mirror of
https://github.com/Abdulazizzn/n8n-enterprise-unlocked.git
synced 2025-12-16 17:46:45 +00:00
chore(core): Move scopes and roles into database in preparation for custom roles (#17226)
This commit is contained in:
Andreas Fitzek
@@ -0,0 +1,125 @@
|
||||
// Jest Snapshot v1, https://goo.gl/fbAQLP
|
||||
|
||||
exports[`Scope Information ensure scopes are defined correctly 1`] = `
|
||||
[
|
||||
"annotationTag:create",
|
||||
"annotationTag:read",
|
||||
"annotationTag:update",
|
||||
"annotationTag:delete",
|
||||
"annotationTag:list",
|
||||
"annotationTag:*",
|
||||
"auditLogs:manage",
|
||||
"auditLogs:*",
|
||||
"banner:dismiss",
|
||||
"banner:*",
|
||||
"community:register",
|
||||
"community:*",
|
||||
"communityPackage:install",
|
||||
"communityPackage:uninstall",
|
||||
"communityPackage:update",
|
||||
"communityPackage:list",
|
||||
"communityPackage:manage",
|
||||
"communityPackage:*",
|
||||
"credential:share",
|
||||
"credential:move",
|
||||
"credential:create",
|
||||
"credential:read",
|
||||
"credential:update",
|
||||
"credential:delete",
|
||||
"credential:list",
|
||||
"credential:*",
|
||||
"externalSecretsProvider:sync",
|
||||
"externalSecretsProvider:create",
|
||||
"externalSecretsProvider:read",
|
||||
"externalSecretsProvider:update",
|
||||
"externalSecretsProvider:delete",
|
||||
"externalSecretsProvider:list",
|
||||
"externalSecretsProvider:*",
|
||||
"externalSecret:list",
|
||||
"externalSecret:use",
|
||||
"externalSecret:*",
|
||||
"eventBusDestination:test",
|
||||
"eventBusDestination:create",
|
||||
"eventBusDestination:read",
|
||||
"eventBusDestination:update",
|
||||
"eventBusDestination:delete",
|
||||
"eventBusDestination:list",
|
||||
"eventBusDestination:*",
|
||||
"ldap:sync",
|
||||
"ldap:manage",
|
||||
"ldap:*",
|
||||
"license:manage",
|
||||
"license:*",
|
||||
"logStreaming:manage",
|
||||
"logStreaming:*",
|
||||
"orchestration:read",
|
||||
"orchestration:list",
|
||||
"orchestration:*",
|
||||
"project:create",
|
||||
"project:read",
|
||||
"project:update",
|
||||
"project:delete",
|
||||
"project:list",
|
||||
"project:*",
|
||||
"saml:manage",
|
||||
"saml:*",
|
||||
"securityAudit:generate",
|
||||
"securityAudit:*",
|
||||
"sourceControl:pull",
|
||||
"sourceControl:push",
|
||||
"sourceControl:manage",
|
||||
"sourceControl:*",
|
||||
"tag:create",
|
||||
"tag:read",
|
||||
"tag:update",
|
||||
"tag:delete",
|
||||
"tag:list",
|
||||
"tag:*",
|
||||
"user:resetPassword",
|
||||
"user:changeRole",
|
||||
"user:enforceMfa",
|
||||
"user:create",
|
||||
"user:read",
|
||||
"user:update",
|
||||
"user:delete",
|
||||
"user:list",
|
||||
"user:*",
|
||||
"variable:create",
|
||||
"variable:read",
|
||||
"variable:update",
|
||||
"variable:delete",
|
||||
"variable:list",
|
||||
"variable:*",
|
||||
"workersView:manage",
|
||||
"workersView:*",
|
||||
"workflow:share",
|
||||
"workflow:execute",
|
||||
"workflow:move",
|
||||
"workflow:create",
|
||||
"workflow:read",
|
||||
"workflow:update",
|
||||
