admin/n8n-enterprise-unlocked
1
0
Fork 0
mirror of https://github.com/Abdulazizzn/n8n-enterprise-unlocked.git synced 2025-12-18 02:21:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: Replace owner checks with scope checks (no-changelog) (#7846)

Browse Source 
Github issue / Community forum post (link here to close automatically):
This commit is contained in:
Val
2023-11-29 14:48:36 +00:00
committed by GitHub
parent d5762a7539
commit 1cb92ffe16
26 changed files with 136 additions and 78 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
packages/cli/src/credentials/credentials.service.ts
View File

@@ -11,6 +11,8 @@ import { Container } from 'typedi';
import type { FindManyOptions, FindOptionsWhere } from 'typeorm';
import { In, Like } from 'typeorm';
import type { Scope } from '@n8n/permissions';
import * as Db from '@/Db';
import type { ICredentialsDb } from '@/Interfaces';
import { CredentialsHelper, createCredentialsFromCredentialsEntity } from '@/CredentialsHelper';
@@ -28,6 +30,10 @@ import { Logger } from '@/Logger';
import { CredentialsRepository } from '@db/repositories/credentials.repository';
import { SharedCredentialsRepository } from '@db/repositories/sharedCredentials.repository';
export type CredentialsGetSharedOptions =
| { allowGlobalScope: true; globalScope: Scope }
| { allowGlobalScope: false };
export class CredentialsService {
static async get(
where: FindOptionsWhere<ICredentialsDb>,
@@ -86,7 +92,7 @@ export class CredentialsService {
) {
const findManyOptions = this.toFindManyOptions(options.listQueryOptions);
const returnAll = user.globalRole.name === 'owner' && !options.onlyOwn;
const returnAll = (await user.hasGlobalScope('credential:list')) && !options.onlyOwn;
const isDefaultSelect = !options.listQueryOptions?.select;
if (returnAll) {
@@ -136,15 +142,15 @@ export class CredentialsService {
static async getSharing(
user: User,
credentialId: string,
options: CredentialsGetSharedOptions,
relations: string[] = ['credentials'],
{ allowGlobalOwner } = { allowGlobalOwner: true },
): Promise<SharedCredentials | null> {
const where: FindOptionsWhere<SharedCredentials> = { credentialsId: credentialId };
// Omit user from where if the requesting user is the global
// owner. This allows the global owner to view and delete
// credentials they don't own.
if (!allowGlobalOwner || user.globalRole.name !== 'owner') {
// Omit user from where if the requesting user has relevant
// global credential permissions. This allows the user to
// access credentials they don't own.
if (!options.allowGlobalScope || !(await user.hasGlobalScope(options.globalScope))) {
Object.assign(where, {
userId: user.id,
role: { name: 'owner' },