Harleyoc1 · Harleyoc1 · Feb 19, 2026 · Feb 14, 2026 · Feb 14, 2026 · Feb 14, 2026
diff --git a/app/Attachments/AttachmentWriter.php b/app/Attachments/AttachmentWriter.php
@@ -2,7 +2,6 @@
 
 namespace App\Attachments;
 
-use Illuminate\Http\UploadedFile;
 use Livewire\Wireable;
 
 interface AttachmentWriter extends Wireable

diff --git a/app/Auth/Registration/Registrant.php b/app/Auth/Registration/Registrant.php
@@ -7,7 +7,7 @@ class Registrant
 
     public function __construct(
         private string $email,
-        private bool $isAdmin
+        private int $permissionLevel
     ) {
     }
 
@@ -16,9 +16,9 @@ public function getEmail(): string
         return $this->email;
     }
 
-    public function isAdmin(): bool
+    public function getPermissionLevel(): int
     {
-        return $this->isAdmin;
+        return $this->permissionLevel;
     }
 
 }
diff --git a/app/Auth/Registration/RegistrationTokenRepository.php b/app/Auth/Registration/RegistrationTokenRepository.php
@@ -58,7 +58,7 @@ private function createRecord(Registrant $registrant, #[\SensitiveParameter] str
     {
         return [
             'email' => $registrant->getEmail(),
-            'is_admin' => $registrant->isAdmin(),
+            'permission_level' => $registrant->getPermissionLevel(),
             'token' => Hash::make($token),
             'created_at' => new Carbon
         ];
@@ -81,7 +81,7 @@ private function tokenExpired($createdAt)
 
     private function readRecord($record): Registrant
     {
-        return new Registrant($record['email'], $record['is_admin']);
+        return new Registrant($record['email'], $record['permission_level']);
     }
 
     public function deleteExisting(string $email): bool

diff --git a/app/Http/Middleware/AdminAuthorization.php b/app/Http/Middleware/AdminAuthorization.php
@@ -0,0 +1,14 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use const App\Models\ADMIN_LEVEL;
+
+class AdminAuthorization extends PermissionLevelAuthorization
+{
+    protected function getRequiredLevel(): int
+    {
+        return ADMIN_LEVEL;
+    }
+
+}
diff --git a/app/Http/Middleware/BasicAuthorization.php b/app/Http/Middleware/BasicAuthorization.php
@@ -0,0 +1,43 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use App\Models\User;
+use Closure;
+use Illuminate\Http\Request;
+use Illuminate\Support\Facades\Hash;
+use Symfony\Component\HttpFoundation\Response;
+
+class BasicAuthorization
+{
+
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response)  $next
+     */
+    public function handle(Request $request, Closure $next): Response
+    {
+        if (!self::hasHeader($request) || !self::getAuthenticatedUser($request)) {
+            abort(Response::HTTP_UNAUTHORIZED);
+        }
+        return $next($request);
+    }
+
+    public static function hasHeader(Request $request): bool
+    {
+        return $request->hasHeader('Authorization');
+    }
+
+    public static function getAuthenticatedUser(Request $request): User|false
+    {
+        $credentials = base64_decode(substr($request->header('Authorization'), 6));
+        list($username, $password) = explode(':', $credentials);
+        $user = User::where('email', $username)->first();
+        if (isset($user) and Hash::check($password, $user->password)) {
+            return $user;
+        }
+        return false;
+    }
+
+}
diff --git a/app/Http/Middleware/IsAdminMiddleware.php b/app/Http/Middleware/IsAdminMiddleware.php
diff --git a/app/Http/Middleware/MavenEditorAuthorization.php b/app/Http/Middleware/MavenEditorAuthorization.php
@@ -0,0 +1,14 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use const App\Models\MAVEN_EDITOR_LEVEL;
+
+class MavenEditorAuthorization extends PermissionLevelAuthorization
+{
+    protected function getRequiredLevel(): int
+    {
+        return MAVEN_EDITOR_LEVEL;
+    }
+
+}
diff --git a/app/Http/Middleware/PermissionLevelAuthorization.php b/app/Http/Middleware/PermissionLevelAuthorization.php
@@ -0,0 +1,31 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+use Symfony\Component\HttpFoundation\Response;
+
+abstract class PermissionLevelAuthorization
+{
+    protected abstract function getRequiredLevel(): int;
+
+    /**
+     * Handle an incoming request.
+     *
+     * @param  \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response)  $next
+     */
+    public function handle(Request $request, Closure $next): Response
+    {
+        if (auth()->check()) {
+            $user = auth()->user();
+        } else {
+            // Fallback to basic Authorization if no standard auth
+            $user = BasicAuthorization::getAuthenticatedUser($request);
+        }
+        if (!isset($user) or !$user->hasPermission($this->getRequiredLevel())) {
+            abort(Response::HTTP_FORBIDDEN);
+        }
+        return $next($request);
+    }
+}
diff --git a/app/Livewire/Auth/Register.php b/app/Livewire/Auth/Register.php
@@ -12,6 +12,7 @@
 use Livewire\Attributes\Locked;
 use Livewire\Attributes\Title;
 use Livewire\Component;
+use const App\Models\USER_LEVEL;
 
