diff --git a/packages/cli/src/PublicApi/v1/handlers/audit/audit.handler.ts b/packages/cli/src/PublicApi/v1/handlers/audit/audit.handler.ts index a6e4787134..2f9f4892b4 100644 --- a/packages/cli/src/PublicApi/v1/handlers/audit/audit.handler.ts +++ b/packages/cli/src/PublicApi/v1/handlers/audit/audit.handler.ts @@ -5,7 +5,7 @@ import Container from 'typedi'; export = { generateAudit: [ - authorize(['owner']), + authorize(['owner', 'admin']), async (req: AuditRequest.Generate, res: Response): Promise => { try { const { SecurityAuditService } = await import('@/security-audit/SecurityAudit.service'); diff --git a/packages/cli/src/PublicApi/v1/handlers/credentials/credentials.handler.ts b/packages/cli/src/PublicApi/v1/handlers/credentials/credentials.handler.ts index fb4b8f2f38..a31656be19 100644 --- a/packages/cli/src/PublicApi/v1/handlers/credentials/credentials.handler.ts +++ b/packages/cli/src/PublicApi/v1/handlers/credentials/credentials.handler.ts @@ -23,7 +23,7 @@ import { Container } from 'typedi'; export = { createCredential: [ - authorize(['owner', 'member']), + authorize(['owner', 'admin', 'member']), validCredentialType, validCredentialsProperties, async ( @@ -47,7 +47,7 @@ export = { }, ], deleteCredential: [ - authorize(['owner', 'member']), + authorize(['owner', 'admin', 'member']), async ( req: CredentialRequest.Delete, res: express.Response, @@ -55,7 +55,7 @@ export = { const { id: credentialId } = req.params; let credential: CredentialsEntity | undefined; - if (req.user.globalRole.name !== 'owner') { + if (!['owner', 'admin'].includes(req.user.globalRole.name)) { const shared = await getSharedCredentials(req.user.id, credentialId, [ 'credentials', 'role', @@ -78,7 +78,7 @@ export = { ], getCredentialType: [ - authorize(['owner', 'member']), + authorize(['owner', 'admin', 'member']), async (req: CredentialTypeRequest.Get, res: express.Response): Promise => { const { credentialTypeName } = req.params; diff --git a/packages/cli/src/PublicApi/v1/handlers/executions/executions.handler.ts b/packages/cli/src/PublicApi/v1/handlers/executions/executions.handler.ts index af6dd968d8..ec48fc3fa8 100644 --- a/packages/cli/src/PublicApi/v1/handlers/executions/executions.handler.ts +++ b/packages/cli/src/PublicApi/v1/handlers/executions/executions.handler.ts @@ -12,7 +12,7 @@ import { ExecutionRepository } from '@db/repositories/execution.repository'; export = { deleteExecution: [ - authorize(['owner', 'member']), + authorize(['owner', 'admin', 'member']), async (req: ExecutionRequest.Delete, res: express.Response): Promise => { const sharedWorkflowsIds = await getSharedWorkflowIds(req.user); @@ -42,7 +42,7 @@ export = { }, ], getExecution: [ - authorize(['owner', 'member']), + authorize(['owner', 'admin', 'member']), async (req: ExecutionRequest.Get, res: express.Response): Promise => { const sharedWorkflowsIds = await getSharedWorkflowIds(req.user); @@ -71,7 +71,7 @@ export = { }, ], getExecutions: [ - authorize(['owner', 'member']), + authorize(['owner', 'admin', 'member']), validCursor, async (req: ExecutionRequest.GetAll, res: express.Response): Promise => { const { diff --git a/packages/cli/src/PublicApi/v1/handlers/sourceControl/sourceControl.handler.ts b/packages/cli/src/PublicApi/v1/handlers/sourceControl/sourceControl.handler.ts index e0d06b93a8..d19741f82b 100644 --- a/packages/cli/src/PublicApi/v1/handlers/sourceControl/sourceControl.handler.ts +++ b/packages/cli/src/PublicApi/v1/handlers/sourceControl/sourceControl.handler.ts @@ -14,7 +14,7 @@ import { InternalHooks } from '@/InternalHooks'; export = { pull: [ - authorize(['owner', 'member']), + authorize(['owner', 'admin']), async ( req: PublicSourceControlRequest.Pull, res: express.Response, diff --git a/packages/cli/src/PublicApi/v1/handlers/users/users.handler.ee.ts b/packages/cli/src/PublicApi/v1/handlers/users/users.handler.ee.ts index 26a801e74d..f9611fa29f 100644 --- a/packages/cli/src/PublicApi/v1/handlers/users/users.handler.ee.ts +++ b/packages/cli/src/PublicApi/v1/handlers/users/users.handler.ee.ts @@ -15,7 +15,7 @@ import { InternalHooks } from '@/InternalHooks'; export = { getUser: [ validLicenseWithUserQuota, - authorize(['owner']), + authorize(['owner', 'admin']), async (req: UserRequest.Get, res: express.Response) => { const { includeRole = false } = req.query; const { id } = req.params; @@ -41,7 +41,7 @@ export = { getUsers: [ validLicenseWithUserQuota, validCursor, - authorize(['owner']), + authorize(['owner', 'admin']), async (req: UserRequest.Get, res: express.Response) => { const { offset = 0, limit = 100, includeRole = false } = req.query; diff --git a/packages/cli/src/PublicApi/v1/handlers/workflows/workflows.handler.ts