fix: allow members with git providers permission to create and delete their own (#4713)

The canAccessToGitProviders legacy override only granted read access, so
members with the Git Providers toggle enabled could not add providers — the
create/delete endpoints require gitProviders.create / gitProviders.delete.
This mirrors how the SSH Keys toggle already grants read/create/delete.

The git-provider remove endpoint now restricts non owner/admin roles to
deleting only their own providers (matching the ownership model used for
visibility and sharing), while owner/admin can still delete any provider in
the organization.

Closes #4695
This commit is contained in:
Mauricio Siu
2026-06-30 15:57:50 -06:00
committed by GitHub
parent c2a95870f5
commit aa72091316
4 changed files with 59 additions and 0 deletions

View File

@@ -5,6 +5,7 @@ import {
updateGitProvider,
} from "@dokploy/server";
import { db } from "@dokploy/server/db";
import { findMemberByUserId } from "@dokploy/server/services/permission";
import { hasValidLicense } from "@dokploy/server/services/proprietary/license-key";
import { TRPCError } from "@trpc/server";
import { desc, eq, inArray } from "drizzle-orm";
@@ -144,6 +145,19 @@ export const gitProviderRouter = createTRPCRouter({
message: "You are not allowed to delete this Git provider",
});
}
const memberRecord = await findMemberByUserId(
ctx.user.id,
ctx.session.activeOrganizationId,
);
const isPrivileged =
memberRecord.role === "owner" || memberRecord.role === "admin";
if (!isPrivileged && gitProvider.userId !== ctx.session.userId) {
throw new TRPCError({
code: "UNAUTHORIZED",
message: "You can only delete your own Git providers",
});
}
await audit(ctx, {
action: "delete",
resourceType: "gitProvider",