feat: add access to API/CLI support

components/dashboard/settings/users/add-permissions.tsx

@@ -38,6 +38,7 @@ const addPermissions = z.object({
 	canDeleteServices: z.boolean().optional().default(false),
 	canAccessToTraefikFiles: z.boolean().optional().default(false),
 	canAccessToDocker: z.boolean().optional().default(false),
+	canAccessToAPI: z.boolean().optional().default(false),
 });
 
 type AddPermissions = z.infer<typeof addPermissions>;
@@ -80,6 +81,7 @@ export const AddUserPermissions = ({ userId }: Props) => {
 				canDeleteServices: data.canDeleteServices,
 				canAccessToTraefikFiles: data.canAccessToTraefikFiles,
 				canAccessToDocker: data.canAccessToDocker,
+				canAccessToAPI: data.canAccessToAPI,
 			});
 		}
 	}, [form, form.formState.isSubmitSuccessful, form.reset, data]);
@@ -95,6 +97,7 @@ export const AddUserPermissions = ({ userId }: Props) => {
 			accesedProjects: data.accesedProjects || [],
 			accesedServices: data.accesedServices || [],
 			canAccessToDocker: data.canAccessToDocker,
+			canAccessToAPI: data.canAccessToAPI,
 		})
 			.then(async () => {
 				toast.success("Permissions updated");
@@ -247,6 +250,26 @@ export const AddUserPermissions = ({ userId }: Props) => {
 								</FormItem>
 							)}
 						/>
+						<FormField
+							control={form.control}
+							name="canAccessToAPI"
+							render={({ field }) => (
+								<FormItem className="flex flex-row items-center justify-between rounded-lg border p-3 shadow-sm">
+									<div className="space-y-0.5">
+										<FormLabel>Access to API/CLI</FormLabel>
+										<FormDescription>
+											Allow the user to access to the API/CLI
+										</FormDescription>
+									</div>
+									<FormControl>
+										<Switch
+											checked={field.value}
+											onCheckedChange={field.onChange}
+										/>
+									</FormControl>
+								</FormItem>
+							)}
+						/>
 						<FormField
 							control={form.control}
 							name="accesedProjects"

drizzle/0016_chunky_leopardon.sql

@@ -0,0 +1 @@
+ALTER TABLE "user" ADD COLUMN "canAccessToAPI" boolean DEFAULT false NOT NULL;

drizzle/meta/_journal.json

@@ -113,6 +113,13 @@
       "when": 1717564517104,
       "tag": "0015_fearless_callisto",
       "breakpoints": true
+    },
+    {
+      "idx": 16,
+      "version": "6",
+      "when": 1719109196484,
+      "tag": "0016_chunky_leopardon",
+      "breakpoints": true
     }
   ]
 }

server/api/routers/admin.ts

@@ -27,15 +27,13 @@ import { createAppAuth } from "@octokit/auth-app";
 import { haveGithubRequirements } from "@/server/utils/providers/github";
 
 export const adminRouter = createTRPCRouter({
-	one: adminProcedure
+	one: adminProcedure.query(async () => {
-		.meta({ openapi: { method: "GET", path: "/say-hello" } })
+		const { sshPrivateKey, ...rest } = await findAdmin();
-		.query(async () => {
+		return {
-			const { sshPrivateKey, ...rest } = await findAdmin();
+			haveSSH: !!sshPrivateKey,
-			return {
+			...rest,
-				haveSSH: !!sshPrivateKey,
+		};
-				...rest,
+	}),
-			};
-		}),
 	createUserInvitation: adminProcedure
 		.input(apiCreateUserInvitation)
 		.mutation(async ({ input }) => {

server/db/schema/user.ts

@@ -32,6 +32,7 @@ export const users = pgTable("user", {
 	canDeleteProjects: boolean("canDeleteProjects").notNull().default(false),
 	canDeleteServices: boolean("canDeleteServices").notNull().default(false),
 	canAccessToDocker: boolean("canAccessToDocker").notNull().default(false),
+	canAccessToAPI: boolean("canAccessToAPI").notNull().default(false),
 	canAccessToTraefikFiles: boolean("canAccessToTraefikFiles")
 		.notNull()
 		.default(false),
@@ -105,6 +106,7 @@ export const apiAssignPermissions = createSchema
 		accesedServices: true,
 		canAccessToTraefikFiles: true,
 		canAccessToDocker: true,
+		canAccessToAPI: true,
 	})
 	.required();