b/packages/cli/src/PublicApi/v1/handlers/workflows/workflows.handler.ts index a6f58d44eb..c90d5ae8b3 100644 --- a/packages/cli/src/PublicApi/v1/handlers/workflows/workflows.handler.ts +++ b/packages/cli/src/PublicApi/v1/handlers/workflows/workflows.handler.ts @@ -31,7 +31,7 @@ import { WorkflowHistoryService } from '@/workflows/workflowHistory/workflowHist export = { createWorkflow: [ - authorize(['owner', 'member']), + authorize(['owner', 'admin', 'member']), async (req: WorkflowRequest.Create, res: express.Response): Promise => { const workflow = req.body; @@ -59,7 +59,7 @@ export = { }, ], deleteWorkflow: [ - authorize(['owner', 'member']), + authorize(['owner', 'admin', 'member']), async (req: WorkflowRequest.Get, res: express.Response): Promise => { const { id: workflowId } = req.params; @@ -74,7 +74,7 @@ export = { }, ], getWorkflow: [ - authorize(['owner', 'member']), + authorize(['owner', 'admin', 'member']), async (req: WorkflowRequest.Get, res: express.Response): Promise => { const { id } = req.params; @@ -95,7 +95,7 @@ export = { }, ], getWorkflows: [ - authorize(['owner', 'member']), + authorize(['owner', 'admin', 'member']), validCursor, async (req: WorkflowRequest.GetAll, res: express.Response): Promise => { const { offset = 0, limit = 100, active = undefined, tags = undefined } = req.query; @@ -104,7 +104,7 @@ export = { ...(active !== undefined && { active }), }; - if (req.user.isOwner) { + if (['owner', 'admin'].includes(req.user.globalRole.name)) { if (tags) { const workflowIds = await getWorkflowIdsViaTags(parseTagNames(tags)); where.id = In(workflowIds); @@ -152,7 +152,7 @@ export = { }, ], updateWorkflow: [ - authorize(['owner', 'member']), + authorize(['owner', 'admin', 'member']), async (req: WorkflowRequest.Update, res: express.Response): Promise => { const { id } = req.params; const updateData = new WorkflowEntity(); @@ -214,7 +214,7 @@ export = { }, ], activateWorkflow: [ - authorize(['owner', 'member']), + authorize(['owner', 'admin', 'member']), async (req: WorkflowRequest.Activate, res: express.Response): Promise => { const { id } = req.params; @@ -248,7 +248,7 @@ export = { }, ], deactivateWorkflow: [ - authorize(['owner', 'member']), + authorize(['owner', 'admin', 'member']), async (req: WorkflowRequest.Activate, res: express.Response): Promise => { const { id } = req.params; diff --git a/packages/cli/src/PublicApi/v1/handlers/workflows/workflows.service.ts b/packages/cli/src/PublicApi/v1/handlers/workflows/workflows.service.ts index 94938be25c..9ca171612e 100644 --- a/packages/cli/src/PublicApi/v1/handlers/workflows/workflows.service.ts +++ b/packages/cli/src/PublicApi/v1/handlers/workflows/workflows.service.ts @@ -18,7 +18,7 @@ function insertIf(condition: boolean, elements: string[]): string[] { } export async function getSharedWorkflowIds(user: User): Promise { - const where = user.globalRole.name === 'owner' ? {} : { userId: user.id }; + const where = ['owner', 'admin'].includes(user.globalRole.name) ? {} : { userId: user.id }; const sharedWorkflows = await Container.get(SharedWorkflowRepository).find({ where, select: ['workflowId'], @@ -32,7 +32,7 @@ export async function getSharedWorkflow( ): Promise { return Container.get(SharedWorkflowRepository).findOne({ where: { - ...(!user.isOwner && { userId: user.id }), + ...(!['owner', 'admin'].includes(user.globalRole.name) && { userId: user.id }), ...(workflowId && { workflowId }), }, relations: [...insertIf(!config.getEnv('workflowTagsDisabled'), ['workflow.tags']), 'workflow'], @@ -48,7 +48,7 @@ export async function getSharedWorkflows( ): Promise { return Container.get(SharedWorkflowRepository).find({ where: { - ...(!user.isOwner && { userId: user.id }), + ...(!['owner', 'admin'].includes(user.globalRole.name) && { userId: user.id }), ...(options.workflowIds && { workflowId: In(options.workflowIds) }), }, ...(options.relations && { relations: options.relations }), diff --git a/packages/cli/src/PublicApi/v1/shared/middlewares/global.middleware.ts b/packages/cli/src/PublicApi/v1/shared/middlewares/global.middleware.ts index d57aa3071b..7335ca4cd8 100644 --- a/packages/cli/src/PublicApi/v1/shared/middlewares/global.middleware.ts +++ b/packages/cli/src/PublicApi/v1/shared/middlewares/global.middleware.ts @@ -6,11 +6,12 @@ import { Container } from 'typedi'; import type { AuthenticatedRequest, PaginatedRequest } from '../../../types'; import { decodeCursor } from '../services/pagination.service'; import { License } from '@/License'; +import type { RoleNames } from '@/databases/entities/Role'; const UNLIMITED_USERS_QUOTA = -1; export const authorize = - (authorizedRoles: readonly string[]) => + (authorizedRoles: readonly RoleNames[]) => ( req: AuthenticatedRequest, res: express.Response,