admin/n8n-enterprise-unlocked
1
0
Fork 0
mirror of https://github.com/Abdulazizzn/n8n-enterprise-unlocked.git synced 2025-12-17 18:12:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(core): Allow transferring credentials from any project to any team project (#9563)

Browse Source
This commit is contained in:
Danny Martini
2024-06-04 13:54:48 +02:00
committed by GitHub
parent 245c63f216
commit 202c91e7ed
8 changed files with 371 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

253
packages/cli/test/integration/credentials/credentials.api.ee.test.ts
View File

@@ -16,13 +16,22 @@ import type { SaveCredentialFunction } from '../shared/types';
import * as utils from '../shared/utils';
import {
affixRoleToSaveCredential,
getCredentialSharings,
shareCredentialWithProjects,
shareCredentialWithUsers,
} from '../shared/db/credentials';
import { createManyUsers, createUser, createUserShell } from '../shared/db/users';
import {
createAdmin,
createManyUsers,
createOwner,
createUser,
createUserShell,
} from '../shared/db/users';
import type { SuperAgentTest } from '../shared/types';
import { mockInstance } from '../../shared/mocking';
import { createTeamProject, linkUserToProject } from '../shared/db/projects';
const testServer = utils.setupTestServer({
endpointGroups: ['credentials'],
enabledFeatures: ['feat:sharing'],
@@ -32,6 +41,7 @@ const testServer = utils.setupTestServer({
});
let owner: User;
let admin: User;
let ownerPersonalProject: Project;
let member: User;
let memberPersonalProject: Project;
@@ -50,7 +60,8 @@ beforeEach(async () => {
projectRepository = Container.get(ProjectRepository);
projectService = Container.get(ProjectService);
owner = await createUser({ role: 'global:owner' });
owner = await createOwner();
admin = await createAdmin();
ownerPersonalProject = await projectRepository.getPersonalProjectForUserOrFail(owner.id);
member = await createUser({ role: 'global:member' });
@@ -648,6 +659,244 @@ describe('PUT /credentials/:id/share', () => {
});
});
describe('PUT /:credentialId/transfer', () => {
test('cannot transfer into the same project', async () => {
const destinationProject = await createTeamProject('Destination Project', member);
const credential = await saveCredential(randomCredentialPayload(), {
project: destinationProject,
});
await testServer
.authAgentFor(member)
.put(`/credentials/${credential.id}/transfer`)
.send({ destinationProjectId: destinationProject.id })
.expect(400);
});
test('cannot transfer into a personal project', async () => {
const credential = await saveCredential(randomCredentialPayload(), {
user: member,
});
await testServer
.authAgentFor(member)
.put(`/credentials/${credential.id}/transfer`)
.send({ destinationProjectId: memberPersonalProject.id })
.expect(400);
});
test('cannot transfer somebody elses credential', async () => {
const destinationProject = await createTeamProject('Destination Project', member);
const credential = await saveCredential(randomCredentialPayload(), {
user: anotherMember,
});
await testServer
.authAgentFor(member)
.put(`/credentials/${credential.id}/transfer`)
.send({ destinationProjectId: destinationProject.id })
.expect(403);
});
test("cannot transfer if you're not a member of the destination project", async () => {
const credential = await saveCredential(randomCredentialPayload(), {
user: member,
});
const destinationProject = await createTeamProject('Team Project');
await testServer
.authAgentFor(member)
.put(`/credentials/${credential.id}/transfer`)
.send({ destinationProjectId: destinationProject.id })
.expect(404);
});
test('project:editors cannot transfer credentials', async () => {
//
// ARRANGE
//
const sourceProject = await createTeamProject('Source Project');
await linkUserToProject(member, sourceProject, 'project:editor');
const credential = await saveCredential(randomCredentialPayload(), {
project: sourceProject,
});
const destinationProject = await createTeamProject('Destination Project', member);
//
// ACT & ASSERT
//
await testServer
.authAgentFor(member)
.put(`/credentials/${credential.id}/transfer`)
.send({ destinationProjectId: destinationProject.id })
.expect(403);
});
