refactor: update permission checks to use organization context

apps/dokploy/components/layouts/side.tsx

@@ -155,7 +155,7 @@ const MENU: Menu = {
 			// Only enabled for admins and users with access to Traefik files in non-cloud environments
 			isEnabled: ({ auth, isCloud }) =>
 				!!(
-					(auth?.role === "owner" || auth?.user?.canAccessToTraefikFiles) &&
+					(auth?.role === "owner" || auth?.canAccessToTraefikFiles) &&
 					!isCloud
 				),
 		},
@@ -166,10 +166,7 @@ const MENU: Menu = {
 			icon: BlocksIcon,
 			// Only enabled for admins and users with access to Docker in non-cloud environments
 			isEnabled: ({ auth, isCloud }) =>
-				!!(
-					(auth?.role === "owner" || auth?.user?.canAccessToDocker) &&
-					!isCloud
-				),
+				!!((auth?.role === "owner" || auth?.canAccessToDocker) && !isCloud),
 		},
 		{
 			isSingle: true,
@@ -178,10 +175,7 @@ const MENU: Menu = {
 			icon: PieChart,
 			// Only enabled for admins and users with access to Docker in non-cloud environments
 			isEnabled: ({ auth, isCloud }) =>
-				!!(
-					(auth?.role === "owner" || auth?.user?.canAccessToDocker) &&
-					!isCloud
-				),
+				!!((auth?.role === "owner" || auth?.canAccessToDocker) && !isCloud),
 		},
 		{
 			isSingle: true,
@@ -190,10 +184,7 @@ const MENU: Menu = {
 			icon: Forward,
 			// Only enabled for admins and users with access to Docker in non-cloud environments
 			isEnabled: ({ auth, isCloud }) =>
-				!!(
-					(auth?.role === "owner" || auth?.user?.canAccessToDocker) &&
-					!isCloud
-				),
+				!!((auth?.role === "owner" || auth?.canAccessToDocker) && !isCloud),
 		},
 
 		// Legacy unused menu, adjusted to the new structure
@@ -291,7 +282,7 @@ const MENU: Menu = {
 			url: "/dashboard/settings/ssh-keys",
 			// Only enabled for admins and users with access to SSH keys
 			isEnabled: ({ auth }) =>
-				!!(auth?.role === "owner" || auth?.user?.canAccessToSSHKeys),
+				!!(auth?.role === "owner" || auth?.canAccessToSSHKeys),
 		},
 		{
 			isSingle: true,
@@ -300,7 +291,7 @@ const MENU: Menu = {
 			icon: GitBranch,
 			// Only enabled for admins and users with access to Git providers
 			isEnabled: ({ auth }) =>
-				!!(auth?.role === "owner" || auth?.user?.canAccessToGitProviders),
+				!!(auth?.role === "owner" || auth?.canAccessToGitProviders),
 		},
 		{
 			isSingle: true,

apps/dokploy/server/api/routers/project.ts

@@ -38,7 +38,11 @@ export const projectRouter = createTRPCRouter({
 		.mutation(async ({ ctx, input }) => {
 			try {
 				if (ctx.user.rol === "member") {
-					await checkProjectAccess(ctx.user.id, "create");
+					await checkProjectAccess(
+						ctx.user.id,
+						"create",
+						ctx.session.activeOrganizationId,
+					);
 				}
 
 				const admin = await findUserById(ctx.user.ownerId);
@@ -55,7 +59,11 @@ export const projectRouter = createTRPCRouter({
 					ctx.session.activeOrganizationId,
 				);
 				if (ctx.user.rol === "member") {
-					await addNewProject(ctx.user.id, project.projectId);
+					await addNewProject(
+						ctx.user.id,
+						project.projectId,
+						ctx.session.activeOrganizationId,
+					);
 				}
 
 				return project;
@@ -77,7 +85,12 @@ export const projectRouter = createTRPCRouter({
 					ctx.session.activeOrganizationId,
 				);
 
-				await checkProjectAccess(ctx.user.id, "access", input.projectId);
+				await checkProjectAccess(
+					ctx.user.id,
+					"access",
+					ctx.session.activeOrganizationId,
+					input.projectId,
+				);
 
 				const project = await db.query.projects.findFirst({
 					where: and(
@@ -212,7 +225,11 @@ export const projectRouter = createTRPCRouter({
 		.mutation(async ({ input, ctx }) => {
 			try {
 				if (ctx.user.rol === "member") {
-					await checkProjectAccess(ctx.user.id, "delete");
+					await checkProjectAccess(
+						ctx.user.id,
+						"delete",
+						ctx.session.activeOrganizationId,
+					);
 				}
 				const currentProject = await findProjectById(input.projectId);
 				if (