From 092212e2258d004fe56e2b36ba857335c598df98 Mon Sep 17 00:00:00 2001
From: Mauricio Siu <siumauricio@icloud.com>
Date: Fri, 3 Apr 2026 22:56:25 -0600
Subject: [PATCH] feat(access-control): update certificate permissions to
 include 'update' action

- Modified the access control settings for the 'certificate' resource to allow 'update' permissions for admin and owner roles.
- Updated the certificate router to use the new permission structure for the update mutation.
---
 apps/dokploy/server/api/routers/certificate.ts | 2 +-
 packages/server/src/lib/access-control.ts      | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/apps/dokploy/server/api/routers/certificate.ts b/apps/dokploy/server/api/routers/certificate.ts
index df908c8b4..fb9085ffa 100644
--- a/apps/dokploy/server/api/routers/certificate.ts
+++ b/apps/dokploy/server/api/routers/certificate.ts
@@ -76,7 +76,7 @@ export const certificateRouter = createTRPCRouter({
 			where: eq(certificates.organizationId, ctx.session.activeOrganizationId),
 		});
 	}),
-	update: adminProcedure
+	update: withPermission("certificate", "update")
 		.input(apiUpdateCertificate)
 		.mutation(async ({ input, ctx }) => {
 			const certificate = await findCertificateById(input.certificateId);
diff --git a/packages/server/src/lib/access-control.ts b/packages/server/src/lib/access-control.ts
index 1289f4116..72a5a76af 100644
--- a/packages/server/src/lib/access-control.ts
+++ b/packages/server/src/lib/access-control.ts
@@ -37,7 +37,7 @@ export const statements = {
 	environmentEnvVars: ["read", "write"],
 	server: ["read", "create", "delete"],
 	registry: ["read", "create", "delete"],
-	certificate: ["read", "create", "delete"],
+	certificate: ["read", "create", "update", "delete"],
 	backup: ["read", "create", "update", "delete", "restore"],
 	volumeBackup: ["read", "create", "update", "delete", "restore"],
 	schedule: ["read", "create", "update", "delete"],
@@ -102,7 +102,7 @@ export const ownerRole = ac.newRole({
 	environmentEnvVars: ["read", "write"],
 	server: ["read", "create", "delete"],
 	registry: ["read", "create", "delete"],
-	certificate: ["read", "create", "delete"],
+	certificate: ["read", "create", "update", "delete"],
 	backup: ["read", "create", "update", "delete", "restore"],
 	volumeBackup: ["read", "create", "update", "delete", "restore"],
 	schedule: ["read", "create", "update", "delete"],
@@ -139,7 +139,7 @@ export const adminRole = ac.newRole({
 	environmentEnvVars: ["read", "write"],
 	server: ["read", "create", "delete"],
 	registry: ["read", "create", "delete"],
-	certificate: ["read", "create", "delete"],
+	certificate: ["read", "create", "update", "delete"],
 	backup: ["read", "create", "update", "delete", "restore"],
 	volumeBackup: ["read", "create", "update", "delete", "restore"],
 	schedule: ["read", "create", "update", "delete"],