feat(permission): add permission to access to ssh key section

apps/dokploy/components/dashboard/settings/users/add-permissions.tsx

@@ -39,6 +39,7 @@ const addPermissions = z.object({
 	canAccessToTraefikFiles: z.boolean().optional().default(false),
 	canAccessToDocker: z.boolean().optional().default(false),
 	canAccessToAPI: z.boolean().optional().default(false),
+	canAccessToSSHKeys: z.boolean().optional().default(false),
 });
 
 type AddPermissions = z.infer<typeof addPermissions>;
@@ -82,6 +83,7 @@ export const AddUserPermissions = ({ userId }: Props) => {
 				canAccessToTraefikFiles: data.canAccessToTraefikFiles,
 				canAccessToDocker: data.canAccessToDocker,
 				canAccessToAPI: data.canAccessToAPI,
+				canAccessToSSHKeys: data.canAccessToSSHKeys,
 			});
 		}
 	}, [form, form.formState.isSubmitSuccessful, form.reset, data]);
@@ -98,6 +100,7 @@ export const AddUserPermissions = ({ userId }: Props) => {
 			accesedServices: data.accesedServices || [],
 			canAccessToDocker: data.canAccessToDocker,
 			canAccessToAPI: data.canAccessToAPI,
+			canAccessToSSHKeys: data.canAccessToSSHKeys,
 		})
 			.then(async () => {
 				toast.success("Permissions updated");
@@ -270,6 +273,26 @@ export const AddUserPermissions = ({ userId }: Props) => {
 								</FormItem>
 							)}
 						/>
+						<FormField
+							control={form.control}
+							name="canAccessToSSHKeys"
+							render={({ field }) => (
+								<FormItem className="flex flex-row items-center justify-between rounded-lg border p-3 shadow-sm">
+									<div className="space-y-0.5">
+										<FormLabel>Access to SSH Keys</FormLabel>
+										<FormDescription>
+											Allow to users to access to the SSH Keys section
+										</FormDescription>
+									</div>
+									<FormControl>
+										<Switch
+											checked={field.value}
+											onCheckedChange={field.onChange}
+										/>
+									</FormControl>
+								</FormItem>
+							)}
+						/>
 						<FormField
 							control={form.control}
 							name="accesedProjects"

apps/dokploy/components/layouts/settings-layout.tsx

@@ -79,6 +79,16 @@ export const SettingsLayout = ({ children }: Props) => {
 									},
 								]
 							: []),
+						...(user?.canAccessToSSHKeys
+							? [
+									{
+										title: "SSH Keys",
+										label: "",
+										icon: KeyRound,
+										href: "/dashboard/settings/ssh-keys",
+									},
+								]
+							: []),
 					]}
 				/>
 			</div>

apps/dokploy/drizzle/0030_little_kabuki.sql

@@ -0,0 +1 @@
+ALTER TABLE "user" ADD COLUMN "canAccessToSSHKeys" boolean DEFAULT false NOT NULL;

apps/dokploy/drizzle/meta/_journal.json

@@ -211,6 +211,13 @@
       "when": 1722578386823,
       "tag": "0029_colossal_zodiak",
       "breakpoints": true
+    },
+    {
+      "idx": 30,
+      "version": "6",
+      "when": 1723608499147,
+      "tag": "0030_little_kabuki",
+      "breakpoints": true
     }
   ]
 }

apps/dokploy/pages/dashboard/settings/ssh-keys.tsx

@@ -1,9 +1,12 @@
 import { ShowDestinations } from "@/components/dashboard/settings/ssh-keys/show-ssh-keys";
 import { DashboardLayout } from "@/components/layouts/dashboard-layout";
 import { SettingsLayout } from "@/components/layouts/settings-layout";
+import { appRouter } from "@/server/api/root";
 import { validateRequest } from "@/server/auth/auth";
+import { createServerSideHelpers } from "@trpc/react-query/server";
 import type { GetServerSidePropsContext } from "next";
 import React, { type ReactElement } from "react";
+import superjson from "superjson";
 
 const Page = () => {
 	return (
@@ -26,7 +29,7 @@ export async function getServerSideProps(
 	ctx: GetServerSidePropsContext<{ serviceId: string }>,
 ) {
 	const { user, session } = await validateRequest(ctx.req, ctx.res);
-	if (!user || user.rol === "user") {
+	if (!user) {
 		return {
 			redirect: {
 				permanent: true,
@@ -34,8 +37,45 @@ export async function getServerSideProps(
 			},
 		};
 	}
+	const { req, res, resolvedUrl } = ctx;
+	const helpers = createServerSideHelpers({
+		router: appRouter,
+		ctx: {
+			req: req as any,
+			res: res as any,
+			db: null as any,
+			session: session,
+			user: user,
+		},
+		transformer: superjson,
+	});
 
