feat: RBAC (#8922)

Signed-off-by: Oleg Ivaniv <me@olegivaniv.com> Co-authored-by: Val <68596159+valya@users.noreply.github.com> Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <aditya@netroy.in> Co-authored-by: Valya Bullions <valya@n8n.io> Co-authored-by: Danny Martini <danny@n8n.io> Co-authored-by: Danny Martini <despair.blue@gmail.com> Co-authored-by: Iván Ovejero <ivov.src@gmail.com> Co-authored-by: Omar Ajoue <krynble@gmail.com> Co-authored-by: oleg <me@olegivaniv.com> Co-authored-by: Michael Kret <michael.k@radency.com> Co-authored-by: Michael Kret <88898367+michael-radency@users.noreply.github.com> Co-authored-by: Elias Meire <elias@meire.dev> Co-authored-by: Giulio Andreini <andreini@netseven.it> Co-authored-by: Giulio Andreini <g.andreini@gmail.com> Co-authored-by: Ayato Hayashi <go12limchangyong@gmail.com>
2025-12-18 02:21:13 +00:00 · 2024-05-17 10:53:15 +02:00
parent b1f977ebd0
commit 596c472ecc
292 changed files with 14129 additions and 3989 deletions
--- a/packages/cli/test/integration/credentials/credentials.service.test.ts
+++ b/packages/cli/test/integration/credentials/credentials.service.test.ts
@@ -0,0 +1,55 @@
+import type { User } from '@/databases/entities/User';
+import type { CredentialsEntity } from '@/databases/entities/CredentialsEntity';
+import { saveCredential, shareCredentialWithUsers } from '../shared/db/credentials';
+import { createMember } from '../shared/db/users';
+import { randomCredentialPayload } from '../shared/random';
+import { SharedCredentialsRepository } from '@/databases/repositories/sharedCredentials.repository';
+import Container from 'typedi';
+import { CredentialsService } from '@/credentials/credentials.service';
+import * as testDb from '../shared/testDb';
+
+const credentialPayload = randomCredentialPayload();
+let memberWhoOwnsCredential: User;
+let memberWhoDoesNotOwnCredential: User;
+let credential: CredentialsEntity;
+
+beforeAll(async () => {
+	await testDb.init();
+
+	memberWhoOwnsCredential = await createMember();
+	memberWhoDoesNotOwnCredential = await createMember();
+	credential = await saveCredential(credentialPayload, {
+		user: memberWhoOwnsCredential,
+		role: 'credential:owner',
+	});
+
+	await shareCredentialWithUsers(credential, [memberWhoDoesNotOwnCredential]);
+});
+
+describe('credentials service', () => {
+	describe('replaceCredentialContentsForSharee', () => {
+		it('should replace the contents of the credential for sharee', async () => {
+			const storedCredential = await Container.get(
+				SharedCredentialsRepository,
+			).findCredentialForUser(credential.id, memberWhoDoesNotOwnCredential, ['credential:read']);
+
+			const decryptedData = Container.get(CredentialsService).decrypt(storedCredential!);
+
+			const mergedCredentials = {
+				id: credential.id,
+				name: credential.name,
+				type: credential.type,
+				data: { accessToken: '' },
+			};
+
+			Container.get(CredentialsService).replaceCredentialContentsForSharee(
+				memberWhoDoesNotOwnCredential,
+				storedCredential!,
+				decryptedData,
+				mergedCredentials,
+			);
+
+			expect(mergedCredentials.data).toEqual({ accessToken: credentialPayload.data.accessToken });
+		});
+	});
+});