isApiEnabled = InstanceSettings::get()->is_api_enabled; $this->canUseRootPermissions = auth()->user()->can('useRootPermissions', PersonalAccessToken::class); $this->canUseWritePermissions = auth()->user()->can('useWritePermissions', PersonalAccessToken::class); $this->canUseDeployPermissions = auth()->user()->can('useDeployPermissions', PersonalAccessToken::class); $this->canUseSensitivePermissions = auth()->user()->can('useSensitivePermissions', PersonalAccessToken::class); $this->getTokens(); } private function getTokens() { $this->tokens = auth()->user()->tokens->sortByDesc('created_at'); } public function updatedPermissions($permissionToUpdate) { // Re-evaluate policies fresh — never trust stored snapshot booleans if ($permissionToUpdate == 'root' && ! auth()->user()->can('useRootPermissions', PersonalAccessToken::class)) { $this->dispatch('error', 'You do not have permission to use root permissions.'); $this->permissions = array_diff($this->permissions, ['root']); return; } if (in_array($permissionToUpdate, ['write', 'write:sensitive']) && ! auth()->user()->can('useWritePermissions', PersonalAccessToken::class)) { $this->dispatch('error', 'You do not have permission to use write permissions.'); $this->permissions = array_diff($this->permissions, ['write', 'write:sensitive']); return; } if ($permissionToUpdate == 'deploy' && ! auth()->user()->can('useDeployPermissions', PersonalAccessToken::class)) { $this->dispatch('error', 'You do not have permission to use deploy permissions.'); $this->permissions = array_diff($this->permissions, ['deploy']); return; } if ($permissionToUpdate == 'read:sensitive' && ! auth()->user()->can('useSensitivePermissions', PersonalAccessToken::class)) { $this->dispatch('error', 'You do not have permission to use read:sensitive permissions.'); $this->permissions = array_diff($this->permissions, ['read:sensitive']); return; } if ($permissionToUpdate == 'root') { $this->permissions = ['root']; } elseif ($permissionToUpdate == 'read:sensitive' && ! in_array('read', $this->permissions)) { $this->permissions[] = 'read'; } elseif ($permissionToUpdate == 'deploy') { $this->permissions = ['deploy']; } else { if (count($this->permissions) == 0) { $this->permissions = ['read']; } } sort($this->permissions); } public function addNewToken() { try { $this->authorize('create', PersonalAccessToken::class); // Re-evaluate policies fresh against the current authenticated user. // Never trust $this->canUse* booleans — they come from the Livewire // snapshot which can be replayed from another user's session. if (in_array('root', $this->permissions) && ! auth()->user()->can('useRootPermissions', PersonalAccessToken::class)) { throw new \Exception('You do not have permission to create tokens with root permissions.'); } if (array_intersect(['write', 'write:sensitive'], $this->permissions) && ! auth()->user()->can('useWritePermissions', PersonalAccessToken::class)) { throw new \Exception('You do not have permission to create tokens with write permissions.'); } if (in_array('deploy', $this->permissions) && ! auth()->user()->can('useDeployPermissions', PersonalAccessToken::class)) { throw new \Exception('You do not have permission to create tokens with deploy permissions.'); } if (in_array('read:sensitive', $this->permissions) && ! auth()->user()->can('useSensitivePermissions', PersonalAccessToken::class)) { throw new \Exception('You do not have permission to create tokens with read:sensitive permissions.'); } $this->validate([ 'description' => 'required|min:3|max:255', ]); $token = auth()->user()->createToken($this->description, array_values($this->permissions)); $this->getTokens(); // Do NOT strip the numeric prefix (e.g. "69|...") — Sanctum uses it to index and look up tokens. session()->flash('token', $token->plainTextToken); } catch (\Exception $e) { return handleError($e, $this); } } public function revoke(int $id) { try { $token = auth()->user()->tokens()->where('id', $id)->firstOrFail(); $this->authorize('delete', $token); $token->delete(); $this->getTokens(); } catch (\Exception $e) { return handleError($e, $this); } } }