mirror of
https://github.com/Dokploy/dokploy.git
synced 2026-07-18 12:25:25 +02:00
Compare commits
1 Commits
v0.29.11
...
fix/member
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
81adbcb8f9 |
@@ -183,4 +183,29 @@ describe("legacy boolean overrides for member", () => {
|
|||||||
memberToReturn = mockMemberData("member");
|
memberToReturn = mockMemberData("member");
|
||||||
await expect(checkPermission(ctx, { docker: ["read"] })).rejects.toThrow();
|
await expect(checkPermission(ctx, { docker: ["read"] })).rejects.toThrow();
|
||||||
});
|
});
|
||||||
|
|
||||||
|
it("member passes gitProviders.create with canAccessToGitProviders=true", async () => {
|
||||||
|
memberToReturn = mockMemberData("member", {
|
||||||
|
canAccessToGitProviders: true,
|
||||||
|
});
|
||||||
|
await expect(
|
||||||
|
checkPermission(ctx, { gitProviders: ["create"] }),
|
||||||
|
).resolves.toBeUndefined();
|
||||||
|
});
|
||||||
|
|
||||||
|
it("member passes gitProviders.delete with canAccessToGitProviders=true", async () => {
|
||||||
|
memberToReturn = mockMemberData("member", {
|
||||||
|
canAccessToGitProviders: true,
|
||||||
|
});
|
||||||
|
await expect(
|
||||||
|
checkPermission(ctx, { gitProviders: ["delete"] }),
|
||||||
|
).resolves.toBeUndefined();
|
||||||
|
});
|
||||||
|
|
||||||
|
it("member fails gitProviders.create with canAccessToGitProviders=false", async () => {
|
||||||
|
memberToReturn = mockMemberData("member");
|
||||||
|
await expect(
|
||||||
|
checkPermission(ctx, { gitProviders: ["create"] }),
|
||||||
|
).rejects.toThrow();
|
||||||
|
});
|
||||||
});
|
});
|
||||||
|
|||||||
@@ -143,6 +143,24 @@ describe("free-tier resources for member", () => {
|
|||||||
const perms = await resolvePermissions(ctx);
|
const perms = await resolvePermissions(ctx);
|
||||||
expect(perms.docker.read).toBe(true);
|
expect(perms.docker.read).toBe(true);
|
||||||
});
|
});
|
||||||
|
|
||||||
|
it("member gets gitProviders create/delete=false without legacy override", async () => {
|
||||||
|
memberToReturn = mockMemberData("member");
|
||||||
|
const perms = await resolvePermissions(ctx);
|
||||||
|
expect(perms.gitProviders.read).toBe(false);
|
||||||
|
expect(perms.gitProviders.create).toBe(false);
|
||||||
|
expect(perms.gitProviders.delete).toBe(false);
|
||||||
|
});
|
||||||
|
|
||||||
|
it("member gets gitProviders read/create/delete=true with canAccessToGitProviders", async () => {
|
||||||
|
memberToReturn = mockMemberData("member", {
|
||||||
|
canAccessToGitProviders: true,
|
||||||
|
});
|
||||||
|
const perms = await resolvePermissions(ctx);
|
||||||
|
expect(perms.gitProviders.read).toBe(true);
|
||||||
|
expect(perms.gitProviders.create).toBe(true);
|
||||||
|
expect(perms.gitProviders.delete).toBe(true);
|
||||||
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
describe("free-tier resources for owner", () => {
|
describe("free-tier resources for owner", () => {
|
||||||
|
|||||||
@@ -5,6 +5,7 @@ import {
|
|||||||
updateGitProvider,
|
updateGitProvider,
|
||||||
} from "@dokploy/server";
|
} from "@dokploy/server";
|
||||||
import { db } from "@dokploy/server/db";
|
import { db } from "@dokploy/server/db";
|
||||||
|
import { findMemberByUserId } from "@dokploy/server/services/permission";
|
||||||
import { hasValidLicense } from "@dokploy/server/services/proprietary/license-key";
|
import { hasValidLicense } from "@dokploy/server/services/proprietary/license-key";
|
||||||
import { TRPCError } from "@trpc/server";
|
import { TRPCError } from "@trpc/server";
|
||||||
import { desc, eq, inArray } from "drizzle-orm";
|
import { desc, eq, inArray } from "drizzle-orm";
|
||||||
@@ -144,6 +145,19 @@ export const gitProviderRouter = createTRPCRouter({
|
|||||||
message: "You are not allowed to delete this Git provider",
|
message: "You are not allowed to delete this Git provider",
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
const memberRecord = await findMemberByUserId(
|
||||||
|
ctx.user.id,
|
||||||
|
ctx.session.activeOrganizationId,
|
||||||
|
);
|
||||||
|
const isPrivileged =
|
||||||
|
memberRecord.role === "owner" || memberRecord.role === "admin";
|
||||||
|
if (!isPrivileged && gitProvider.userId !== ctx.session.userId) {
|
||||||
|
throw new TRPCError({
|
||||||
|
code: "UNAUTHORIZED",
|
||||||
|
message: "You can only delete your own Git providers",
|
||||||
|
});
|
||||||
|
}
|
||||||
await audit(ctx, {
|
await audit(ctx, {
|
||||||
action: "delete",
|
action: "delete",
|
||||||
resourceType: "gitProvider",
|
resourceType: "gitProvider",
|
||||||
|
|||||||
@@ -170,6 +170,8 @@ const getLegacyOverrides = (
|
|||||||
},
|
},
|
||||||
gitProviders: {
|
gitProviders: {
|
||||||
read: !!memberRecord.canAccessToGitProviders,
|
read: !!memberRecord.canAccessToGitProviders,
|
||||||
|
create: !!memberRecord.canAccessToGitProviders,
|
||||||
|
delete: !!memberRecord.canAccessToGitProviders,
|
||||||
},
|
},
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|||||||
Reference in New Issue
Block a user