escapeboy · escapeboy · May 4, 2026 · May 4, 2026
diff --git a/app/Livewire/Agents/CreateAgentForm.php b/app/Livewire/Agents/CreateAgentForm.php
@@ -11,6 +11,7 @@
 use App\Domain\Tool\Models\Tool;
 use App\Infrastructure\AI\Enums\ReasoningEffort;
 use App\Infrastructure\AI\Services\ProviderResolver;
+use Illuminate\Support\Facades\Gate;
 use Illuminate\Validation\Rule;
 use Livewire\Component;
 
@@ -137,6 +138,8 @@ protected function rules(): array
 
     public function save(): void
     {
+        Gate::authorize('edit-content');
+
         $this->validate();
 
         $team = auth()->user()->currentTeam;

diff --git a/app/Livewire/Agents/QuickAgentForm.php b/app/Livewire/Agents/QuickAgentForm.php
@@ -5,6 +5,7 @@
 use App\Domain\Agent\Actions\CreateAgentAction;
 use App\Domain\Project\Actions\CreateProjectAction;
 use App\Infrastructure\AI\Services\ProviderResolver;
+use Illuminate\Support\Facades\Gate;
 use Livewire\Component;
 
 class QuickAgentForm extends Component
@@ -41,6 +42,8 @@ protected function rules(): array
 
     public function save(): void
     {
+        Gate::authorize('edit-content');
+
         $this->validate();
 
         $team = auth()->user()->currentTeam;

diff --git a/app/Livewire/Chatbots/ChatbotDetailPage.php b/app/Livewire/Chatbots/ChatbotDetailPage.php
@@ -13,6 +13,7 @@
 use App\Domain\Chatbot\Models\ChatbotToken;
 use App\Domain\Workflow\Models\Workflow;
 use App\Infrastructure\AI\Services\ProviderResolver;
+use Illuminate\Support\Facades\Gate;
 use Livewire\Component;
 
 class ChatbotDetailPage extends Component
@@ -67,6 +68,8 @@ public function mount(Chatbot $chatbot): void
 
     public function toggleStatus(): void
     {
+        Gate::authorize('edit-content');
+
         app(ToggleChatbotStatusAction::class)->execute($this->chatbot);
         $this->chatbot->refresh();
         session()->flash('message', 'Chatbot status updated.');
@@ -94,6 +97,8 @@ public function cancelEdit(): void
 
     public function saveEdit(): void
     {
+        Gate::authorize('edit-content');
+
         $this->validate([
             'editName' => 'required|min:2|max:255',
             'editConfidenceThreshold' => 'required|numeric|min:0.1|max:1.0',
@@ -124,6 +129,8 @@ public function saveEdit(): void
 
     public function generateToken(): void
     {
+        Gate::authorize('edit-content');
+
         $this->validate([
             'newTokenName' => 'required|min:1|max:100',
         ]);
@@ -144,6 +151,8 @@ public function generateToken(): void
 
     public function revokeToken(string $tokenId): void
     {
+        Gate::authorize('edit-content');
+
         $token = ChatbotToken::where('id', $tokenId)
             ->where('chatbot_id', $this->chatbot->id)
             ->firstOrFail();
@@ -181,6 +190,8 @@ public function cancelTelegramForm(): void
 
     public function saveTelegramChannel(): void
     {
+        Gate::authorize('edit-content');
+
         $this->validate([
             'telegramBotToken' => 'required|string|min:10',
             'telegramWebhookSecret' => 'nullable|string|max:256',
@@ -211,6 +222,8 @@ public function saveTelegramChannel(): void
 
     public function toggleTelegramChannel(string $channelId): void
     {
+        Gate::authorize('edit-content');
+
         $channel = ChatbotChannel::where('id', $channelId)
             ->where('chatbot_id', $this->chatbot->id)
             ->firstOrFail();
@@ -220,6 +233,8 @@ public function toggleTelegramChannel(string $channelId): void
 
