references/dokploy
1
0
Fork 0
mirror of https://github.com/dokploy/dokploy.git synced 2026-06-13 19:09:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: implement audit logs and custom role management components

Browse Source 
- Added new components for displaying and managing audit logs, including a data table and filters for user actions.
- Introduced a custom roles management interface, allowing users to create and modify roles with specific permissions.
- Updated permission checks to ensure proper access control for audit logs and custom roles.
- Refactored existing components to integrate new functionality and improve user experience.
This commit is contained in:
Mauricio Siu
2026-03-16 11:13:24 -06:00
parent 72fb85f616
commit a4e9c6e890
9 changed files with 38 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files
apps/dokploy/__test__/permissions/resolve-permissions.test.ts
+19 -7
View File
@@ -88,16 +88,28 @@ describe("enterprise resources for static roles", () => {
}
});
it("member gets true for all enterprise resources", async () => {
it("member gets true for service-level enterprise resources", async () => {
memberToReturn = mockMemberData("member");
const perms = await resolvePermissions(ctx);
for (const resource of enterpriseOnlyResources) {
const actions = statements[resource as keyof typeof statements];
for (const action of actions) {
expect((perms as any)[resource][action]).toBe(true);
}
}
expect(perms.deployment.read).toBe(true);
expect(perms.deployment.create).toBe(true);
expect(perms.domain.read).toBe(true);
expect(perms.backup.read).toBe(true);
expect(perms.logs.read).toBe(true);
expect(perms.monitoring.read).toBe(true);
});
it("member gets false for org-level enterprise resources", async () => {
memberToReturn = mockMemberData("member");
const perms = await resolvePermissions(ctx);
expect(perms.server.read).toBe(false);
expect(perms.registry.read).toBe(false);
expect(perms.certificate.read).toBe(false);
expect(perms.destination.read).toBe(false);
expect(perms.notification.read).toBe(false);
expect(perms.auditLog.read).toBe(false);
});
});
apps/dokploy/components/dashboard/settings/audit-logs/columns.tsx → apps/dokploy/components/proprietary/audit-logs/columns.tsx
View File
apps/dokploy/components/dashboard/settings/audit-logs/data-table.tsx → apps/dokploy/components/proprietary/audit-logs/data-table.tsx
View File
apps/dokploy/components/dashboard/settings/audit-logs/show-audit-logs.tsx → apps/dokploy/components/proprietary/audit-logs/show-audit-logs.tsx
View File
apps/dokploy/components/dashboard/settings/users/manage-custom-roles.tsx → apps/dokploy/components/proprietary/roles/manage-custom-roles.tsx
View File
apps/dokploy/pages/dashboard/settings/audit-logs.tsx
+1 -1
View File
@@ -3,8 +3,8 @@ import { createServerSideHelpers } from "@trpc/react-query/server";
import type { GetServerSidePropsContext } from "next";
import type { ReactElement } from "react";
import superjson from "superjson";
import { ShowAuditLogs } from "@/components/dashboard/settings/audit-logs/show-audit-logs";
import { DashboardLayout } from "@/components/layouts/dashboard-layout";
import { ShowAuditLogs } from "@/components/proprietary/audit-logs/show-audit-logs";
import { appRouter } from "@/server/api/root";
const Page = () => {
apps/dokploy/pages/dashboard/settings/users.tsx
+2 -2
View File
@@ -3,10 +3,10 @@ import { createServerSideHelpers } from "@trpc/react-query/server";
import type { GetServerSidePropsContext } from "next";
import type { ReactElement } from "react";
import superjson from "superjson";
import { ManageCustomRoles } from "@/components/dashboard/settings/users/manage-custom-roles";
import { DashboardLayout } from "@/components/layouts/dashboard-layout";
import { ManageCustomRoles } from "@/components/proprietary/roles/manage-custom-roles";
import { ShowInvitations } from "@/components/dashboard/settings/users/show-invitations";
import { ShowUsers } from "@/components/dashboard/settings/users/show-users";
import { DashboardLayout } from "@/components/layouts/dashboard-layout";
import { appRouter } from "@/server/api/root";
import { api } from "@/utils/api";
packages/server/src/lib/access-control.ts
+13 -11
View File
@@ -168,21 +168,23 @@ export const memberRole = ac.newRole({
gitProviders: [],
traefikFiles: [],
api: [],
volume: [],
deployment: [],
envVars: [],
projectEnvVars: [],
environmentEnvVars: [],
// Service-level enterprise resources — member can do everything within services they have access to
volume: ["read", "create", "delete"],
deployment: ["read", "create", "cancel"],
envVars: ["read", "write"],
projectEnvVars: ["read", "write"],
environmentEnvVars: ["read", "write"],
backup: ["read", "create", "update", "delete", "restore"],
volumeBackup: ["read", "create", "update", "delete", "restore"],
schedule: ["read", "create", "update", "delete"],
domain: ["read", "create", "delete"],
logs: ["read"],
monitoring: ["read"],
// Org-level enterprise resources — member cannot manage these
server: [],
registry: [],
certificate: [],
backup: [],
volumeBackup: [],
schedule: [],
domain: [],
destination: [],
notification: [],
logs: [],
monitoring: [],
auditLog: [],
});
packages/server/src/services/permission.ts
+3 -2
View File
@@ -182,13 +182,14 @@ export const resolvePermissions = async (
const legacyOverrides =
memberRecord.role === "member" ? getLegacyOverrides(memberRecord) : {};
const isStaticRole = memberRecord.role in staticRoles;
const isPrivilegedRole =
memberRecord.role === "owner" || memberRecord.role === "admin";
const result = {} as ResolvedPermissions;
for (const [resource, actions] of Object.entries(statements)) {
const resourcePerms = {} as Record<string, boolean>;
for (const action of actions) {
if (isStaticRole && enterpriseOnlyResources.has(resource)) {
if (isPrivilegedRole && enterpriseOnlyResources.has(resource)) {
resourcePerms[action] = true;
continue;
}