feat: RBAC (#8922)

Signed-off-by: Oleg Ivaniv <me@olegivaniv.com> Co-authored-by: Val <68596159+valya@users.noreply.github.com> Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <aditya@netroy.in> Co-authored-by: Valya Bullions <valya@n8n.io> Co-authored-by: Danny Martini <danny@n8n.io> Co-authored-by: Danny Martini <despair.blue@gmail.com> Co-authored-by: Iván Ovejero <ivov.src@gmail.com> Co-authored-by: Omar Ajoue <krynble@gmail.com> Co-authored-by: oleg <me@olegivaniv.com> Co-authored-by: Michael Kret <michael.k@radency.com> Co-authored-by: Michael Kret <88898367+michael-radency@users.noreply.github.com> Co-authored-by: Elias Meire <elias@meire.dev> Co-authored-by: Giulio Andreini <andreini@netseven.it> Co-authored-by: Giulio Andreini <g.andreini@gmail.com> Co-authored-by: Ayato Hayashi <go12limchangyong@gmail.com>
2025-12-17 18:12:04 +00:00 · 2024-05-17 10:53:15 +02:00
parent b1f977ebd0
commit 596c472ecc
292 changed files with 14129 additions and 3989 deletions
--- a/packages/cli/test/integration/shared/db/credentials.ts
+++ b/packages/cli/test/integration/shared/db/credentials.ts
@@ -6,15 +6,19 @@ import { SharedCredentialsRepository } from '@db/repositories/sharedCredentials.
 import type { CredentialSharingRole } from '@db/entities/SharedCredentials';
 import type { ICredentialsDb } from '@/Interfaces';
 import type { CredentialPayload } from '../types';
+import { ProjectRepository } from '@/databases/repositories/project.repository';
+import type { Project } from '@/databases/entities/Project';

-async function encryptCredentialData(credential: CredentialsEntity) {
+export async function encryptCredentialData(
+	credential: CredentialsEntity,
+): Promise<ICredentialsDb> {
 	const { createCredentialsFromCredentialsEntity } = await import('@/CredentialsHelper');
 	const coreCredential = createCredentialsFromCredentialsEntity(credential, true);

 	// @ts-ignore
 	coreCredential.setData(credential.data);

-	return coreCredential.getDataToSave() as ICredentialsDb;
+	return Object.assign(credential, coreCredential.getDataToSave());
 }

 const emptyAttributes = {
@@ -46,43 +50,89 @@ export async function createCredentials(attributes: Partial<CredentialsEntity> =
 */
 export async function saveCredential(
 	credentialPayload: CredentialPayload,
-	{ user, role }: { user: User; role: CredentialSharingRole },
+	options:
+		| { user: User; role: CredentialSharingRole }
+		| {
+				project: Project;
+				role: CredentialSharingRole;
+		  },
 ) {
+	const role = options.role;
 	const newCredential = new CredentialsEntity();

 	Object.assign(newCredential, credentialPayload);

-	const encryptedData = await encryptCredentialData(newCredential);
-
-	Object.assign(newCredential, encryptedData);
+	await encryptCredentialData(newCredential);

 	const savedCredential = await Container.get(CredentialsRepository).save(newCredential);

 	savedCredential.data = newCredential.data;

-	await Container.get(SharedCredentialsRepository).save({
-		user,
-		credentials: savedCredential,
-		role,
-	});
+	if ('user' in options) {
+		const user = options.user;
+		const personalProject = await Container.get(ProjectRepository).getPersonalProjectForUserOrFail(
+			user.id,
+		);
+
+		await Container.get(SharedCredentialsRepository).save({
+			user,
+			credentials: savedCredential,
+			role,
+			project: personalProject,
+		});
+	} else {
+		const project = options.project;
+
+		await Container.get(SharedCredentialsRepository).save({
+			credentials: savedCredential,
+			role,
+			project,
+		});
+	}

 	return savedCredential;
 }

 export async function shareCredentialWithUsers(credential: CredentialsEntity, users: User[]) {
-	const newSharedCredentials = users.map((user) =>
-		Container.get(SharedCredentialsRepository).create({
-			userId: user.id,
-			credentialsId: credential.id,
-			role: 'credential:user',
+	const newSharedCredentials = await Promise.all(
+		users.map(async (user) => {
+			const personalProject = await Container.get(
+				ProjectRepository,
+			).getPersonalProjectForUserOrFail(user.id);
+
+			return Container.get(SharedCredentialsRepository).create({
+				credentialsId: credential.id,
+				role: 'credential:user',
+				projectId: personalProject.id,
+			});
 		}),
 	);
+
+	return await Container.get(SharedCredentialsRepository).save(newSharedCredentials);
+}
+
+export async function shareCredentialWithProjects(
+	credential: CredentialsEntity,
+	projects: Project[],
+) {
+	const newSharedCredentials = await Promise.all(
+		projects.map(async (project) => {
+			return Container.get(SharedCredentialsRepository).create({
+				credentialsId: credential.id,
+				role: 'credential:user',
+				projectId: project.id,
+			});
+		}),
+	);
+
 	return await Container.get(SharedCredentialsRepository).save(newSharedCredentials);
 }

 export function affixRoleToSaveCredential(role: CredentialSharingRole) {
-	return async (credentialPayload: CredentialPayload, { user }: { user: User }) =>
-		await saveCredential(credentialPayload, { user, role });
+	return async (
+		credentialPayload: CredentialPayload,
+		options: { user: User } | { project: Project },
+	) => await saveCredential(credentialPayload, { ...options, role });
 }

 export async function getAllCredentials() {