coolify/app/Livewire/Server/Proxy/DynamicConfigurations.php
Andras Bacsai b878dc8102 refactor(auth): enforce team member authorization across app
Restrict sensitive operations to admins/owners and hide sensitive data
from team members:
- Add authorization checks to Livewire components and API endpoints
- Restrict team members from accessing sensitive permissions and data
- Hide environment variable values from non-admin team members
- Update policies to enforce team-level admin status requirement
- Add useSensitivePermissions policy for read:sensitive tokens
- Improve disabled button UX with auth-specific tooltips
- Add authorization checks in middleware for API tokens

Closes authorization gaps in project management, server management,
and settings components.
2026-02-27 11:41:01 +01:00

79 lines
2.3 KiB
PHP

<?php
namespace App\Livewire\Server\Proxy;
use App\Models\Server;
use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
use Illuminate\Support\Collection;
use Livewire\Component;
class DynamicConfigurations extends Component
{
use AuthorizesRequests;
public ?Server $server = null;
public $parameters = [];
public Collection $contents;
public function getListeners()
{
$teamId = auth()->user()->currentTeam()->id;
return [
"echo-private:team.{$teamId},ProxyStatusChangedUI" => 'loadDynamicConfigurations',
'loadDynamicConfigurations',
];
}
protected $rules = [
'contents.*' => 'nullable|string',
];
public function initLoadDynamicConfigurations()
{
$this->loadDynamicConfigurations();
}
public function loadDynamicConfigurations()
{
try {
$this->authorize('view', $this->server);
} catch (\Throwable $e) {
return handleError($e, $this);
}
$proxy_path = $this->server->proxyPath();
$files = instant_remote_process(["mkdir -p $proxy_path/dynamic && ls -1 {$proxy_path}/dynamic"], $this->server);
$files = collect(explode("\n", $files))->filter(fn ($file) => ! empty($file));
$files = $files->map(fn ($file) => trim($file));
$files = $files->sort();
$contents = collect([]);
foreach ($files as $file) {
$without_extension = str_replace('.', '|', $file);
$content = instant_remote_process(["cat {$proxy_path}/dynamic/{$file}"], $this->server);
$contents[$without_extension] = $content ?? '';
}
$this->contents = $contents;
$this->dispatch('$refresh');
$this->dispatch('success', 'Dynamic configurations loaded.');
}
public function mount()
{
$this->parameters = get_route_parameters();
try {
$this->server = Server::ownedByCurrentTeam()->whereUuid(request()->server_uuid)->first();
if (is_null($this->server)) {
return redirect()->route('server.index');
}
} catch (\Throwable $e) {
return handleError($e, $this);
}
}
public function render()
{
return view('livewire.server.proxy.dynamic-configurations');
}
}