     public function deleteTelegramChannel(string $channelId): void
     {
+        Gate::authorize('edit-content');
+
         ChatbotChannel::where('id', $channelId)
             ->where('chatbot_id', $this->chatbot->id)
             ->delete();
@@ -229,6 +244,8 @@ public function deleteTelegramChannel(string $channelId): void
 
     public function delete(): void
     {
+        Gate::authorize('edit-content');
+
         app(DeleteChatbotAction::class)->execute($this->chatbot);
 
         session()->flash('message', 'Chatbot deleted.');

diff --git a/app/Livewire/Chatbots/CreateChatbotForm.php b/app/Livewire/Chatbots/CreateChatbotForm.php
@@ -6,6 +6,7 @@
 use App\Domain\Chatbot\Actions\CreateChatbotAction;
 use App\Domain\Chatbot\Enums\ChatbotType;
 use App\Infrastructure\AI\Services\ProviderResolver;
+use Illuminate\Support\Facades\Gate;
 use Livewire\Component;
 
 class CreateChatbotForm extends Component
@@ -58,6 +59,8 @@ protected function rules(): array
 
     public function save(): void
     {
+        Gate::authorize('edit-content');
+
         $this->validate();
 
         $team = auth()->user()->currentTeam;

diff --git a/app/Livewire/Credentials/CreateCredentialForm.php b/app/Livewire/Credentials/CreateCredentialForm.php
@@ -4,6 +4,7 @@
 
 use App\Domain\Credential\Actions\CreateCredentialAction;
 use App\Domain\Credential\Enums\CredentialType;
+use Illuminate\Support\Facades\Gate;
 use Livewire\Component;
 
 class CreateCredentialForm extends Component
@@ -120,6 +121,8 @@ public function removeCustomPair(int $index): void
 
     public function save(): void
     {
+        Gate::authorize('edit-content');
+
         $team = auth()->user()->currentTeam;
         $type = CredentialType::from($this->credentialType);
         $secretData = $this->buildSecretData($type);

diff --git a/app/Livewire/Credentials/CredentialDetailPage.php b/app/Livewire/Credentials/CredentialDetailPage.php
@@ -15,6 +15,7 @@
 use App\Domain\Credential\Models\Credential;
 use App\Domain\Credential\Models\CredentialVersion;
 use App\Domain\Project\Models\Project;
+use Illuminate\Support\Facades\Gate;
 use Livewire\Component;
 
 class CredentialDetailPage extends Component
@@ -66,6 +67,8 @@ public function mount(Credential $credential): void
 
     public function toggleStatus(): void
     {
+        Gate::authorize('edit-content');
+
         $newStatus = $this->credential->status === CredentialStatus::Active
             ? CredentialStatus::Disabled
             : CredentialStatus::Active;
@@ -76,6 +79,8 @@ public function toggleStatus(): void
 
     public function approveCredential(): void
     {
+        Gate::authorize('edit-content');
+
         $approvalRequest = ApprovalRequest::withoutGlobalScopes()
             ->where('credential_id', $this->credential->id)
             ->where('status', ApprovalStatus::Pending)
@@ -94,6 +99,8 @@ public function approveCredential(): void
 
     public function rejectCredential(string $reason = 'Rejected by reviewer'): void
     {
+        Gate::authorize('edit-content');
+
         $approvalRequest = ApprovalRequest::withoutGlobalScopes()
             ->where('credential_id', $this->credential->id)
             ->where('status', ApprovalStatus::Pending)
@@ -125,6 +132,8 @@ public function cancelEdit(): void
 
     public function save(): void
     {
+        Gate::authorize('edit-content');
+
         $this->validate([
             'editName' => 'required|min:2|max:255',
             'editDescription' => 'max:1000',
@@ -168,6 +177,8 @@ public function removeRotateCustomPair(int $index): void
 
     public function rotateSecret(): void
     {
+        Gate::authorize('edit-content');
+
         $type = $this->credential->credential_type;
 
