From 1e7a6f2071b209cec7797a1fd89985a5eeec8103 Mon Sep 17 00:00:00 2001
From: Mauricio Siu <siumauricio@icloud.com>
Date: Sun, 15 Mar 2026 23:33:20 -0600
Subject: [PATCH] refactor: update custom role handling in API

- Replaced the delete operation with an update for organization roles, ensuring existing roles are modified instead of removed.
- Adjusted the return value to reflect the updated role instead of a newly created entry.
- Reintroduced the audit logging functionality for role updates.
---
 .../api/routers/proprietary/custom-role.ts    | 22 ++++++++-----------
 1 file changed, 9 insertions(+), 13 deletions(-)

diff --git a/apps/dokploy/server/api/routers/proprietary/custom-role.ts b/apps/dokploy/server/api/routers/proprietary/custom-role.ts
index c1ec8ba8b..ed97a25c0 100644
--- a/apps/dokploy/server/api/routers/proprietary/custom-role.ts
+++ b/apps/dokploy/server/api/routers/proprietary/custom-role.ts
@@ -1,7 +1,6 @@
 import { db } from "@dokploy/server/db";
 import { member, organizationRole, user } from "@dokploy/server/db/schema";
 import { statements } from "@dokploy/server/lib/access-control";
-import { audit } from "../../utils/audit";
 import { TRPCError } from "@trpc/server";
 import { and, count, eq } from "drizzle-orm";
 import { z } from "zod";
@@ -10,6 +9,7 @@ import {
 	enterpriseProcedure,
 	protectedProcedure,
 } from "../../trpc";
+import { audit } from "../../utils/audit";
 
 const permissionsSchema = z.record(z.string(), z.array(z.string()));
 
@@ -182,8 +182,12 @@ export const customRoleRouter = createTRPCRouter({
 
 			validatePermissions(input.permissions);
 
-			await db
-				.delete(organizationRole)
+			const [updated] = await db
+				.update(organizationRole)
+				.set({
+					role: effectiveRoleName,
+					permission: JSON.stringify(input.permissions),
+				})
 				.where(
 					and(
 						eq(
@@ -192,15 +196,7 @@ export const customRoleRouter = createTRPCRouter({
 						),
 						eq(organizationRole.role, input.roleName),
 					),
-				);
-
-			const [created] = await db
-				.insert(organizationRole)
-				.values({
-					organizationId: ctx.session.activeOrganizationId,
-					role: effectiveRoleName,
-					permission: JSON.stringify(input.permissions),
-				})
+				)
 				.returning();
 
 			await audit(ctx, {
@@ -208,7 +204,7 @@ export const customRoleRouter = createTRPCRouter({
 				resourceType: "customRole",
 				resourceName: effectiveRoleName,
 			});
-			return created;
+			return updated;
 		}),
 
 	remove: enterpriseProcedure