mirror of
https://github.com/Dokploy/dokploy.git
synced 2026-07-06 06:25:28 +02:00
feat: add accessedServers permission handling and server access validation
- Introduced `accessedServers` field in user permissions schema and member table. - Implemented server access validation across various API routers to ensure users can only access permitted servers. - Added a new query to fetch accessible server IDs based on user roles and licenses. - Updated UI components to support server selection in user permissions.
This commit is contained in:
@@ -20,6 +20,7 @@ import {
|
||||
stopService,
|
||||
stopServiceRemote,
|
||||
updatePostgresById,
|
||||
getAccessibleServerIds,
|
||||
} from "@dokploy/server";
|
||||
import { db } from "@dokploy/server/db";
|
||||
import {
|
||||
@@ -74,6 +75,17 @@ export const postgresRouter = createTRPCRouter({
|
||||
message: "You are not authorized to access this project",
|
||||
});
|
||||
}
|
||||
|
||||
if (input.serverId) {
|
||||
const accessibleIds = await getAccessibleServerIds(ctx.session);
|
||||
if (!accessibleIds.has(input.serverId)) {
|
||||
throw new TRPCError({
|
||||
code: "UNAUTHORIZED",
|
||||
message: "You are not authorized to access this server",
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
const newPostgres = await createPostgres({
|
||||
...input,
|
||||
});
|
||||
|
||||
Reference in New Issue
Block a user