* better oauth provider loading
* add auth frontend
* add configs for all default providers
* add more default providers
* add env variables to enable oauth providers
* small refactor to link/ unlink routes
* add oauth tab to (admin) profile
* use redirects instead of exceptions
* add notification if no oauth user is found
* use import in config
* remove whmcs provider
* replace hardcoded links with `route`
* redirect to account page on unlink
* remove unnecessary controller and handle linking/ unlinking in action
* only show oauth tab if at least one oauth provider is enabled
* remove `guard_name` from api and add id to transformer
* disallow update/ delete for root admin role via api
* disallow assigning root admin via api
* add api to remove user roles
* fix assignRoles & removeRoles
* add spatie/permissions
* add policies
* add role resource
* add root admin role handling
* replace some "root_admin" with function
* add model specific permissions
* make permission selection nicer
* fix user creation
* fix tests
* add back subuser checks in server policy
* add custom model for role
* assign new users to role if root_admin is set
* add api for roles
* fix phpstan
* add permissions for settings page
* remove "restore" and "forceDelete" permissions
* add user count to list
* prevent deletion if role has users
* update user list
* fix server policy
* remove old `root_admin` column
* small refactor
* fix tests
* forgot can checks here
* forgot use
* disable editing own roles & disable assigning root admin
* don't allow to rename root admin role
* remove php bombing exception handler
* fix role assignment when creating a user
* fix disableOptionWhen
* fix missing `root_admin` attribute on react frontend
* add permission check for bulk delete
* rename viewAny to viewList
* improve canAccessPanel check
* fix admin not displaying for non-root admins
* make sure non root admins can't edit root admins
* fix import
* fix settings page permission check
* fix server permissions for non-subusers
* fix settings page permission check v2
* small cleanup
* cleanup config file
* move consts from resouce into enum & model
* Update database/migrations/2024_08_01_114538_remove_root_admin_column.php
Co-authored-by: Lance Pioch <lancepioch@gmail.com>
* fix config
* fix phpstan
* fix phpstan 2.0
---------
Co-authored-by: Lance Pioch <lancepioch@gmail.com>
* simplify setup command
* add installer page
* add route for installer
* adjust gitignore
* set colors globally
* add "unsaved data changes" alert
* add helper method to check if panel is installed
* make nicer
* redis username isn't required
* bring back db settings command
* store current date in "installed" file
* only redirect if install was successfull
* remove fpm requirement
* change "installed" marker to env variable
* improve requirements step
* add commands to change cache, queue or session drivers respectively
* removed `grouped` for better mobile view
* remove old settings stuff
* add basic settings page
* add some settings
* add "test mail" button
* fix mail fields not updating
* fix phpstan
* fix default for "top navigation"
* force toggle buttons to be bool
* force toggle to be bool
* add class to view to allow customization
* add mailgun settings
* add notification settings
* add timeout settings
* organize tabs into sub-functions
* add more settings
* add backup settings
* add sections to mail settings
* add setting for trusted_proxies
* fix unsaved data alert not showing
* fix clear action
* Fix clear action v2
TagsInput expects an array, not a string, fails on saving when using `''`
* Add App favicon
* Remove defaults, collapse misc sections
* Move Save btn, Add API rate limit
* small cleanup
---------
Co-authored-by: notCharles <charles@pelican.dev>
* add application api endpoints for mounts
* run pint
* add mounts resource to api key
* add includes to mount transformer
* forgot delete route for mount itself
* add migration for "r_mounts" column
* add mounts to testcase api key
* add application api endpoints for database hosts
* run pint
* forgot to lint this one
* Update app/Http/Controllers/Api/Application/DatabaseHosts/DatabaseHostController.php
Co-authored-by: Devonte W <devnote.dev75@gmail.com>
* Update routes/api-application.php
Co-authored-by: Devonte W <devnote.dev75@gmail.com>
* rename all "databaseHost" to "database_host"
---------
Co-authored-by: Devonte W <devnote.dev75@gmail.com>
Changes the API internals to use normal Laravel binding which automatically supports nested-models and can determine their relationships. This removes a lot of confusingly complex internal logic and replaces it with standard Laravel code.
This also removes a deprecated "getModel" method and fully replaces it with a "parameter" method that does stricter type-checking.
Prior to this fix certain resources were accessible even when their assigned server was not the same as the server in the URL. This causes the resource server relationship to not match the server variable present on the request.
Due to this failed logic it was possible for users to access resources they should not have been able to access otherwise for some areas of the panel.
