refactor: update user permissions and API queries

apps/dokploy/components/dashboard/settings/users/add-permissions.tsx

@@ -52,7 +52,7 @@ interface Props {
 export const AddUserPermissions = ({ userId }: Props) => {
 	const { data: projects } = api.project.all.useQuery();
 
-	const { data, refetch } = api.auth.one.useQuery(
+	const { data, refetch } = api.user.one.useQuery(
 		{
 			userId,
 		},

apps/dokploy/drizzle/0066_yielding_echo.sql

@@ -1,7 +1,6 @@
 CREATE TABLE "user_temp" (
 	"id" text PRIMARY KEY NOT NULL,
 	"name" text DEFAULT '' NOT NULL,
-	"token" text NOT NULL,
 	"isRegistered" boolean DEFAULT false NOT NULL,
 	"expirationDate" text NOT NULL,
 	"createdAt" text NOT NULL,
@@ -82,6 +81,7 @@ CREATE TABLE "member" (
 	"user_id" text NOT NULL,
 	"role" text NOT NULL,
 	"created_at" timestamp NOT NULL,
+    "token" text NOT NULL,
 	"canCreateProjects" boolean DEFAULT false NOT NULL,
 	"canAccessToSSHKeys" boolean DEFAULT false NOT NULL,
 	"canCreateServices" boolean DEFAULT false NOT NULL,
@@ -148,7 +148,6 @@ WITH inserted_users AS (
     INSERT INTO user_temp (
         id,
         email,
-        token,
         "email_verified",
         "updated_at",
         "serverIp",
@@ -174,7 +173,6 @@ WITH inserted_users AS (
     SELECT 
         a."adminId",
         auth.email,
-        COALESCE(auth.token, ''),
         true,
         CURRENT_TIMESTAMP,
         a."serverIp",
@@ -247,7 +245,6 @@ inserted_members AS (
     INSERT INTO user_temp (
         id,
         email,
-        token,
         "email_verified",
         "updated_at",
         image,
@@ -258,7 +255,6 @@ inserted_members AS (
     SELECT 
         u."userId",
         auth.email,
-        COALESCE(u.token, ''),
         true,
         CURRENT_TIMESTAMP,
         auth.image,
@@ -302,6 +298,7 @@ inserted_admin_members AS (
         "user_id",
         role,
         "created_at",
+        "token",
         "canAccessToAPI",
         "canAccessToDocker",
         "canAccessToGitProviders",
@@ -320,6 +317,7 @@ inserted_admin_members AS (
         a."adminId",
         'owner',
         NOW(),
+        COALESCE(auth.token, ''),
         true, -- Los admins tienen todos los permisos por defecto
         true,
         true,
@@ -333,6 +331,7 @@ inserted_admin_members AS (
         '{}'
     FROM admin a
     JOIN inserted_orgs o ON o."owner_id" = a."adminId"
+    JOIN auth ON auth.id = a."authId"
     RETURNING *
 )
 -- Insertar miembros regulares en las organizaciones
@@ -342,6 +341,7 @@ INSERT INTO member (
     "user_id",
     role,
     "created_at",
+    "token",
     "canAccessToAPI",
     "canAccessToDocker",
     "canAccessToGitProviders",
@@ -360,6 +360,7 @@ SELECT
     u."userId",
     'member',
     NOW(),
+    COALESCE(auth.token, ''),
     COALESCE(u."canAccessToAPI", false),
     COALESCE(u."canAccessToDocker", false),
     COALESCE(u."canAccessToGitProviders", false),
@@ -373,7 +374,8 @@ SELECT
     COALESCE(u."accesedServices", '{}')
 FROM "user" u
 JOIN admin a ON u."adminId" = a."adminId"
-JOIN inserted_orgs o ON o."owner_id" = a."adminId";
+JOIN inserted_orgs o ON o."owner_id" = a."adminId"
+JOIN auth ON auth.id = u."authId";
 
 -- Migration tables foreign keys 
 
@@ -411,7 +413,7 @@ ALTER TABLE "git_provider" ADD CONSTRAINT "git_provider_userId_user_temp_id_fk"
 ALTER TABLE "server" ADD CONSTRAINT "server_userId_user_temp_id_fk" FOREIGN KEY ("userId") REFERENCES "public"."user_temp"("id") ON DELETE cascade ON UPDATE no action;
 
 
-ALTER TABLE "user_temp" ALTER COLUMN "token" SET DEFAULT '';--> statement-breakpoint
+ALTER TABLE "member" ALTER COLUMN "token" SET DEFAULT '';--> statement-breakpoint
 ALTER TABLE "user_temp" ADD COLUMN "created_at" timestamp DEFAULT now();
 
