admin/n8n-enterprise-unlocked
1
0
Fork 0
mirror of https://github.com/Abdulazizzn/n8n-enterprise-unlocked.git synced 2025-12-17 01:56:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: Add folder scopes to global owner and admin roles (#19230)

Browse Source
This commit is contained in:
Stephen Wright
2025-09-08 08:08:21 +01:00
committed by GitHub
parent ed8fd32692
commit 2113532946
4 changed files with 59 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
packages/cli/test/integration/folder/folder.controller.test.ts
View File

@@ -87,7 +87,7 @@ describe('POST /projects/:projectId/folders', () => {
name: 'Test Folder',
};
await authOwnerAgent.post('/projects/non-existing-id/folders').send(payload).expect(403);
await authOwnerAgent.post('/projects/non-existing-id/folders').send(payload).expect(404);
});
test('should not create folder when name is empty', async () => {
@@ -278,7 +278,7 @@ describe('GET /projects/:projectId/folders/:folderId/tree', () => {
});
test('should not get folder tree when project does not exist', async () => {
await authOwnerAgent.get('/projects/non-existing-id/folders/some-folder-id/tree').expect(403);
await authOwnerAgent.get('/projects/non-existing-id/folders/some-folder-id/tree').expect(404);
});
test('should not get folder tree when folder does not exist', async () => {
@@ -418,7 +418,7 @@ describe('GET /projects/:projectId/folders/:folderId/credentials', () => {
test('should not get folder credentials when project does not exist', async () => {
await authOwnerAgent
.get('/projects/non-existing-id/folders/some-folder-id/credentials')
.expect(403);
.expect(404);
});
test('should not get folder credentials when folder does not exist', async () => {
@@ -545,7 +545,7 @@ describe('PATCH /projects/:projectId/folders/:folderId', () => {
await authOwnerAgent
.patch('/projects/non-existing-id/folders/some-folder-id')
.send(payload)
.expect(403);
.expect(404);
});
test('should not update folder when folder does not exist', async () => {
@@ -1005,7 +1005,7 @@ describe('DELETE /projects/:projectId/folders/:folderId', () => {
await authOwnerAgent
.delete('/projects/non-existing-id/folders/some-folder-id')
.send({})
.expect(403);
.expect(404);
});
test('should not delete folder when folder does not exist', async () => {
@@ -1303,7 +1303,7 @@ describe('GET /projects/:projectId/folders', () => {
});
test('should not list folders when project does not exist', async () => {
await authOwnerAgent.get('/projects/non-existing-id/folders').expect(403);
await authOwnerAgent.get('/projects/non-existing-id/folders').expect(404);
});
test('should not list folders if user has no access to project', async () => {
@@ -1731,7 +1731,7 @@ describe('GET /projects/:projectId/folders/content', () => {
test('should not list folders when project does not exist', async () => {
await authOwnerAgent
.get('/projects/non-existing-id/folders/no-existing-id/content')
.expect(403);
.expect(404);
});
test('should not return folder content if user has no access to project', async () => {

24
packages/cli/test/integration/project.api.test.ts
View File

@@ -853,6 +853,30 @@ describe('GET /project/:projectId', () => {
role: 'project:admin',
});
});
test('should have correct folder scopes when, as an admin / owner, I fetch a project created by a different user', async () => {
const [ownerUser, testUser1] = await Promise.all([createOwner(), createUser()]);
const createdProject = await createTeamProject(undefined, testUser1);
const memberAgent = testServer.authAgentFor(ownerUser);
const resp = await memberAgent.get(`/projects/${createdProject.id}`);
expect(resp.status).toBe(200);
expect(resp.body.data.id).toBe(createdProject.id);
expect(resp.body.data.name).toBe(createdProject.name);
expect(resp.body.data.scopes).toEqual(
expect.arrayContaining([
'folder:read',
'folder:update',
'folder:delete',
'folder:create',
'folder:list',
]),
);
});
});
describe('DELETE /project/:projectId', () => {