feat: Add admin role to public API (no-changelog) (#7933)

## Summary Add the admin global role to the public API. This does not include porting over scopes. #### How to test the change: 1. ... ## Issues fixed Include links to Github issue or Community forum post or **Linear ticket**: > Important in order to close automatically and provide context to reviewers ... ## Review / Merge checklist - [ ] PR title and summary are descriptive. **Remember, the title automatically goes into the changelog. Use `(no-changelog)` otherwise.** ([conventions](https://github.com/n8n-io/n8n/blob/master/.github/pull_request_title_conventions.md)) - [ ] [Docs updated](https://github.com/n8n-io/n8n-docs) or follow-up ticket created. - [ ] Tests included. > A bug is not considered fixed, unless a test is added to prevent it from happening again. A feature is not complete without tests. > > *(internal)* You can use Slack commands to trigger [e2e tests](https://www.notion.so/n8n/How-to-use-Test-Instances-d65f49dfc51f441ea44367fb6f67eb0a?pvs=4#a39f9e5ba64a48b58a71d81c837e8227) or [deploy test instance](https://www.notion.so/n8n/How-to-use-Test-Instances-d65f49dfc51f441ea44367fb6f67eb0a?pvs=4#f6a177d32bde4b57ae2da0b8e454bfce) or [deploy early access version on Cloud](https://www.notion.so/n8n/Cloudbot-3dbe779836004972b7057bc989526998?pvs=4#fef2d36ab02247e1a0f65a74f6fb534e).
2025-12-18 10:31:15 +00:00 · 2023-12-05 15:00:14 +00:00
parent 50e416d9ae
commit 4e55583715
8 changed files with 24 additions and 23 deletions
--- a/packages/cli/src/PublicApi/v1/handlers/credentials/credentials.handler.ts
+++ b/packages/cli/src/PublicApi/v1/handlers/credentials/credentials.handler.ts
@@ -23,7 +23,7 @@ import { Container } from 'typedi';

 export = {
 	createCredential: [
-		authorize(['owner', 'member']),
+		authorize(['owner', 'admin', 'member']),
 		validCredentialType,
 		validCredentialsProperties,
 		async (
@@ -47,7 +47,7 @@ export = {
 		},
 	],
 	deleteCredential: [
-		authorize(['owner', 'member']),
+		authorize(['owner', 'admin', 'member']),
 		async (
 			req: CredentialRequest.Delete,
 			res: express.Response,
@@ -55,7 +55,7 @@ export = {
 			const { id: credentialId } = req.params;
 			let credential: CredentialsEntity | undefined;

-			if (req.user.globalRole.name !== 'owner') {
+			if (!['owner', 'admin'].includes(req.user.globalRole.name)) {
 				const shared = await getSharedCredentials(req.user.id, credentialId, [
 					'credentials',
 					'role',
@@ -78,7 +78,7 @@ export = {
 	],

 	getCredentialType: [
-		authorize(['owner', 'member']),
+		authorize(['owner', 'admin', 'member']),
 		async (req: CredentialTypeRequest.Get, res: express.Response): Promise<express.Response> => {
 			const { credentialTypeName } = req.params;