feat: RBAC (#8922)

Signed-off-by: Oleg Ivaniv <me@olegivaniv.com> Co-authored-by: Val <68596159+valya@users.noreply.github.com> Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <aditya@netroy.in> Co-authored-by: Valya Bullions <valya@n8n.io> Co-authored-by: Danny Martini <danny@n8n.io> Co-authored-by: Danny Martini <despair.blue@gmail.com> Co-authored-by: Iván Ovejero <ivov.src@gmail.com> Co-authored-by: Omar Ajoue <krynble@gmail.com> Co-authored-by: oleg <me@olegivaniv.com> Co-authored-by: Michael Kret <michael.k@radency.com> Co-authored-by: Michael Kret <88898367+michael-radency@users.noreply.github.com> Co-authored-by: Elias Meire <elias@meire.dev> Co-authored-by: Giulio Andreini <andreini@netseven.it> Co-authored-by: Giulio Andreini <g.andreini@gmail.com> Co-authored-by: Ayato Hayashi <go12limchangyong@gmail.com>
2025-12-17 18:12:04 +00:00 · 2024-05-17 10:53:15 +02:00
parent b1f977ebd0
commit 596c472ecc
292 changed files with 14129 additions and 3989 deletions
--- a/packages/cli/test/integration/shared/db/workflows.ts
+++ b/packages/cli/test/integration/shared/db/workflows.ts
@@ -2,11 +2,13 @@ import Container from 'typedi';
 import type { DeepPartial } from '@n8n/typeorm';
 import { v4 as uuid } from 'uuid';

-import type { User } from '@db/entities/User';
+import { User } from '@db/entities/User';
 import type { WorkflowEntity } from '@db/entities/WorkflowEntity';
 import { SharedWorkflowRepository } from '@db/repositories/sharedWorkflow.repository';
 import { WorkflowRepository } from '@db/repositories/workflow.repository';
-import type { SharedWorkflow } from '@db/entities/SharedWorkflow';
+import type { SharedWorkflow, WorkflowSharingRole } from '@db/entities/SharedWorkflow';
+import { ProjectRepository } from '@/databases/repositories/project.repository';
+import { Project } from '@/databases/entities/Project';

 export async function createManyWorkflows(
 	amount: number,
@@ -48,28 +50,71 @@ export function newWorkflow(attributes: Partial<WorkflowEntity> = {}): WorkflowE
 * @param attributes workflow attributes
 * @param user user to assign the workflow to
 */
-export async function createWorkflow(attributes: Partial<WorkflowEntity> = {}, user?: User) {
+export async function createWorkflow(
+	attributes: Partial<WorkflowEntity> = {},
+	userOrProject?: User | Project,
+) {
 	const workflow = await Container.get(WorkflowRepository).save(newWorkflow(attributes));

-	if (user) {
-		await Container.get(SharedWorkflowRepository).save({
-			user,
-			workflow,
-			role: 'workflow:owner',
-		});
+	if (userOrProject instanceof User) {
+		const user = userOrProject;
+		const project = await Container.get(ProjectRepository).getPersonalProjectForUserOrFail(user.id);
+		await Container.get(SharedWorkflowRepository).save(
+			Container.get(SharedWorkflowRepository).create({
+				project,
+				workflow,
+				role: 'workflow:owner',
+			}),
+		);
 	}
+
+	if (userOrProject instanceof Project) {
+		const project = userOrProject;
+		await Container.get(SharedWorkflowRepository).save(
+			Container.get(SharedWorkflowRepository).create({
+				project,
+				workflow,
+				role: 'workflow:owner',
+			}),
+		);
+	}
+
 	return workflow;
 }

 export async function shareWorkflowWithUsers(workflow: WorkflowEntity, users: User[]) {
-	const sharedWorkflows: Array<DeepPartial<SharedWorkflow>> = users.map((user) => ({
-		userId: user.id,
-		workflowId: workflow.id,
-		role: 'workflow:editor',
-	}));
+	const sharedWorkflows: Array<DeepPartial<SharedWorkflow>> = await Promise.all(
+		users.map(async (user) => {
+			const project = await Container.get(ProjectRepository).getPersonalProjectForUserOrFail(
+				user.id,
+			);
+			return {
+				projectId: project.id,
+				workflowId: workflow.id,
+				role: 'workflow:editor',
+			};
+		}),
+	);
 	return await Container.get(SharedWorkflowRepository).save(sharedWorkflows);
 }

+export async function shareWorkflowWithProjects(
+	workflow: WorkflowEntity,
+	projectsWithRole: Array<{ project: Project; role?: WorkflowSharingRole }>,
+) {
+	const newSharedWorkflow = await Promise.all(
+		projectsWithRole.map(async ({ project, role }) => {
+			return Container.get(SharedWorkflowRepository).create({
+				workflowId: workflow.id,
+				role: role ?? 'workflow:editor',
+				projectId: project.id,
+			});
+		}),
+	);
+
+	return await Container.get(SharedWorkflowRepository).save(newSharedWorkflow);
+}
+
 export async function getWorkflowSharing(workflow: WorkflowEntity) {
 	return await Container.get(SharedWorkflowRepository).findBy({
 		workflowId: workflow.id,