         // Validate rotation based on type

diff --git a/app/Livewire/Crews/CreateCrewForm.php b/app/Livewire/Crews/CreateCrewForm.php
@@ -7,6 +7,7 @@
 use App\Domain\Crew\Actions\CreateCrewAction;
 use App\Domain\Crew\Actions\GenerateCrewFromPromptAction;
 use App\Domain\Crew\Enums\CrewProcessType;
+use Illuminate\Support\Facades\Gate;
 use Livewire\Component;
 
 class CreateCrewForm extends Component
@@ -64,6 +65,8 @@ protected function rules(): array
 
     public function generateFromPrompt(GenerateCrewFromPromptAction $action): void
     {
+        Gate::authorize('edit-content');
+
         $this->validate(['generatePrompt' => 'required|string|min:10']);
 
         $this->generating = true;
@@ -100,6 +103,8 @@ public function toggleWorker(string $agentId): void
 
     public function save(CreateCrewAction $action): void
     {
+        Gate::authorize('edit-content');
+
         $this->validate();
 
         try {

diff --git a/app/Livewire/Crews/CrewDetailPage.php b/app/Livewire/Crews/CrewDetailPage.php
@@ -9,6 +9,7 @@
 use App\Domain\Crew\Enums\CrewStatus;
 use App\Domain\Crew\Models\Crew;
 use App\Domain\Crew\Models\CrewMember;
+use Illuminate\Support\Facades\Gate;
 use Livewire\Component;
 
 class CrewDetailPage extends Component
@@ -59,6 +60,8 @@ public function mount(Crew $crew): void
 
     public function toggleStatus(): void
     {
+        Gate::authorize('edit-content');
+
         $newStatus = $this->crew->status === CrewStatus::Active
             ? CrewStatus::Archived
             : CrewStatus::Active;
@@ -69,6 +72,8 @@ public function toggleStatus(): void
 
     public function activate(): void
     {
+        Gate::authorize('edit-content');
+
         $this->crew->update(['status' => CrewStatus::Active]);
         $this->crew->refresh();
     }
@@ -134,6 +139,8 @@ public function startEditMemberPolicy(string $memberId): void
      */
     public function saveMemberPolicy(UpdateCrewAction $action): void
     {
+        Gate::authorize('edit-content');
+
         $this->validate([
             'editMemberMaxSteps' => 'nullable|integer|min:1|max:100',
             'editMemberMaxCredits' => 'nullable|integer|min:1|max:1000000',
@@ -168,6 +175,8 @@ public function cancelMemberPolicy(): void
 
     public function save(UpdateCrewAction $action): void
     {
+        Gate::authorize('edit-content');
+
         $teamId = auth()->user()->current_team_id;
 
         $this->validate([
@@ -203,6 +212,8 @@ public function save(UpdateCrewAction $action): void
 
     public function deleteCrew(): void
     {
+        Gate::authorize('edit-content');
+
         $this->crew->delete();
         session()->flash('message', 'Crew deleted.');
         $this->redirect(route('crews.index'));

diff --git a/app/Livewire/Email/EmailTemplateBuilderPage.php b/app/Livewire/Email/EmailTemplateBuilderPage.php
@@ -9,6 +9,7 @@
 use App\Domain\Email\Enums\EmailTemplateVisibility;
 use App\Domain\Email\Models\EmailTemplate;
 use App\Domain\Email\Models\EmailTheme;
+use Illuminate\Support\Facades\Gate;
 use Livewire\Component;
 
 class EmailTemplateBuilderPage extends Component
@@ -43,6 +44,8 @@ public function mount(EmailTemplate $template): void
 
     public function saveSettings(): void
     {
+        Gate::authorize('edit-content');
+
         $this->validate([
             'name' => 'required|min:2|max:255',
             'subject' => 'nullable|max:500',
@@ -67,6 +70,8 @@ public function saveSettings(): void
 