 

apps/dokploy/drizzle/meta/0066_snapshot.json

@@ -748,13 +748,6 @@
           "notNull": true,
           "default": "''"
         },
-        "token": {
-          "name": "token",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": true,
-          "default": "''"
-        },
         "isRegistered": {
           "name": "isRegistered",
           "type": "boolean",
@@ -4494,6 +4487,13 @@
           "primaryKey": false,
           "notNull": true,
           "default": "ARRAY[]::text[]"
+        },
+        "token": {
+          "name": "token",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "default": "''"
         }
       },
       "indexes": {},

apps/dokploy/server/api/routers/user.ts

@@ -18,7 +18,7 @@ import {
 	member,
 } from "@dokploy/server/db/schema";
 import { TRPCError } from "@trpc/server";
-import { and, eq } from "drizzle-orm";
+import { and, asc, desc, eq } from "drizzle-orm";
 import { z } from "zod";
 import {
 	adminProcedure,
@@ -33,6 +33,7 @@ export const userRouter = createTRPCRouter({
 			with: {
 				user: true,
 			},
+			orderBy: [asc(member.createdAt)],
 		});
 	}),
 	one: protectedProcedure
@@ -42,14 +43,17 @@ export const userRouter = createTRPCRouter({
 			}),
 		)
 		.query(async ({ input, ctx }) => {
-			const user = await findUserById(input.userId);
-			// if (user.adminId !== ctx.user.adminId) {
-			// 	throw new TRPCError({
-			// 		code: "UNAUTHORIZED",
-			// 		message: "You are not allowed to access this user",
-			// 	});
-			// }
-			return user;
+			const memberResult = await db.query.member.findFirst({
+				where: and(
+					eq(member.userId, input.userId),
+					eq(member.organizationId, ctx.session?.activeOrganizationId || ""),
+				),
+				with: {
+					user: true,
+				},
+			});
+
+			return memberResult;
 		}),
 	get: protectedProcedure.query(async ({ ctx }) => {
 		const memberResult = await db.query.member.findFirst({
@@ -111,9 +115,12 @@ export const userRouter = createTRPCRouter({
 					});
 				}
 
-				await updateUser(user.id, {
-					...input,
-				});
+				await db
+					.update(member)
+					.set({
+						...input,
+					})
+					.where(eq(member.userId, input.id));
 			} catch (error) {
 				throw error;
 			}

packages/server/src/db/schema/user.ts

@@ -29,7 +29,6 @@ export const users_temp = pgTable("user_temp", {
 		.primaryKey()
 		.$defaultFn(() => nanoid()),
 	name: text("name").notNull().default(""),
-	token: text("token").notNull().default(""),
 	isRegistered: boolean("isRegistered").notNull().default(false),
 	expirationDate: text("expirationDate")
 		.notNull()
@@ -128,16 +127,7 @@ export const usersRelations = relations(users_temp, ({ one, many }) => ({
 
 const createSchema = createInsertSchema(users_temp, {
 	id: z.string().min(1),
-	token: z.string().min(1),
 	isRegistered: z.boolean().optional(),
-	// accessedProjects: z.array(z.string()).optional(),
-	// accessedServices: z.array(z.string()).optional(),
-	// canCreateProjects: z.boolean().optional(),
-	// canCreateServices: z.boolean().optional(),
-	// canDeleteProjects: z.boolean().optional(),
-	// canDeleteServices: z.boolean().optional(),
-	// canAccessToDocker: z.boolean().optional(),
-	// canAccessToTraefikFiles: z.boolean().optional(),
 });
 
 export const apiCreateUserInvitation = createSchema.pick({}).extend({
@@ -150,11 +140,7 @@ export const apiRemoveUser = createSchema
 	})
 	.required();
 
-export const apiFindOneToken = createSchema
-	.pick({
-		token: true,
-	})
-	.required();
+export const apiFindOneToken = createSchema.pick({}).required();
 
 export const apiAssignPermissions = createSchema
 	.pick({
@@ -171,6 +157,19 @@ export const apiAssignPermissions = createSchema
 		// canAccessToSSHKeys: true,
 		// canAccessToGitProviders: true,
 	})
+	.extend({
+		accessedProjects: z.array(z.string()).optional(),
+		accessedServices: z.array(z.string()).optional(),
+		canCreateProjects: z.boolean().optional(),
+		canCreateServices: z.boolean().optional(),
+		canDeleteProjects: z.boolean().optional(),
+		canDeleteServices: z.boolean().optional(),
+		canAccessToDocker: z.boolean().optional(),
+		canAccessToTraefikFiles: z.boolean().optional(),
+		canAccessToAPI: z.boolean().optional(),
+		canAccessToSSHKeys: z.boolean().optional(),
+		canAccessToGitProviders: z.boolean().optional(),
+	})
 	.required();
 
 export const apiFindOneUser = createSchema