 #[Title('Register')]
 #[Layout('components.layouts.auth')]
@@ -60,8 +61,8 @@ public function register(): void
         // Since the user needs a token to register, we can consider this an email verification
         $user->markEmailAsVerified();
 
-        if ($registrant->isAdmin()) {
-            $user->is_admin = true;
+        if ($registrant->getPermissionLevel() > USER_LEVEL) {
+            $user->permission_level = $registrant->getPermissionLevel();
             $user->save();
         }
         RegistrationTokenRepository::get()->deleteExisting($this->email);

diff --git a/app/Livewire/Maven/DirectoryIndex.php b/app/Livewire/Maven/DirectoryIndex.php
@@ -17,10 +17,13 @@ public function mount(?string $path = '')
     {
         $this->isRoot = $path == '';
         $this->path = $path;
-        if (!Storage::directoryExists("maven$path")) {
-            return redirect(route('maven.download', $path));
+        if (!Storage::disk('maven')->exists($path)) {
+            abort(404);
         }
-        $fullPath = Storage::path("maven/$path");
+        if (!Storage::disk('maven')->directoryExists($path)) {
+            return redirect(route('maven.download', substr($path, 1)));
+        }
+        $fullPath = Storage::disk('maven')->path($path);
         foreach (new DirectoryIterator($fullPath) as $file) {
             if ($file->isDot()) continue;
             $path = $file->getRealPath();

diff --git a/app/Livewire/Posts/EditPost.php b/app/Livewire/Posts/EditPost.php
@@ -4,7 +4,6 @@
 
 use App\Models\Post;
 use Illuminate\Validation\Rule;
-use Livewire\Attributes\Title;
 use Livewire\Component;
 use Throwable;
 

diff --git a/app/Livewire/Projects/EditProject.php b/app/Livewire/Projects/EditProject.php
@@ -3,7 +3,6 @@
 namespace App\Livewire\Projects;
 
 use App\Models\Project;
-use Illuminate\Http\UploadedFile;
 use Illuminate\Support\Facades\Log;
 use Illuminate\Validation\Rule;
 use Livewire\Component;

diff --git a/app/Livewire/Users/UserCell.php b/app/Livewire/Users/UserCell.php
@@ -7,19 +7,20 @@
 
 class UserCell extends Component
 {
+
     public User $user;
-    public bool $isAdmin;
+    public int $permissionLevel;
 
     public function mount(User $user)
     {
         $this->user = $user;
-        $this->isAdmin = $user->is_admin;
+        $this->permissionLevel = $user->permission_level;
     }
 
