mirror of
https://github.com/Dokploy/dokploy.git
synced 2026-07-01 20:15:29 +02:00
- Introduced new test files for permission checks, including `check-permission.test.ts`, `enterprise-only-resources.test.ts`, `resolve-permissions.test.ts`, and `service-access.test.ts`. - Implemented permission checks in various components to ensure actions are gated by user permissions, including `ShowTraefikConfig`, `UpdateTraefikConfig`, `ShowVolumes`, `ShowDomains`, and others. - Enhanced the logic for displaying UI elements based on user permissions, ensuring that only authorized users can access or modify resources.
78 lines
2.3 KiB
TypeScript
78 lines
2.3 KiB
TypeScript
import {
|
|
createCertificate,
|
|
findCertificateById,
|
|
IS_CLOUD,
|
|
removeCertificateById,
|
|
} from "@dokploy/server";
|
|
import { db } from "@dokploy/server/db";
|
|
import { TRPCError } from "@trpc/server";
|
|
import { eq } from "drizzle-orm";
|
|
import { audit } from "@/server/api/utils/audit";
|
|
import { createTRPCRouter, withPermission } from "@/server/api/trpc";
|
|
import {
|
|
apiCreateCertificate,
|
|
apiFindCertificate,
|
|
certificates,
|
|
} from "@/server/db/schema";
|
|
|
|
export const certificateRouter = createTRPCRouter({
|
|
create: withPermission("certificate", "create")
|
|
.input(apiCreateCertificate)
|
|
.mutation(async ({ input, ctx }) => {
|
|
if (IS_CLOUD && !input.serverId) {
|
|
throw new TRPCError({
|
|
code: "UNAUTHORIZED",
|
|
message: "Please set a server to create a certificate",
|
|
});
|
|
}
|
|
const cert = await createCertificate(
|
|
input,
|
|
ctx.session.activeOrganizationId,
|
|
);
|
|
await audit(ctx, {
|
|
action: "create",
|
|
resourceType: "certificate",
|
|
resourceId: cert.certificateId,
|
|
resourceName: cert.name,
|
|
});
|
|
return cert;
|
|
}),
|
|
|
|
one: withPermission("certificate", "read")
|
|
.input(apiFindCertificate)
|
|
.query(async ({ input, ctx }) => {
|
|
const certificates = await findCertificateById(input.certificateId);
|
|
if (certificates.organizationId !== ctx.session.activeOrganizationId) {
|
|
throw new TRPCError({
|
|
code: "UNAUTHORIZED",
|
|
message: "You are not allowed to access this certificate",
|
|
});
|
|
}
|
|
return certificates;
|
|
}),
|
|
remove: withPermission("certificate", "delete")
|
|
.input(apiFindCertificate)
|
|
.mutation(async ({ input, ctx }) => {
|
|
const certificates = await findCertificateById(input.certificateId);
|
|
if (certificates.organizationId !== ctx.session.activeOrganizationId) {
|
|
throw new TRPCError({
|
|
code: "UNAUTHORIZED",
|
|
message: "You are not allowed to delete this certificate",
|
|
});
|
|
}
|
|
await audit(ctx, {
|
|
action: "delete",
|
|
resourceType: "certificate",
|
|
resourceId: certificates.certificateId,
|
|
resourceName: certificates.name,
|
|
});
|
|
await removeCertificateById(input.certificateId);
|
|
return true;
|
|
}),
|
|
all: withPermission("certificate", "read").query(async ({ ctx }) => {
|
|
return await db.query.certificates.findMany({
|
|
where: eq(certificates.organizationId, ctx.session.activeOrganizationId),
|
|
});
|
|
}),
|
|
});
|