From 4a8cadc6ee3293d9c521294a4ed21e01e7b1ab7a Mon Sep 17 00:00:00 2001
From: Mauricio Siu <47042324+Siumauricio@users.noreply.github.com>
Date: Sat, 3 May 2025 09:42:28 -0600
Subject: [PATCH] Update schedule access control to restrict access to owners
 only

- Modified the `isEnabled` function in the side menu to check if the user has the "owner" role in addition to the non-cloud environment condition.
- Updated the server-side props validation in the schedules page to redirect users who are not owners, enhancing security and access control.
---
 apps/dokploy/components/layouts/side.tsx   | 2 +-
 apps/dokploy/pages/dashboard/schedules.tsx | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/apps/dokploy/components/layouts/side.tsx b/apps/dokploy/components/layouts/side.tsx
index c7797767..8d180967 100644
--- a/apps/dokploy/components/layouts/side.tsx
+++ b/apps/dokploy/components/layouts/side.tsx
@@ -165,7 +165,7 @@ const MENU: Menu = {
 			url: "/dashboard/schedules",
 			icon: Clock,
 			// Only enabled in non-cloud environments
-			isEnabled: ({ isCloud }) => !isCloud,
+			isEnabled: ({ isCloud, auth }) => !isCloud && auth?.role === "owner",
 		},
 		{
 			isSingle: true,
diff --git a/apps/dokploy/pages/dashboard/schedules.tsx b/apps/dokploy/pages/dashboard/schedules.tsx
index 9338b8c2..37c8d298 100644
--- a/apps/dokploy/pages/dashboard/schedules.tsx
+++ b/apps/dokploy/pages/dashboard/schedules.tsx
@@ -39,7 +39,7 @@ export async function getServerSideProps(
 		};
 	}
 	const { user } = await validateRequest(ctx.req);
-	if (!user) {
+	if (!user || user.role !== "owner") {
 		return {
 			redirect: {
 				permanent: true,