test('transferring from a personal project to a team project severs all sharings', async () => {
//
// ARRANGE
//
const credential = await saveCredential(randomCredentialPayload(), { user: member });
// these sharings should be deleted by the transfer
await shareCredentialWithUsers(credential, [anotherMember, owner]);
const destinationProject = await createTeamProject('Destination Project', member);
//
// ACT
//
const response = await testServer
.authAgentFor(member)
.put(`/credentials/${credential.id}/transfer`)
.send({ destinationProjectId: destinationProject.id })
.expect(200);
//
// ASSERT
//
expect(response.body).toEqual({});
const allSharings = await getCredentialSharings(credential);
expect(allSharings).toHaveLength(1);
expect(allSharings[0]).toMatchObject({
projectId: destinationProject.id,
credentialsId: credential.id,
role: 'credential:owner',
});
});
test('can transfer from team to another team project', async () => {
//
// ARRANGE
//
const sourceProject = await createTeamProject('Team Project 1', member);
const credential = await saveCredential(randomCredentialPayload(), {
project: sourceProject,
});
const destinationProject = await createTeamProject('Team Project 2', member);
//
// ACT
//
const response = await testServer
.authAgentFor(member)
.put(`/credentials/${credential.id}/transfer`)
.send({ destinationProjectId: destinationProject.id })
.expect(200);
//
// ASSERT
//
expect(response.body).toEqual({});
const allSharings = await getCredentialSharings(credential);
expect(allSharings).toHaveLength(1);
expect(allSharings[0]).toMatchObject({
projectId: destinationProject.id,
credentialsId: credential.id,
role: 'credential:owner',
});
});
test.each([
['owners', () => owner],
['admins', () => admin],
])(
'%s can always transfer from any personal or team project into any team project',
async (_name, actor) => {
//
// ARRANGE
//
const sourceProject = await createTeamProject('Source Project', member);
const teamCredential = await saveCredential(randomCredentialPayload(), {
project: sourceProject,
});
const personalCredential = await saveCredential(randomCredentialPayload(), { user: member });
const destinationProject = await createTeamProject('Destination Project', member);
//
// ACT
//
const response1 = await testServer
.authAgentFor(actor())
.put(`/credentials/${teamCredential.id}/transfer`)
.send({ destinationProjectId: destinationProject.id })
.expect(200);
const response2 = await testServer
.authAgentFor(actor())
.put(`/credentials/${personalCredential.id}/transfer`)
.send({ destinationProjectId: destinationProject.id })
.expect(200);
//
// ASSERT
//
expect(response1.body).toEqual({});
expect(response2.body).toEqual({});
{
const allSharings = await getCredentialSharings(teamCredential);
expect(allSharings).toHaveLength(1);
expect(allSharings[0]).toMatchObject({
projectId: destinationProject.id,
credentialsId: teamCredential.id,
role: 'credential:owner',
});
}
{
const allSharings = await getCredentialSharings(personalCredential);
expect(allSharings).toHaveLength(1);
expect(allSharings[0]).toMatchObject({
projectId: destinationProject.id,
credentialsId: personalCredential.id,
role: 'credential:owner',
});
}
},
);
test.each([
['owners', () => owner],
['admins', () => admin],
])('%s cannot transfer into personal projects', async (_name, actor) => {
//
// ARRANGE
//
const sourceProject = await createTeamProject('Source Project', member);
const teamCredential = await saveCredential(randomCredentialPayload(), {
project: sourceProject,
});
const personalCredential = await saveCredential(randomCredentialPayload(), { user: member });
const destinationProject = anotherMemberPersonalProject;
//
// ACT & ASSERT
//
await testServer
.authAgentFor(actor())
.put(`/credentials/${teamCredential.id}/transfer`)
.send({ destinationProjectId: destinationProject.id })
.expect(400);
await testServer
.authAgentFor(actor())
.put(`/credentials/${personalCredential.id}/transfer`)
.send({ destinationProjectId: destinationProject.id })
.expect(400);
});
});
function validateMainCredentialData(credential: ListQuery.Credentials.WithOwnedByAndSharedWith) {
expect(typeof credential.name).toBe('string');
expect(typeof credential.type).toBe('string');

