coolify/app/Livewire/Project/Service/EditCompose.php
Andras Bacsai 68f81df0bb refactor(auth): enforce authorization checks across livewire components
Add authorization checks to multiple Livewire components to ensure users
have proper permissions before performing sensitive operations. This includes:

- Adding AuthorizesRequests trait to components handling deployments, backups,
  services, and configuration uploads
- Enforcing 'deploy', 'update', and 'manageBackups' authorization checks
- Adding instance admin check for system upgrade operations
- Improving database queries with team ownership scope
- Moving backup trigger from component to button with new backupNow() method
2026-02-27 11:59:26 +01:00

107 lines
3.1 KiB
PHP

<?php
namespace App\Livewire\Project\Service;
use App\Models\Service;
use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
use Livewire\Component;
class EditCompose extends Component
{
use AuthorizesRequests;
public Service $service;
public $serviceId;
public ?string $dockerComposeRaw = null;
public ?string $dockerCompose = null;
public bool $isContainerLabelEscapeEnabled = false;
protected $listeners = [
'refreshEnvs',
'envsUpdated',
'refresh' => 'envsUpdated',
];
protected $rules = [
'dockerComposeRaw' => 'required',
'dockerCompose' => 'required',
'isContainerLabelEscapeEnabled' => 'required',
];
public function envsUpdated()
{
$this->dispatch('saveCompose', $this->dockerComposeRaw);
$this->refreshEnvs();
}
public function refreshEnvs()
{
$this->service = Service::ownedByCurrentTeam()->find($this->serviceId);
$this->syncData(false);
}
public function mount()
{
$this->service = Service::ownedByCurrentTeam()->find($this->serviceId);
$this->syncData(false);
}
private function syncData(bool $toModel = false): void
{
if ($toModel) {
$this->service->docker_compose_raw = $this->dockerComposeRaw;
$this->service->docker_compose = $this->dockerCompose;
$this->service->is_container_label_escape_enabled = $this->isContainerLabelEscapeEnabled;
} else {
$this->dockerComposeRaw = $this->service->docker_compose_raw;
$this->dockerCompose = $this->service->docker_compose;
$this->isContainerLabelEscapeEnabled = $this->service->is_container_label_escape_enabled ?? false;
}
}
public function validateCompose()
{
$isValid = validateComposeFile($this->dockerComposeRaw, $this->service->server_id);
if ($isValid !== 'OK') {
$this->dispatch('error', "Invalid docker-compose file.\n$isValid");
} else {
$this->dispatch('success', 'Docker compose is valid.');
}
}
public function saveEditedCompose()
{
try {
$this->authorize('update', $this->service);
$this->dispatch('info', 'Saving new docker compose...');
$this->dispatch('saveCompose', $this->dockerComposeRaw);
$this->dispatch('refreshStorages');
} catch (\Throwable $e) {
return handleError($e, $this);
}
}
public function instantSave()
{
try {
$this->authorize('update', $this->service);
$this->validate([
'isContainerLabelEscapeEnabled' => 'required',
]);
$this->syncData(true);
$this->service->save(['is_container_label_escape_enabled' => $this->isContainerLabelEscapeEnabled]);
$this->dispatch('success', 'Service updated successfully');
} catch (\Throwable $e) {
return handleError($e, $this);
}
}
public function render()
{
return view('livewire.project.service.edit-compose');
}
}