mirror of
https://github.com/coollabsio/coolify.git
synced 2026-03-11 08:55:47 +00:00
Add authorization gates to Project and Server creation buttons in the dashboard to prevent non-admin users from accessing resource creation. Improve team deletion to clear cache before deletion and automatically switch to the user's next available team. - Hide create buttons from non-admin users in dashboard - Clear cache before team deletion to prevent stale session resolution - Switch user session to next available team when current team is deleted - Handle refreshSession when user has no remaining teams - Add tests for dashboard authorization enforcement and team deletion flow
126 lines
3.5 KiB
PHP
126 lines
3.5 KiB
PHP
<?php
|
|
|
|
namespace App\Livewire\Team;
|
|
|
|
use App\Models\Team;
|
|
use App\Models\TeamInvitation;
|
|
use App\Support\ValidationPatterns;
|
|
use Illuminate\Foundation\Auth\Access\AuthorizesRequests;
|
|
use Illuminate\Support\Facades\Auth;
|
|
use Illuminate\Support\Facades\Cache;
|
|
use Illuminate\Support\Facades\DB;
|
|
use Livewire\Component;
|
|
|
|
class Index extends Component
|
|
{
|
|
use AuthorizesRequests;
|
|
|
|
public $invitations = [];
|
|
|
|
public Team $team;
|
|
|
|
// Explicit properties
|
|
public string $name;
|
|
|
|
public ?string $description = null;
|
|
|
|
protected function rules(): array
|
|
{
|
|
return [
|
|
'name' => ValidationPatterns::nameRules(),
|
|
'description' => ValidationPatterns::descriptionRules(),
|
|
];
|
|
}
|
|
|
|
protected function messages(): array
|
|
{
|
|
return array_merge(
|
|
ValidationPatterns::combinedMessages(),
|
|
[
|
|
'name.required' => 'The Name field is required.',
|
|
]
|
|
);
|
|
}
|
|
|
|
protected $validationAttributes = [
|
|
'name' => 'name',
|
|
'description' => 'description',
|
|
];
|
|
|
|
/**
|
|
* Sync data between component properties and model
|
|
*
|
|
* @param bool $toModel If true, sync FROM properties TO model. If false, sync FROM model TO properties.
|
|
*/
|
|
private function syncData(bool $toModel = false): void
|
|
{
|
|
if ($toModel) {
|
|
// Sync TO model (before save)
|
|
$this->team->name = $this->name;
|
|
$this->team->description = $this->description;
|
|
} else {
|
|
// Sync FROM model (on load/refresh)
|
|
$this->name = $this->team->name;
|
|
$this->description = $this->team->description;
|
|
}
|
|
}
|
|
|
|
public function mount()
|
|
{
|
|
$this->team = currentTeam();
|
|
$this->syncData(false);
|
|
|
|
if (auth()->user()->isAdminFromSession()) {
|
|
$this->invitations = TeamInvitation::whereTeamId(currentTeam()->id)->get();
|
|
}
|
|
}
|
|
|
|
public function render()
|
|
{
|
|
return view('livewire.team.index');
|
|
}
|
|
|
|
public function submit()
|
|
{
|
|
$this->validate();
|
|
try {
|
|
$this->authorize('update', $this->team);
|
|
$this->syncData(true);
|
|
$this->team->save();
|
|
refreshSession();
|
|
$this->dispatch('success', 'Team updated.');
|
|
} catch (\Throwable $e) {
|
|
return handleError($e, $this);
|
|
}
|
|
}
|
|
|
|
public function delete()
|
|
{
|
|
try {
|
|
$currentTeam = currentTeam();
|
|
$this->authorize('delete', $currentTeam);
|
|
$currentTeam->members->each(function ($user) use ($currentTeam) {
|
|
if ($user->id === Auth::id()) {
|
|
return;
|
|
}
|
|
$user->teams()->detach($currentTeam);
|
|
$session = DB::table('sessions')->where('user_id', $user->id)->first();
|
|
if ($session) {
|
|
DB::table('sessions')->where('id', $session->id)->delete();
|
|
}
|
|
});
|
|
|
|
// Clear stale cache before deleting so refreshSession doesn't resolve the deleted team
|
|
Cache::forget('user:'.Auth::id().':team:'.$currentTeam->id);
|
|
$currentTeam->delete();
|
|
|
|
// Switch to the user's next available team
|
|
$newTeam = Auth::user()->teams()->first();
|
|
refreshSession($newTeam);
|
|
|
|
return redirect()->route('team.index');
|
|
} catch (\Throwable $e) {
|
|
return handleError($e, $this);
|
|
}
|
|
}
|
|
}
|