Commit graph

11 commits

Author SHA1 Message Date
Andras Bacsai
7154febf32 Merge remote-tracking branch 'origin/next' into audit-policies 2026-03-02 12:41:30 +01:00
Andras Bacsai
b878dc8102 refactor(auth): enforce team member authorization across app
Restrict sensitive operations to admins/owners and hide sensitive data
from team members:
- Add authorization checks to Livewire components and API endpoints
- Restrict team members from accessing sensitive permissions and data
- Hide environment variable values from non-admin team members
- Update policies to enforce team-level admin status requirement
- Add useSensitivePermissions policy for read:sensitive tokens
- Improve disabled button UX with auth-specific tooltips
- Add authorization checks in middleware for API tokens

Closes authorization gaps in project management, server management,
and settings components.
2026-02-27 11:41:01 +01:00
Andras Bacsai
86b05b902a fix(auth): enforce authorization checks across API and Livewire components
- Add authorization checks to API controller endpoints (view, create, update, delete)
- Wrap Livewire component methods with try-catch for consistent error handling
- Add AuthorizesRequests trait to components requiring authorization checks
- Ensure all sensitive operations verify user permissions before execution
- Implement unified error handling with handleError() helper function
2026-02-25 14:20:29 +01:00
Andras Bacsai
4e329053dd feat: add comment field to shared environment variables
Add comment field support to the "New Shared Variable" modal, ensuring it's saved properly for both normal and shared environment variables at all levels (Team, Project, Environment).

Changes:
- Add comment property, validation, and dispatch to Add component (Livewire & view)
- Update saveKey methods in Team, Project, and Environment to accept comment
- Replace SharedEnvironmentVariable model's $guarded with explicit $fillable array
- Include comment field in creation flow for all shared variable types

The comment field (max 256 chars, optional) is now available when creating shared variables and is consistently saved across all variable types.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-27 15:24:09 +01:00
Andras Bacsai
ce134cb8b1 fix: add authorization checks for environment and project views 2025-11-26 09:55:04 +01:00
Aditya Tripathi
28cb561c04 feat: add database transactions and component-level authorization to shared variables 2025-11-03 20:54:34 +00:00
Aditya Tripathi
85a1483356 feat: developer view for shared env variables 2025-11-02 22:27:24 +00:00
Andras Bacsai
63fcc0ebc3 feat(acl): Change views/backend code to able to use proper ACL's later on. Currently it is not enabled. 2025-08-26 10:27:38 +02:00
Andras Bacsai
ffd28de949 refresh env variable view on shared variable deletion 2024-12-07 14:35:02 +01:00
Thijmen
d86274cc37 Fix styling 2024-06-10 20:43:34 +00:00
Andras Bacsai
8a4c2bf208 shared variables are more visible now on the ui 2024-04-26 14:59:03 +02:00