mirror of
https://github.com/Dokploy/dokploy.git
synced 2026-07-04 13:35:22 +02:00
fix: scope dokploy-server schedules to organization instead of user (#4526)
* fix: scope dokploy-server schedules to organization instead of user Replaces userId with organizationId on the schedule table so that global (dokploy-server) schedules are shared across all owners and admins of the same organization, while remaining isolated between different organizations. Includes a data migration that backfills organizationId from the owner membership record for any existing dokploy-server schedules. Closes #4300 * [autofix.ci] apply automated fixes --------- Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
This commit is contained in:
committed by
Mauricio Siu
parent
30b3e1fe48
commit
c73632cbe0
@@ -75,7 +75,12 @@ export const scheduleRouter = createTRPCRouter({
|
||||
}
|
||||
}
|
||||
}
|
||||
const newSchedule = await createSchedule(input);
|
||||
const newSchedule = await createSchedule({
|
||||
...input,
|
||||
...(input.scheduleType === "dokploy-server" && {
|
||||
organizationId: ctx.session.activeOrganizationId,
|
||||
}),
|
||||
});
|
||||
|
||||
if (newSchedule?.enabled) {
|
||||
if (IS_CLOUD) {
|
||||
@@ -162,17 +167,6 @@ export const scheduleRouter = createTRPCRouter({
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
if (
|
||||
existingSchedule.scheduleType === "dokploy-server" &&
|
||||
existingSchedule.userId &&
|
||||
existingSchedule.userId !== ctx.user.id
|
||||
) {
|
||||
throw new TRPCError({
|
||||
code: "UNAUTHORIZED",
|
||||
message: "You can only manage your own host-level schedules.",
|
||||
});
|
||||
}
|
||||
}
|
||||
const updatedSchedule = await updateSchedule(input);
|
||||
|
||||
@@ -256,17 +250,6 @@ export const scheduleRouter = createTRPCRouter({
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
if (
|
||||
scheduleItem.scheduleType === "dokploy-server" &&
|
||||
scheduleItem.userId &&
|
||||
scheduleItem.userId !== ctx.user.id
|
||||
) {
|
||||
throw new TRPCError({
|
||||
code: "UNAUTHORIZED",
|
||||
message: "You can only manage your own host-level schedules.",
|
||||
});
|
||||
}
|
||||
}
|
||||
await deleteSchedule(input.scheduleId);
|
||||
|
||||
@@ -323,21 +306,27 @@ export const scheduleRouter = createTRPCRouter({
|
||||
}
|
||||
}
|
||||
|
||||
if (
|
||||
input.scheduleType === "dokploy-server" &&
|
||||
input.id !== ctx.user.id
|
||||
) {
|
||||
throw new TRPCError({
|
||||
code: "UNAUTHORIZED",
|
||||
message: "You can only list your own host-level schedules.",
|
||||
});
|
||||
if (input.scheduleType === "dokploy-server") {
|
||||
const member = await findMemberByUserId(
|
||||
ctx.user.id,
|
||||
ctx.session.activeOrganizationId,
|
||||
);
|
||||
if (member.role !== "owner" && member.role !== "admin") {
|
||||
throw new TRPCError({
|
||||
code: "FORBIDDEN",
|
||||
message: "Only owners and admins can list host-level schedules.",
|
||||
});
|
||||
}
|
||||
}
|
||||
}
|
||||
const where = {
|
||||
application: eq(schedules.applicationId, input.id),
|
||||
compose: eq(schedules.composeId, input.id),
|
||||
server: eq(schedules.serverId, input.id),
|
||||
"dokploy-server": eq(schedules.userId, input.id),
|
||||
"dokploy-server": eq(
|
||||
schedules.organizationId,
|
||||
ctx.session.activeOrganizationId,
|
||||
),
|
||||
};
|
||||
return db.query.schedules.findMany({
|
||||
where: where[input.scheduleType],
|
||||
@@ -376,17 +365,6 @@ export const scheduleRouter = createTRPCRouter({
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
if (
|
||||
schedule.scheduleType === "dokploy-server" &&
|
||||
schedule.userId &&
|
||||
schedule.userId !== ctx.user.id
|
||||
) {
|
||||
throw new TRPCError({
|
||||
code: "UNAUTHORIZED",
|
||||
message: "You don't have access to this schedule.",
|
||||
});
|
||||
}
|
||||
}
|
||||
return schedule;
|
||||
}),
|
||||
@@ -439,17 +417,6 @@ export const scheduleRouter = createTRPCRouter({
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
if (
|
||||
scheduleItem.scheduleType === "dokploy-server" &&
|
||||
scheduleItem.userId &&
|
||||
scheduleItem.userId !== ctx.user.id
|
||||
) {
|
||||
throw new TRPCError({
|
||||
code: "UNAUTHORIZED",
|
||||
message: "You can only manage your own host-level schedules.",
|
||||
});
|
||||
}
|
||||
}
|
||||
try {
|
||||
await runCommand(input.scheduleId);
|
||||
|
||||
Reference in New Issue
Block a user