mirror of
https://github.com/Dokploy/dokploy.git
synced 2026-07-15 10:55:23 +02:00
feat: add accessedServers permission handling and server access validation
- Introduced `accessedServers` field in user permissions schema and member table. - Implemented server access validation across various API routers to ensure users can only access permitted servers. - Added a new query to fetch accessible server IDs based on user roles and licenses. - Updated UI components to support server selection in user permissions.
This commit is contained in:
@@ -1,11 +1,13 @@
|
||||
import { db } from "@dokploy/server/db";
|
||||
import {
|
||||
type apiCreateServer,
|
||||
member,
|
||||
organization,
|
||||
server,
|
||||
} from "@dokploy/server/db/schema";
|
||||
import { hasValidLicense } from "@dokploy/server/services/proprietary/license-key";
|
||||
import { TRPCError } from "@trpc/server";
|
||||
import { eq } from "drizzle-orm";
|
||||
import { and, eq } from "drizzle-orm";
|
||||
import type { z } from "zod";
|
||||
|
||||
export type Server = typeof server.$inferSelect;
|
||||
@@ -130,3 +132,37 @@ export const getAllServers = async () => {
|
||||
const servers = await db.query.server.findMany();
|
||||
return servers;
|
||||
};
|
||||
|
||||
export const getAccessibleServerIds = async (session: {
|
||||
userId: string;
|
||||
activeOrganizationId: string;
|
||||
}): Promise<Set<string>> => {
|
||||
const { userId, activeOrganizationId } = session;
|
||||
|
||||
const allOrgServers = await db.query.server.findMany({
|
||||
where: eq(server.organizationId, activeOrganizationId),
|
||||
columns: {
|
||||
serverId: true,
|
||||
},
|
||||
});
|
||||
|
||||
const memberRecord = await db.query.member.findFirst({
|
||||
where: and(
|
||||
eq(member.userId, userId),
|
||||
eq(member.organizationId, activeOrganizationId),
|
||||
),
|
||||
columns: { accessedServers: true, role: true },
|
||||
});
|
||||
|
||||
if (memberRecord?.role === "owner" || memberRecord?.role === "admin") {
|
||||
return new Set(allOrgServers.map((s) => s.serverId));
|
||||
}
|
||||
|
||||
const licensed = await hasValidLicense(activeOrganizationId);
|
||||
|
||||
if (!licensed) {
|
||||
return new Set(allOrgServers.map((s) => s.serverId));
|
||||
}
|
||||
|
||||
return new Set(memberRecord?.accessedServers ?? []);
|
||||
};
|
||||
|
||||
Reference in New Issue
Block a user