-	return {
-		props: {},
-	};
+	try {
+		await helpers.project.all.prefetch();
+		const auth = await helpers.auth.get.fetch();
+
+		if (auth.rol === "user") {
+			const user = await helpers.user.byAuthId.fetch({
+				authId: auth.id,
+			});
+
+			if (!user.canAccessToSSHKeys) {
+				return {
+					redirect: {
+						permanent: true,
+						destination: "/",
+					},
+				};
+			}
+		}
+		return {
+			props: {
+				trpcState: helpers.dehydrate(),
+			},
+		};
+	} catch (error) {
+		return {
+			props: {},
+		};
+	}
 }

apps/dokploy/server/api/routers/ssh-key.ts

@@ -34,21 +34,23 @@ export const sshRouter = createTRPCRouter({
 				});
 			}
 		}),
-	remove: adminProcedure.input(apiRemoveSshKey).mutation(async ({ input }) => {
-		try {
-			return await removeSSHKeyById(input.sshKeyId);
-		} catch (error) {
-			throw new TRPCError({
-				code: "BAD_REQUEST",
-				message: "Error to delete this ssh key",
-			});
-		}
-	}),
+	remove: protectedProcedure
+		.input(apiRemoveSshKey)
+		.mutation(async ({ input }) => {
+			try {
+				return await removeSSHKeyById(input.sshKeyId);
+			} catch (error) {
+				throw new TRPCError({
+					code: "BAD_REQUEST",
+					message: "Error to delete this ssh key",
+				});
+			}
+		}),
 	one: protectedProcedure.input(apiFindOneSshKey).query(async ({ input }) => {
 		const sshKey = await findSSHKeyById(input.sshKeyId);
 		return sshKey;
 	}),
-	all: adminProcedure.query(async () => {
+	all: protectedProcedure.query(async () => {
 		return await db.query.sshKeys.findMany({});
 	}),
 	generate: protectedProcedure
@@ -56,15 +58,17 @@ export const sshRouter = createTRPCRouter({
 		.mutation(async ({ input }) => {
 			return await generateSSHKey(input.type);
 		}),
-	update: adminProcedure.input(apiUpdateSshKey).mutation(async ({ input }) => {
-		try {
-			return await updateSSHKeyById(input);
-		} catch (error) {
-			throw new TRPCError({
-				code: "BAD_REQUEST",
-				message: "Error to update this ssh key",
-				cause: error,
-			});
-		}
-	}),
+	update: protectedProcedure
+		.input(apiUpdateSshKey)
+		.mutation(async ({ input }) => {
+			try {
+				return await updateSSHKeyById(input);
+			} catch (error) {
+				throw new TRPCError({
+					code: "BAD_REQUEST",
+					message: "Error to update this ssh key",
+					cause: error,
+				});
+			}
+		}),
 });

apps/dokploy/server/db/schema/user.ts

@@ -28,6 +28,7 @@ export const users = pgTable("user", {
 		.notNull()
 		.$defaultFn(() => new Date().toISOString()),
 	canCreateProjects: boolean("canCreateProjects").notNull().default(false),
+	canAccessToSSHKeys: boolean("canAccessToSSHKeys").notNull().default(false),
 	canCreateServices: boolean("canCreateServices").notNull().default(false),
 	canDeleteProjects: boolean("canDeleteProjects").notNull().default(false),
 	canDeleteServices: boolean("canDeleteServices").notNull().default(false),
@@ -107,6 +108,7 @@ export const apiAssignPermissions = createSchema
 		canAccessToTraefikFiles: true,
 		canAccessToDocker: true,
 		canAccessToAPI: true,
+		canAccessToSSHKeys: true,
 	})
 	.required();