mirror of
https://github.com/coollabsio/coolify.git
synced 2026-03-11 08:55:47 +00:00
Restrict sensitive operations to admins/owners and hide sensitive data from team members: - Add authorization checks to Livewire components and API endpoints - Restrict team members from accessing sensitive permissions and data - Hide environment variable values from non-admin team members - Update policies to enforce team-level admin status requirement - Add useSensitivePermissions policy for read:sensitive tokens - Improve disabled button UX with auth-specific tooltips - Add authorization checks in middleware for API tokens Closes authorization gaps in project management, server management, and settings components.
114 lines
3.5 KiB
PHP
114 lines
3.5 KiB
PHP
<?php
|
|
|
|
namespace App\Livewire\Settings;
|
|
|
|
use App\Jobs\CheckForUpdatesJob;
|
|
use App\Models\InstanceSettings;
|
|
use App\Models\Server;
|
|
use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
|
|
use Livewire\Attributes\Validate;
|
|
use Livewire\Component;
|
|
|
|
class Updates extends Component
|
|
{
|
|
use AuthorizesRequests;
|
|
|
|
public InstanceSettings $settings;
|
|
|
|
public ?Server $server = null;
|
|
|
|
#[Validate('string')]
|
|
public string $auto_update_frequency;
|
|
|
|
#[Validate('string|required')]
|
|
public string $update_check_frequency;
|
|
|
|
#[Validate('boolean')]
|
|
public bool $is_auto_update_enabled;
|
|
|
|
public function mount()
|
|
{
|
|
if (! isInstanceAdmin()) {
|
|
return redirect()->route('dashboard');
|
|
}
|
|
if (! isCloud()) {
|
|
$this->server = Server::findOrFail(0);
|
|
}
|
|
|
|
$this->settings = instanceSettings();
|
|
$this->auto_update_frequency = $this->settings->auto_update_frequency;
|
|
$this->update_check_frequency = $this->settings->update_check_frequency;
|
|
$this->is_auto_update_enabled = $this->settings->is_auto_update_enabled;
|
|
}
|
|
|
|
public function instantSave()
|
|
{
|
|
try {
|
|
$this->authorize('update', $this->settings);
|
|
if ($this->settings->is_auto_update_enabled === true) {
|
|
$this->validate([
|
|
'auto_update_frequency' => ['required', 'string'],
|
|
]);
|
|
}
|
|
$this->settings->auto_update_frequency = $this->auto_update_frequency;
|
|
$this->settings->update_check_frequency = $this->update_check_frequency;
|
|
$this->settings->is_auto_update_enabled = $this->is_auto_update_enabled;
|
|
$this->settings->save();
|
|
$this->dispatch('success', 'Settings updated!');
|
|
} catch (\Exception $e) {
|
|
return handleError($e, $this);
|
|
}
|
|
}
|
|
|
|
public function submit()
|
|
{
|
|
try {
|
|
$this->authorize('update', $this->settings);
|
|
$this->resetErrorBag();
|
|
$this->validate();
|
|
|
|
if ($this->is_auto_update_enabled && ! validate_cron_expression($this->auto_update_frequency)) {
|
|
$this->dispatch('error', 'Invalid Cron / Human expression for Auto Update Frequency.');
|
|
if (empty($this->auto_update_frequency)) {
|
|
$this->auto_update_frequency = '0 0 * * *';
|
|
}
|
|
|
|
return;
|
|
}
|
|
|
|
if (! validate_cron_expression($this->update_check_frequency)) {
|
|
$this->dispatch('error', 'Invalid Cron / Human expression for Update Check Frequency.');
|
|
if (empty($this->update_check_frequency)) {
|
|
$this->update_check_frequency = '0 * * * *';
|
|
}
|
|
|
|
return;
|
|
}
|
|
|
|
$this->instantSave();
|
|
if ($this->server) {
|
|
$this->server->setupDynamicProxyConfiguration();
|
|
}
|
|
} catch (\Exception $e) {
|
|
return handleError($e, $this);
|
|
}
|
|
}
|
|
|
|
public function checkManually()
|
|
{
|
|
$this->authorize('update', $this->settings);
|
|
CheckForUpdatesJob::dispatchSync();
|
|
$this->dispatch('updateAvailable');
|
|
$settings = instanceSettings();
|
|
if ($settings->new_version_available) {
|
|
$this->dispatch('success', 'New version available!');
|
|
} else {
|
|
$this->dispatch('success', 'No new version available.');
|
|
}
|
|
}
|
|
|
|
public function render()
|
|
{
|
|
return view('livewire.settings.updates');
|
|
}
|
|
}
|