From 6bc1d86009f412a326a1e07e1f0fac17522b1fc6 Mon Sep 17 00:00:00 2001 From: Codex Agent Date: Wed, 28 Jan 2026 18:34:12 +0100 Subject: [PATCH] Tighten support API resource mutations --- config/support-api.php | 107 +++++++++++++++++++++++++++++++++++------ 1 file changed, 91 insertions(+), 16 deletions(-) diff --git a/config/support-api.php b/config/support-api.php index fc8ade4..6bfb2ea 100644 --- a/config/support-api.php +++ b/config/support-api.php @@ -70,21 +70,36 @@ return [ 'read' => ['support:read'], 'write' => ['support:write'], ], + 'mutations' => [ + 'create' => false, + 'update' => true, + 'delete' => false, + ], ], 'events' => [ 'model' => Event::class, 'search' => ['name', 'slug'], + 'read_only' => true, 'abilities' => [ 'read' => ['support:read'], - 'write' => ['support:write'], + ], + 'mutations' => [ + 'create' => false, + 'update' => false, + 'delete' => false, ], ], 'event-types' => [ 'model' => EventType::class, 'search' => ['name', 'slug'], + 'read_only' => true, 'abilities' => [ 'read' => ['support:read'], - 'write' => ['support:write'], + ], + 'mutations' => [ + 'create' => false, + 'update' => false, + 'delete' => false, ], ], 'photos' => [ @@ -122,17 +137,27 @@ return [ 'packages' => [ 'model' => Package::class, 'search' => ['name', 'slug'], + 'read_only' => true, 'abilities' => [ 'read' => ['support:billing'], - 'write' => ['support:billing'], + ], + 'mutations' => [ + 'create' => false, + 'update' => false, + 'delete' => false, ], ], 'package-addons' => [ 'model' => PackageAddon::class, 'search' => ['name', 'slug'], + 'read_only' => true, 'abilities' => [ 'read' => ['support:billing'], - 'write' => ['support:billing'], + ], + 'mutations' => [ + 'create' => false, + 'update' => false, + 'delete' => false, ], ], 'tenant-packages' => [ @@ -146,17 +171,27 @@ return [ 'coupons' => [ 'model' => Coupon::class, 'search' => ['code', 'name'], + 'read_only' => true, 'abilities' => [ 'read' => ['support:billing'], - 'write' => ['support:billing'], + ], + 'mutations' => [ + 'create' => false, + 'update' => false, + 'delete' => false, ], ], 'gift-vouchers' => [ 'model' => GiftVoucher::class, 'search' => ['code', 'email'], + 'read_only' => true, 'abilities' => [ 'read' => ['support:billing'], - 'write' => ['support:billing'], + ], + 'mutations' => [ + 'create' => false, + 'update' => false, + 'delete' => false, ], ], 'tenant-feedback' => [ @@ -175,25 +210,40 @@ return [ 'tenant-announcements' => [ 'model' => TenantAnnouncement::class, 'search' => ['title', 'body'], + 'read_only' => true, 'abilities' => [ 'read' => ['support:read'], - 'write' => ['support:write'], + ], + 'mutations' => [ + 'create' => false, + 'update' => false, + 'delete' => false, ], ], 'media-storage-targets' => [ 'model' => MediaStorageTarget::class, 'search' => ['name', 'driver'], + 'read_only' => true, 'abilities' => [ 'read' => ['support:ops'], - 'write' => ['support:ops'], + ], + 'mutations' => [ + 'create' => false, + 'update' => false, + 'delete' => false, ], ], 'retention-overrides' => [ 'model' => RetentionOverride::class, 'search' => ['id'], + 'read_only' => true, 'abilities' => [ 'read' => ['support:ops'], - 'write' => ['support:ops'], + ], + 'mutations' => [ + 'create' => false, + 'update' => false, + 'delete' => false, ], ], 'data-exports' => [ @@ -225,54 +275,79 @@ return [ 'legal-pages' => [ 'model' => LegalPage::class, 'search' => ['slug', 'title'], + 'read_only' => true, 'abilities' => [ 'read' => ['support:content'], - 'write' => ['support:content'], ], 'mutations' => [ 'create' => false, - 'update' => true, + 'update' => false, 'delete' => false, ], ], 'blog-categories' => [ 'model' => BlogCategory::class, 'search' => ['name', 'slug'], + 'read_only' => true, 'abilities' => [ 'read' => ['support:content'], - 'write' => ['support:content'], + ], + 'mutations' => [ + 'create' => false, + 'update' => false, + 'delete' => false, ], ], 'blog-posts' => [ 'model' => BlogPost::class, 'search' => ['title', 'slug'], + 'read_only' => true, 'abilities' => [ 'read' => ['support:content'], - 'write' => ['support:content'], + ], + 'mutations' => [ + 'create' => false, + 'update' => false, + 'delete' => false, ], ], 'emotions' => [ 'model' => Emotion::class, 'search' => ['name', 'slug'], + 'read_only' => true, 'abilities' => [ 'read' => ['support:content'], - 'write' => ['support:content'], + ], + 'mutations' => [ + 'create' => false, + 'update' => false, + 'delete' => false, ], ], 'tasks' => [ 'model' => Task::class, 'search' => ['title'], + 'read_only' => true, 'abilities' => [ 'read' => ['support:read'], - 'write' => ['support:write'], + ], + 'mutations' => [ + 'create' => false, + 'update' => false, + 'delete' => false, ], ], 'task-collections' => [ 'model' => TaskCollection::class, 'search' => ['name'], + 'read_only' => true, 'abilities' => [ 'read' => ['support:read'], - 'write' => ['support:write'], + ], + 'mutations' => [ + 'create' => false, + 'update' => false, + 'delete' => false, ], ], 'super-admin-action-logs' => [