feat: RBAC (#8922)

Signed-off-by: Oleg Ivaniv <me@olegivaniv.com> Co-authored-by: Val <68596159+valya@users.noreply.github.com> Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <aditya@netroy.in> Co-authored-by: Valya Bullions <valya@n8n.io> Co-authored-by: Danny Martini <danny@n8n.io> Co-authored-by: Danny Martini <despair.blue@gmail.com> Co-authored-by: Iván Ovejero <ivov.src@gmail.com> Co-authored-by: Omar Ajoue <krynble@gmail.com> Co-authored-by: oleg <me@olegivaniv.com> Co-authored-by: Michael Kret <michael.k@radency.com> Co-authored-by: Michael Kret <88898367+michael-radency@users.noreply.github.com> Co-authored-by: Elias Meire <elias@meire.dev> Co-authored-by: Giulio Andreini <andreini@netseven.it> Co-authored-by: Giulio Andreini <g.andreini@gmail.com> Co-authored-by: Ayato Hayashi <go12limchangyong@gmail.com>
2025-12-17 18:12:04 +00:00 · 2024-05-17 10:53:15 +02:00
parent b1f977ebd0
commit 596c472ecc
292 changed files with 14129 additions and 3989 deletions
--- a/packages/cli/test/integration/project.service.integration.test.ts
+++ b/packages/cli/test/integration/project.service.integration.test.ts
@@ -0,0 +1,116 @@
+import Container from 'typedi';
+import { ProjectService } from '@/services/project.service';
+import * as testDb from './shared/testDb';
+import { SharedWorkflowRepository } from '@/databases/repositories/sharedWorkflow.repository';
+import { createUser } from './shared/db/users';
+import { createWorkflow } from './shared/db/workflows';
+import { linkUserToProject, createTeamProject } from './shared/db/projects';
+
+describe('ProjectService', () => {
+	let projectService: ProjectService;
+
+	let sharedWorkflowRepository: SharedWorkflowRepository;
+
+	beforeAll(async () => {
+		await testDb.init();
+
+		projectService = Container.get(ProjectService);
+
+		sharedWorkflowRepository = Container.get(SharedWorkflowRepository);
+	});
+
+	afterEach(async () => {
+		await testDb.truncate(['User', 'Project', 'ProjectRelation', 'Workflow', 'SharedWorkflow']);
+	});
+
+	afterAll(async () => {
+		await testDb.terminate();
+	});
+
+	describe('findRolesInProjects', () => {
+		describe('when user has roles in projects where workflow is accessible', () => {
+			it('should return roles and project IDs', async () => {
+				const user = await createUser();
+				const secondUser = await createUser(); // @TODO: Needed only to satisfy index in legacy column
+
+				const firstProject = await createTeamProject('Project 1');
+				const secondProject = await createTeamProject('Project 2');
+
+				await linkUserToProject(user, firstProject, 'project:admin');
+				await linkUserToProject(user, secondProject, 'project:viewer');
+
+				const workflow = await createWorkflow();
+
+				await sharedWorkflowRepository.insert({
+					userId: user.id, // @TODO: Legacy column
+					projectId: firstProject.id,
+					workflowId: workflow.id,
+					role: 'workflow:owner',
+				});
+
+				await sharedWorkflowRepository.insert({
+					userId: secondUser.id, // @TODO: Legacy column
+					projectId: secondProject.id,
+					workflowId: workflow.id,
+					role: 'workflow:user',
+				});
+
+				const projectIds = await projectService.findProjectsWorkflowIsIn(workflow.id);
+
+				expect(projectIds).toEqual(expect.arrayContaining([firstProject.id, secondProject.id]));
+			});
+		});
+
+		describe('when user has no roles in projects where workflow is accessible', () => {
+			it('should return project IDs but no roles', async () => {
+				const user = await createUser();
+				const secondUser = await createUser(); // @TODO: Needed only to satisfy index in legacy column
+
+				const firstProject = await createTeamProject('Project 1');
+				const secondProject = await createTeamProject('Project 2');
+
+				// workflow shared with projects, but user not added to any project
+
+				const workflow = await createWorkflow();
+
+				await sharedWorkflowRepository.insert({
+					userId: user.id, // @TODO: Legacy column
+					projectId: firstProject.id,
+					workflowId: workflow.id,
+					role: 'workflow:owner',
+				});
+
+				await sharedWorkflowRepository.insert({
+					userId: secondUser.id, // @TODO: Legacy column
+					projectId: secondProject.id,
+					workflowId: workflow.id,
+					role: 'workflow:user',
+				});
+
+				const projectIds = await projectService.findProjectsWorkflowIsIn(workflow.id);
+
+				expect(projectIds).toEqual(expect.arrayContaining([firstProject.id, secondProject.id]));
+			});
+		});
+
+		describe('when user has roles in projects where workflow is inaccessible', () => {
+			it('should return project IDs but no roles', async () => {
+				const user = await createUser();
+
+				const firstProject = await createTeamProject('Project 1');
+				const secondProject = await createTeamProject('Project 2');
+
+				await linkUserToProject(user, firstProject, 'project:admin');
+				await linkUserToProject(user, secondProject, 'project:viewer');
+
+				const workflow = await createWorkflow();
+
+				// user added to projects, but workflow not shared with projects
+
+				const projectIds = await projectService.findProjectsWorkflowIsIn(workflow.id);
+
+				expect(projectIds).toHaveLength(0);
+			});
+		});
+	});
+});