     public function save(string $html, string $designJsonStr): void
     {
+        Gate::authorize('edit-content');
+
         $designJson = json_decode($designJsonStr, true) ?? [];
 
         app(RenderEmailTemplateAction::class)->execute($this->template, $html, $designJson);
@@ -79,6 +84,8 @@ public function save(string $html, string $designJsonStr): void
 
     public function deleteTemplate(): void
     {
+        Gate::authorize('edit-content');
+
         app(DeleteEmailTemplateAction::class)->execute($this->template);
 
         session()->flash('message', 'Template deleted.');

diff --git a/app/Livewire/Email/EmailThemeDetailPage.php b/app/Livewire/Email/EmailThemeDetailPage.php
@@ -7,6 +7,7 @@
 use App\Domain\Email\Enums\EmailThemeStatus;
 use App\Domain\Email\Models\EmailTheme;
 use App\Domain\Shared\Models\Team;
+use Illuminate\Support\Facades\Gate;
 use Livewire\Component;
 
 class EmailThemeDetailPage extends Component
@@ -100,6 +101,8 @@ public function cancelEdit(): void
 
     public function save(): void
     {
+        Gate::authorize('edit-content');
+
         $this->validate([
             'editName' => 'required|min:2|max:255',
             'editStatus' => 'required|in:draft,active,archived',
@@ -158,6 +161,8 @@ public function save(): void
 
     public function setAsDefault(): void
     {
+        Gate::authorize('edit-content');
+
         $team = auth()->user()->currentTeam;
 
         Team::withoutGlobalScopes()
@@ -169,6 +174,8 @@ public function setAsDefault(): void
 
     public function deleteTheme(): void
     {
+        Gate::authorize('edit-content');
+
         app(DeleteEmailThemeAction::class)->execute($this->theme);
 
         session()->flash('message', 'Email theme deleted.');

diff --git a/app/Livewire/GitRepositories/CreateGitRepositoryForm.php b/app/Livewire/GitRepositories/CreateGitRepositoryForm.php
@@ -6,6 +6,7 @@
 use App\Domain\GitRepository\Actions\CreateGitRepositoryAction;
 use App\Domain\GitRepository\Enums\GitProvider;
 use App\Domain\GitRepository\Enums\GitRepoMode;
+use Illuminate\Support\Facades\Gate;
 use Illuminate\Validation\Rule;
 use Livewire\Component;
 
@@ -79,6 +80,8 @@ public function prevStep(): void
 
     public function save(): void
     {
+        Gate::authorize('edit-content');
+
         $this->validate([
             'name' => 'required|min:2|max:255',
             'url' => 'required|max:2048',

diff --git a/app/Livewire/Integrations/IntegrationDetailPage.php b/app/Livewire/Integrations/IntegrationDetailPage.php
@@ -12,6 +12,7 @@
 use App\Domain\Tool\Enums\ToolStatus;
 use App\Domain\Tool\Models\Tool;
 use Carbon\Carbon;
+use Illuminate\Support\Facades\Gate;
 use Livewire\Component;
 
 class IntegrationDetailPage extends Component
@@ -75,6 +76,8 @@ public function reconnect(OAuthConnectAction $action): mixed
 
     public function disconnect(DisconnectIntegrationAction $action): void
     {
+        Gate::authorize('edit-content');
+
         $action->execute($this->integration);
         session()->flash('message', 'Integration disconnected.');
         $this->redirect(route('integrations.index'), navigate: true);
@@ -85,6 +88,8 @@ public function disconnect(DisconnectIntegrationAction $action): void
      */
     public function syncNow(SyncActivepiecesToolsAction $action): void
     {
+        Gate::authorize('edit-content');
+
         if ($this->integration->getAttribute('driver') !== 'activepieces') {
             return;
         }