admin/n8n-enterprise-unlocked
1
0
Fork 0
mirror of https://github.com/Abdulazizzn/n8n-enterprise-unlocked.git synced 2025-12-18 02:21:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor: Adjust credential endpoints permissions (#4656) (no-changelog)

Browse Source 
* refactor: Adjust credential endpoints permissions
This commit is contained in:
Omar Ajoue
2022-11-22 08:37:52 +01:00
committed by GitHub
parent fe0178150f
commit 4c423762d6
5 changed files with 76 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
packages/cli/src/credentials/credentials.service.ts
View File

@@ -31,7 +31,10 @@ export class CredentialsService {
});
}
static async getAll(user: User, options?: { relations: string[] }): Promise<ICredentialsDb[]> {
static async getAll(
user: User,
options?: { relations?: string[]; roles?: string[] },
): Promise<ICredentialsDb[]> {
const SELECT_FIELDS: Array<keyof ICredentialsDb> = [
'id',
'name',
@@ -52,11 +55,21 @@ export class CredentialsService {
// if member, return credentials owned by or shared with member
const userSharings = await Db.collections.SharedCredentials.find({
const whereConditions: FindManyOptions = {
where: {
user,
},
});
};
if (options?.roles?.length) {
whereConditions.where = {
...whereConditions.where,
role: { name: In(options.roles) },
} as FindManyOptions;
whereConditions.relations = ['role'];
}
const userSharings = await Db.collections.SharedCredentials.find(whereConditions);
return Db.collections.Credentials.find({
select: SELECT_FIELDS,
@@ -77,7 +90,7 @@ export class CredentialsService {
static async getSharing(
user: User,
credentialId: number | string,
relations: string[] | undefined = ['credentials'],
relations: string[] = ['credentials'],
{ allowGlobalOwner } = { allowGlobalOwner: true },
): Promise<SharedCredentials | undefined> {
const options: FindOneOptions = {
@@ -90,8 +103,14 @@ export class CredentialsService {
// owner. This allows the global owner to view and delete
// credentials they don't own.
if (!allowGlobalOwner || user.globalRole.name !== 'owner') {
// eslint-disable-next-line @typescript-eslint/no-unsafe-member-access
options.where.user = { id: user.id };
options.where = {
...options.where,
user: { id: user.id },
role: { name: 'owner' },
} as FindOneOptions;
if (!relations.includes('role')) {
relations.push('role');
}
}
if (relations?.length) {