6
packages/cli/test/integration/shared/db/credentials.ts
View File

@@ -145,3 +145,9 @@ export const getCredentialById = async (id: string) =>
export async function getAllSharedCredentials() {
return await Container.get(SharedCredentialsRepository).find();
}
export async function getCredentialSharings(credential: CredentialsEntity) {
return await Container.get(SharedCredentialsRepository).findBy({
credentialsId: credential.id,
});
}

33
packages/cli/test/integration/workflows/workflows.controller.ee.test.ts
View File

@@ -1257,9 +1257,9 @@ describe('PUT /:workflowId/transfer', () => {
});
test('cannot transfer into a personal project', async () => {
const destinationProject = await createTeamProject('Team Project', member);
const sourceProject = await createTeamProject('Team Project', member);
const workflow = await createWorkflow({}, destinationProject);
const workflow = await createWorkflow({}, sourceProject);
await testServer
.authAgentFor(member)
@@ -1268,7 +1268,7 @@ describe('PUT /:workflowId/transfer', () => {
.expect(400);
});
test('cannot transfer without workflow:move scope for the workflow', async () => {
test('cannot transfer somebody elses workflow', async () => {
const destinationProject = await createTeamProject('Team Project', member);
const workflow = await createWorkflow({}, anotherMember);
@@ -1280,7 +1280,7 @@ describe('PUT /:workflowId/transfer', () => {
.expect(403);
});
test('cannot transfer without workflow:create scope in destination project', async () => {
test("cannot transfer if you're not a member of the destination project", async () => {
const destinationProject = await createTeamProject('Team Project', anotherMember);
const workflow = await createWorkflow({}, member);
@@ -1296,13 +1296,14 @@ describe('PUT /:workflowId/transfer', () => {
//
// ARRANGE
//
const sourceProject = await createTeamProject('Team Project 1');
const sourceProject = await createTeamProject();
await linkUserToProject(member, sourceProject, 'project:editor');
const destinationProject = await createTeamProject();
await linkUserToProject(member, destinationProject, 'project:admin');
const workflow = await createWorkflow({}, sourceProject);
const destinationProject = await createTeamProject();
await linkUserToProject(member, destinationProject, 'project:admin');
//
// ACT & ASSERT
//
@@ -1319,7 +1320,7 @@ describe('PUT /:workflowId/transfer', () => {
//
const workflow = await createWorkflow({}, member);
// this sharing should be deleted by the transfer
// these sharings should be deleted by the transfer
await shareWorkflowWithUsers(workflow, [anotherMember, owner]);
const destinationProject = await createTeamProject('Team Project', member);
@@ -1340,7 +1341,7 @@ describe('PUT /:workflowId/transfer', () => {
const allSharings = await getWorkflowSharing(workflow);
expect(allSharings).toHaveLength(1);
expect(allSharings).not.toContainEqual({
expect(allSharings[0]).toMatchObject({
projectId: destinationProject.id,
workflowId: workflow.id,
role: 'workflow:owner',
@@ -1352,10 +1353,10 @@ describe('PUT /:workflowId/transfer', () => {
// ARRANGE
//
const sourceProject = await createTeamProject('Team Project 1', member);
const destinationProject = await createTeamProject('Team Project 2', member);
const workflow = await createWorkflow({}, sourceProject);
const destinationProject = await createTeamProject('Team Project 2', member);
//
// ACT
//
@@ -1389,11 +1390,12 @@ describe('PUT /:workflowId/transfer', () => {
// ARRANGE
//
const sourceProject = await createTeamProject('Source Project', member);
const destinationProject = await createTeamProject('Destination Project', member);
const teamWorkflow = await createWorkflow({}, sourceProject);
const personalWorkflow = await createWorkflow({}, member);
const destinationProject = await createTeamProject('Destination Project', member);
//
// ACT
//
@@ -1444,11 +1446,12 @@ describe('PUT /:workflowId/transfer', () => {
// ARRANGE
//
const sourceProject = await createTeamProject('Source Project', member);
const destinationProject = anotherMemberPersonalProject;
const teamWorkflow = await createWorkflow({}, sourceProject);
const personalWorkflow = await createWorkflow({}, member);
const destinationProject = anotherMemberPersonalProject;
//
// ACT & ASSERT
//