"workflow:delete",
|
||||
"workflow:list",
|
||||
"workflow:*",
|
||||
"folder:create",
|
||||
"folder:read",
|
||||
"folder:update",
|
||||
"folder:delete",
|
||||
"folder:list",
|
||||
"folder:move",
|
||||
"folder:*",
|
||||
"insights:list",
|
||||
"insights:*",
|
||||
"oidc:manage",
|
||||
"oidc:*",
|
||||
"dataStore:create",
|
||||
"dataStore:read",
|
||||
"dataStore:update",
|
||||
"dataStore:delete",
|
||||
"dataStore:list",
|
||||
"dataStore:readRow",
|
||||
"dataStore:writeRow",
|
||||
"dataStore:*",
|
||||
"*",
|
||||
]
|
||||
`;
|
||||
@@ -0,0 +1,7 @@
|
||||
import { ALL_SCOPES } from '@/scope-information';
|
||||
|
||||
describe('Scope Information', () => {
|
||||
it('ensure scopes are defined correctly', () => {
|
||||
expect(ALL_SCOPES).toMatchSnapshot();
|
||||
});
|
||||
});
|
||||
@@ -2,6 +2,7 @@ export type * from './types.ee';
|
||||
export * from './constants.ee';
|
||||
|
||||
export * from './roles/scopes/global-scopes.ee';
|
||||
export * from './scope-information';
|
||||
export * from './roles/role-maps.ee';
|
||||
export * from './roles/all-roles';
|
||||
|
||||
|
||||
@@ -26,6 +26,7 @@ const mapToRoleObject = <T extends keyof typeof ROLE_NAMES>(roles: Record<T, Sco
|
||||
role,
|
||||
name: ROLE_NAMES[role],
|
||||
scopes: getRoleScopes(role),
|
||||
description: ROLE_NAMES[role],
|
||||
licensed: false,
|
||||
}));
|
||||
|
||||
|
||||
21
packages/@n8n/permissions/src/scope-information.ts
Normal file
21
packages/@n8n/permissions/src/scope-information.ts
Normal file
@@ -0,0 +1,21 @@
|
||||
import { RESOURCES } from './constants.ee';
|
||||
import type { Scope, ScopeInformation } from './types.ee';
|
||||
|
||||
function buildResourceScopes() {
|
||||
const resourceScopes = Object.entries(RESOURCES).flatMap(([resource, operations]) => [
|
||||
...operations.map((op) => `${resource}:${op}` as const),
|
||||
`${resource}:*` as const,
|
||||
]) as Scope[];
|
||||
|
||||
resourceScopes.push('*' as const); // Global wildcard
|
||||
return resourceScopes;
|
||||
}
|
||||
|
||||
export const ALL_SCOPES = buildResourceScopes();
|
||||
|
||||
export const scopeInformation: Partial<Record<Scope, ScopeInformation>> = {
|
||||
'annotationTag:create': {
|
||||
displayName: 'Create Annotation Tag',
|
||||
description: 'Allows creating new annotation tags.',
|
||||
},
|
||||
};
|
||||
@@ -11,6 +11,11 @@ import type {
|
||||
workflowSharingRoleSchema,
|
||||
} from './schemas.ee';
|
||||
|
||||
export type ScopeInformation = {
|
||||
displayName: string;
|
||||
description?: string | null;
|
||||
};
|
||||
|
||||
/** Represents a resource that can have permissions applied to it */
|
||||
export type Resource = keyof typeof RESOURCES;
|
||||
|
||||
@@ -59,6 +64,7 @@ export type AllRoleTypes = GlobalRole | ProjectRole | WorkflowSharingRole | Cred
|
||||
type RoleObject<T extends AllRoleTypes> = {
|
||||
role: T;
|
||||
name: string;
|
||||
description?: string | null;
|
||||
scopes: Scope[];
|
||||
licensed: boolean;
|
||||
};
|
||||
|
||||
Reference in New Issue
Block a user