Skip to content

refactory: User Roles & Permissions | Access Control | Team Management #1980

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 3 commits into
base: canary
Choose a base branch
from
Draft

refactory: User Roles & Permissions | Access Control | Team Management #1980

wants to merge 3 commits into from
+552 −13

Conversation

AlphaLawless
Copy link

Add ability to edit user roles

Description

This PR adds the ability for organization owners to edit user roles (member, admin) through the UI.

Changes Made

Backend

  • Added updateRoleMember mutation to userRouter
  • Validates that only owners can update roles
  • Prevents users from changing their own role
  • Returns updated member data

Frontend

  • Fixed admin role option in AddInvitation component (was missing from SelectContent)
  • Added EditUserRole component with role selection dialog
  • Integrated edit role functionality in user management table
  • Added proper permission checks (owners can edit others, but not themselves)

Files Changed

  • packages/server/src/routers/user.ts - Added updateRoleMember mutation
  • apps/dokploy/components/dashboard/settings/users/add-invitation.tsx - Fixed admin role option
  • apps/dokploy/components/dashboard/settings/users/edit-user-role.tsx - New component
  • apps/dokploy/components/dashboard/settings/users/show-users.tsx - Integrated edit functionality

Security

  • Only organization owners can update member roles
  • Users cannot update their own role (prevents accidental lockout)
  • Validates member exists in organization before updating

Screenshots

imagem
imagem

@AlphaLawless AlphaLawless requested a review from Siumauricio as a code owner May 31, 2025 22:24
@TheMath123
Copy link

Amazing creation, I really needed this! 🥹 Pls accepted this! 🙌

@Siumauricio
Copy link
Contributor

This needs more work, I haven't implemented this because it needs more work, it's not just changing the user role.

Currently we use 1 or 2 functions which emphasize that there can only be one admin user in the whole system, so doing this would be wrong and lead to other problems.

I think a better idea would be for the current admin to have a role called super-admin or something like that, and this would run on a manual sql migration.

then from there in the system we would have 3 roles, super-admin, admin and user...

That's one idea, or another idea could be to better integrate permissions and organization and roles based on better auth https://www.better-auth.com/docs/plugins/organization#create-roles

@vishalkadam47
Copy link
Contributor

This needs more work, I haven't implemented this because it needs more work, it's not just changing the user role.

Currently we use 1 or 2 functions which emphasize that there can only be one admin user in the whole system, so doing this would be wrong and lead to other problems.

I think a better idea would be for the current admin to have a role called super-admin or something like that, and this would run on a manual sql migration.

then from there in the system we would have 3 roles, super-admin, admin and user...

That's one idea, or another idea could be to better integrate permissions and organization and roles based on better auth https://www.better-auth.com/docs/plugins/organization#create-roles

current admin can be the owner then admin and users...
here's how i have planned #1413
I have also tried to connect with better-auth
image

@AlphaLawless
Copy link
Author

AlphaLawless commented Jun 1, 2025
edited
Loading

This needs more work, I haven't implemented this because it needs more work, it's not just changing the user role.

Currently we use 1 or 2 functions which emphasize that there can only be one admin user in the whole system, so doing this would be wrong and lead to other problems.

I think a better idea would be for the current admin to have a role called super-admin or something like that, and this would run on a manual sql migration.

then from there in the system we would have 3 roles, super-admin, admin and user...

That's one idea, or another idea could be to better integrate permissions and organization and roles based on better auth https://www.better-auth.com/docs/plugins/organization#create-roles

I get the point.

I've actually seen myself in some cases where there were owner and admin in the same layer. And I hadn't understood why. Now you're explaining to me about 1~2 functions that should only have one administrator in the system, that makes sense.

However, based on your idea of ​​superadmin, admin and member. Wouldn't it be easier to just continue as owner, and refactor the part that has roles from only one system administrator to owner?

I'm asking this without looking at the roles yet.

I had also started the code that @vishalkadam47 had mentioned about "Add the ability to transfer ownership". However, I didn't go very deep. If you want, I can leave this in draft and start planning your ideas with the one @vishalkadam47 mentioned and I'll update it.

@AlphaLawless AlphaLawless marked this pull request as draft June 1, 2025 21:21
@AlphaLawless
Copy link
Author

AlphaLawless commented Jun 1, 2025
edited by Siumauricio
Loading

Mini Roadmap

User Roles & Permissions

  • Add admin roles (currently, only member role exists) for organization. Owner > Admin > Member
  • Edit Role
  • Add the ability to transfer ownership.

Refactoring/Add Access Control and more...

Team Management

  • Implement Teams to group members within an organization.
  • Allow team-based invitations instead of inviting members individually (include an option to set a team size limit).
  • Enable the option to register new users on teams.
  • Support adding descriptions for organizations and teams.
  • Allow deleting expired or cancelled invitations.
  • Provide an option to move members between teams.

Advanced Permissions & Access Control

  • Enable assigning specific remote servers to selected users or teams.
  • Introduce team-wide permissions to streamline access control for larger teams.

@AlphaLawless AlphaLawless changed the title feat: add user role editing functionality and update user role mutation refactory: User Roles & Permissions | Access Control | Team Management Jun 2, 2025
@Siumauricio
Copy link
Contributor

I agree with the suggested changes

Feel free to work whenever you want.

@vishalkadam47
Copy link
Contributor

@AlphaLawless Do you have any wip using better-auth, if yes please update this draft

@autofix-ci autofix.ci
Copy link
Contributor

autofix-ci bot commented Jun 22, 2025

Hi! I'm autofix logoautofix.ci, a bot that automatically fixes trivial issues such as code formatting in pull requests.

I would like to apply some automated changes to this pull request, but it looks like I don't have the necessary permissions to do so. To get this pull request into a mergeable state, please do one of the following two things:

  1. Allow edits by maintainers for your pull request, and then re-trigger CI (for example by pushing a new commit).
  2. Manually fix the issues identified for your pull request (see the GitHub Actions output for details on what I would like to change).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Siumauricio Siumauricio Awaiting requested review from Siumauricio Siumauricio is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@AlphaLawless @TheMath123 @Siumauricio @vishalkadam47