-    public function updateIsAdmin(): void
+    public function updatePermissionLevel(): void
     {
         $this->authorize('update', $this->user);
-        $this->user->is_admin = $this->isAdmin;
+        $this->user->permission_level = $this->permissionLevel;
         $this->user->save();
     }
 

diff --git a/app/Livewire/Users/UserIndex.php b/app/Livewire/Users/UserIndex.php
@@ -16,7 +16,7 @@ class UserIndex extends Component
     public $users;
 
     public string $newUserEmail = '';
-    public bool $newUserIsAdmin = false;
+    public int $newUserPermissionLevel = 0;
 
     public function mount(): void
     {
@@ -29,7 +29,7 @@ public function add(): void
             'newUserEmail' => ['required', 'string', 'lowercase', 'email', 'max:255', 'unique:'.User::class.',email']
         ]);
 
-        $token = RegistrationTokenRepository::get()->create(new Registrant($this->newUserEmail, $this->newUserIsAdmin));
+        $token = RegistrationTokenRepository::get()->create(new Registrant($this->newUserEmail, $this->newUserPermissionLevel));
 
         Mail::to($this->newUserEmail)->send(new Registration($this->newUserEmail, $token));
 
@@ -38,7 +38,7 @@ public function add(): void
         // Close modal and reset fields
         $this->modal('addUser')->close();
         $this->newUserEmail = '';
-        $this->newUserIsAdmin = false;
+        $this->newUserPermissionLevel = 0;
     }
 
 }
diff --git a/app/Models/User.php b/app/Models/User.php
@@ -8,6 +8,12 @@
 use Illuminate\Notifications\Notifiable;
 use Illuminate\Support\Str;
 
+const ADMIN_LEVEL = 2;
+const MAVEN_EDITOR_LEVEL = 1;
+const USER_LEVEL = 0;
+
+const PERMISSION_LEVEL_DISPLAY_NAMES = ['User', 'Maven Editor', 'Admin'];
+
 class User extends Authenticatable
 {
     /** @use HasFactory<\Database\Factories\UserFactory> */
@@ -58,4 +64,18 @@ public function initials(): string
             ->map(fn ($word) => Str::substr($word, 0, 1))
             ->implode('');
     }
+
+    public function hasPermission(int $level) {
+        return $this->permission_level >= $level;
+    }
+
+    public function isMavenEditor(): bool
+    {
+        return $this->permission_level >= MAVEN_EDITOR_LEVEL;
+    }
+
+    public function isAdmin(): bool
+    {
+        return $this->permission_level == ADMIN_LEVEL;
+    }
 }
diff --git a/app/Policies/PostPolicy.php b/app/Policies/PostPolicy.php
@@ -4,7 +4,6 @@
 
 use App\Models\Post;
 use App\Models\User;
-use Illuminate\Auth\Access\Response;
 
 /**
  * Post policy is quite simple at the moment: any users can view any posts, and admins can use any CRUD operation on
@@ -33,22 +32,22 @@ public function view(User $user, Post $post): bool
      */
     public function create(User $user): bool
     {
-        return isset($user) && $user->is_admin;
+        return isset($user) && $user->isAdmin();
     }
 
     /**
      * Determine whether the user can update the model.
      */
     public function update(User $user, Post $post): bool
     {
-        return isset($user) && $user->is_admin;
+        return isset($user) && $user->isAdmin();
     }
 
     /**
      * Determine whether the user can delete the model.
      */
     public function delete(User $user, Post $post): bool
     {
-        return isset($user) && $user->is_admin;
+        return isset($user) && $user->isAdmin();
     }
 }
diff --git a/app/Policies/ProjectPolicy.php b/app/Policies/ProjectPolicy.php
@@ -32,22 +32,22 @@ public function view(User $user, Project $project): bool
      */
     public function create(User $user): bool
     {
-        return isset($user) && $user->is_admin;
+        return isset($user) && $user->isAdmin();
     }
 
     /**
      * Determine whether the user can update the model.
      */
     public function update(User $user, Project $project): bool
     {
-        return isset($user) && $user->is_admin;
+        return isset($user) && $user->isAdmin();
     }
 
     /**
      * Determine whether the user can delete the model.
      */
     public function delete(User $user, Project $project): bool
     {
-        return isset($user) && $user->is_admin;
+        return isset($user) && $user->isAdmin();
     }
 }