorize()checks (view, create, update, delete) across ApplicationsController, CloudProviderTokensController, GithubController, ProjectController, SecurityController, ServersController, TeamController, and moreLivewire Components
handleError()helperDocumentation
.ai/lessons.mddocumenting Docker/worktree setup, policy test patterns, and browser test quirksCLAUDE.mdwith Pest Browser Plugin testing guidelines and examplesRelated to #8628