feat: RBAC (#8922)

Signed-off-by: Oleg Ivaniv <me@olegivaniv.com> Co-authored-by: Val <68596159+valya@users.noreply.github.com> Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <aditya@netroy.in> Co-authored-by: Valya Bullions <valya@n8n.io> Co-authored-by: Danny Martini <danny@n8n.io> Co-authored-by: Danny Martini <despair.blue@gmail.com> Co-authored-by: Iván Ovejero <ivov.src@gmail.com> Co-authored-by: Omar Ajoue <krynble@gmail.com> Co-authored-by: oleg <me@olegivaniv.com> Co-authored-by: Michael Kret <michael.k@radency.com> Co-authored-by: Michael Kret <88898367+michael-radency@users.noreply.github.com> Co-authored-by: Elias Meire <elias@meire.dev> Co-authored-by: Giulio Andreini <andreini@netseven.it> Co-authored-by: Giulio Andreini <g.andreini@gmail.com> Co-authored-by: Ayato Hayashi <go12limchangyong@gmail.com>
2025-12-17 10:02:05 +00:00 · 2024-05-17 10:53:15 +02:00
parent b1f977ebd0
commit 596c472ecc
292 changed files with 14129 additions and 3989 deletions
--- a/packages/cli/test/integration/commands/reset.cmd.test.ts
+++ b/packages/cli/test/integration/commands/reset.cmd.test.ts
@@ -7,7 +7,16 @@ import { UserRepository } from '@db/repositories/user.repository';

 import { mockInstance } from '../../shared/mocking';
 import * as testDb from '../shared/testDb';
-import { createUser } from '../shared/db/users';
+import { createMember, createUser } from '../shared/db/users';
+import { createWorkflow } from '../shared/db/workflows';
+import { SharedWorkflowRepository } from '@/databases/repositories/sharedWorkflow.repository';
+import { getPersonalProject } from '../shared/db/projects';
+import { encryptCredentialData, saveCredential } from '../shared/db/credentials';
+import { randomCredentialPayload } from '../shared/random';
+import { SharedCredentialsRepository } from '@/databases/repositories/sharedCredentials.repository';
+import { CredentialsRepository } from '@/databases/repositories/credentials.repository';
+import { CredentialsEntity } from '@/databases/entities/CredentialsEntity';
+import { SettingsRepository } from '@/databases/repositories/settings.repository';

 beforeAll(async () => {
 	mockInstance(InternalHooks);
@@ -25,20 +34,75 @@ afterAll(async () => {
 });

 // eslint-disable-next-line n8n-local-rules/no-skipped-tests
-test.skip('user-management:reset should reset DB to default user state', async () => {
-	await createUser({ role: 'global:owner' });
+test('user-management:reset should reset DB to default user state', async () => {
+	//
+	// ARRANGE
+	//
+	const owner = await createUser({ role: 'global:owner' });
+	const ownerProject = await getPersonalProject(owner);

+	// should be deleted
+	const member = await createMember();
+
+	// should be re-owned
+	const workflow = await createWorkflow({}, member);
+	const credential = await saveCredential(randomCredentialPayload(), {
+		user: member,
+		role: 'credential:owner',
+	});
+
+	// dangling credentials should also be re-owned
+	const danglingCredential = await Container.get(CredentialsRepository).save(
+		await encryptCredentialData(Object.assign(new CredentialsEntity(), randomCredentialPayload())),
+	);
+
+	// mark instance as set up
+	await Container.get(SettingsRepository).update(
+		{ key: 'userManagement.isInstanceOwnerSetUp' },
+		{ value: 'true' },
+	);
+
+	//
+	// ACT
+	//
 	await Reset.run();

-	const user = await Container.get(UserRepository).findOneBy({ role: 'global:owner' });
+	//
+	// ASSERT
+	//

-	if (!user) {
-		fail('No owner found after DB reset to default user state');
-	}
+	// check if the owner account was reset:
+	await expect(
+		Container.get(UserRepository).findOneBy({ role: 'global:owner' }),
+	).resolves.toMatchObject({
+		email: null,
+		firstName: null,
+		lastName: null,
+		password: null,
+		personalizationAnswers: null,
+	});

-	expect(user.email).toBeNull();
-	expect(user.firstName).toBeNull();
-	expect(user.lastName).toBeNull();
-	expect(user.password).toBeNull();
-	expect(user.personalizationAnswers).toBeNull();
+	// all members were deleted:
+	const members = await Container.get(UserRepository).findOneBy({ role: 'global:member' });
+	expect(members).toBeNull();
+
+	// all workflows are owned by the owner:
+	await expect(
+		Container.get(SharedWorkflowRepository).findBy({ workflowId: workflow.id }),
+	).resolves.toMatchObject([{ projectId: ownerProject.id, role: 'workflow:owner' }]);
+
+	// all credentials are owned by the owner
+	await expect(
+		Container.get(SharedCredentialsRepository).findBy({ credentialsId: credential.id }),
+	).resolves.toMatchObject([{ projectId: ownerProject.id, role: 'credential:owner' }]);
+
+	// all dangling credentials are owned by the owner
+	await expect(
+		Container.get(SharedCredentialsRepository).findBy({ credentialsId: danglingCredential.id }),
+	).resolves.toMatchObject([{ projectId: ownerProject.id, role: 'credential:owner' }]);
+
+	// the instance is marked as not set up:
+	await expect(
+		Container.get(SettingsRepository).findBy({ key: 'userManagement.isInstanceOwnerSetUp' }),
+	).resolves.toMatchObject([{ value: 'false' }]);
 });