mirror of
https://github.com/coollabsio/coolify.git
synced 2026-06-19 07:35:25 +00:00
chore: defer server policy changes
This commit is contained in:
Andras Bacsai
@@ -28,7 +28,8 @@ class ServerPolicy
|
||||
*/
|
||||
public function create(User $user): bool
|
||||
{
|
||||
return $user->isAdmin();
|
||||
// return $user->isAdmin();
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -36,7 +37,8 @@ class ServerPolicy
|
||||
*/
|
||||
public function update(User $user, Server $server): bool
|
||||
{
|
||||
return $this->canManageServer($user, $server);
|
||||
// return $user->isAdmin() && $user->teams->contains('id', $server->team_id);
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -44,7 +46,8 @@ class ServerPolicy
|
||||
*/
|
||||
public function delete(User $user, Server $server): bool
|
||||
{
|
||||
return $this->canManageServer($user, $server);
|
||||
// return $user->isAdmin() && $user->teams->contains('id', $server->team_id);
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -68,7 +71,8 @@ class ServerPolicy
|
||||
*/
|
||||
public function manageProxy(User $user, Server $server): bool
|
||||
{
|
||||
return $this->canManageServer($user, $server);
|
||||
// return $user->isAdmin() && $user->teams->contains('id', $server->team_id);
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -76,7 +80,8 @@ class ServerPolicy
|
||||
*/
|
||||
public function manageSentinel(User $user, Server $server): bool
|
||||
{
|
||||
return $this->canManageServer($user, $server);
|
||||
// return $user->isAdmin() && $user->teams->contains('id', $server->team_id);
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -84,7 +89,8 @@ class ServerPolicy
|
||||
*/
|
||||
public function manageCaCertificate(User $user, Server $server): bool
|
||||
{
|
||||
return $this->canManageServer($user, $server);
|
||||
// return $user->isAdmin() && $user->teams->contains('id', $server->team_id);
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -92,11 +98,7 @@ class ServerPolicy
|
||||
*/
|
||||
public function viewSecurity(User $user, Server $server): bool
|
||||
{
|
||||
return $this->canManageServer($user, $server);
|
||||
}
|
||||
|
||||
private function canManageServer(User $user, Server $server): bool
|
||||
{
|
||||
return $user->isAdmin() && $user->teams->contains('id', $server->team_id);
|
||||
// return $user->isAdmin() && $user->teams->contains('id', $server->team_id);
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,66 +0,0 @@
|
||||
<?php
|
||||
|
||||
use App\Models\Server;
|
||||
use App\Models\Team;
|
||||
use App\Models\User;
|
||||
use App\Policies\ServerPolicy;
|
||||
use Illuminate\Database\Eloquent\Relations\Pivot;
|
||||
|
||||
function userWithServerRole(int $teamId, string $role): User
|
||||
{
|
||||
$team = new Team;
|
||||
$team->setRawAttributes(['id' => $teamId], true);
|
||||
$team->setRelation('pivot', new Pivot(['role' => $role]));
|
||||
|
||||
$user = new User;
|
||||
$user->setRelation('teams', collect([$team]));
|
||||
$user->setRelation('pivot', new Pivot(['role' => $role]));
|
||||
|
||||
return $user;
|
||||
}
|
||||
|
||||
function serverPolicyServer(int $teamId): Server
|
||||
{
|
||||
$server = new Server;
|
||||
$server->setRawAttributes(['team_id' => $teamId], true);
|
||||
|
||||
return $server;
|
||||
}
|
||||
|
||||
test('server members cannot update or manage servers', function () {
|
||||
$policy = new ServerPolicy;
|
||||
$member = userWithServerRole(1, 'member');
|
||||
$server = serverPolicyServer(1);
|
||||
|
||||
expect($policy->update($member, $server))->toBeFalse()
|
||||
->and($policy->create($member))->toBeFalse()
|
||||
->and($policy->delete($member, $server))->toBeFalse()
|
||||
->and($policy->manageProxy($member, $server))->toBeFalse()
|
||||
->and($policy->manageSentinel($member, $server))->toBeFalse()
|
||||
->and($policy->manageCaCertificate($member, $server))->toBeFalse()
|
||||
->and($policy->viewSecurity($member, $server))->toBeFalse();
|
||||
});
|
||||
|
||||
test('server admins can update and manage servers in their team', function (string $role) {
|
||||
$policy = new ServerPolicy;
|
||||
$admin = userWithServerRole(1, $role);
|
||||
$server = serverPolicyServer(1);
|
||||
|
||||
expect($policy->update($admin, $server))->toBeTrue()
|
||||
->and($policy->create($admin))->toBeTrue()
|
||||
->and($policy->delete($admin, $server))->toBeTrue()
|
||||
->and($policy->manageProxy($admin, $server))->toBeTrue()
|
||||
->and($policy->manageSentinel($admin, $server))->toBeTrue()
|
||||
->and($policy->manageCaCertificate($admin, $server))->toBeTrue()
|
||||
->and($policy->viewSecurity($admin, $server))->toBeTrue();
|
||||
})->with(['admin', 'owner']);
|
||||
|
||||
test('server admins cannot update servers outside their team', function () {
|
||||
$policy = new ServerPolicy;
|
||||
$admin = userWithServerRole(2, 'admin');
|
||||
$server = serverPolicyServer(1);
|
||||
|
||||
expect($policy->update($admin, $server))->toBeFalse()
|
||||
->and($policy->delete($admin, $server))->toBeFalse()
|
||||
->and($policy->manageProxy($admin, $server))->toBeFalse();
|
||||
});
|
||||
Reference in New Issue
Block a user