feat: Allow instance owners and admins to edit all credentials (#8716)

Co-authored-by: Danny Martini <despair.blue@gmail.com>

packages/cli/src/credentials/credentials.controller.ts

@@ -74,7 +74,9 @@ export class CredentialsController {
 
 			credential = this.ownershipService.addOwnedByAndSharedWith(credential);
 
-			if (!includeDecryptedData || !userSharing || userSharing.role !== 'credential:owner') {
+			// Below, if `userSharing` does not exist, it means this credential is being
+			// fetched by the instance owner or an admin. In this case, they get the full data
+			if (!includeDecryptedData || userSharing?.role === 'credential:user') {
 				const { data: _, ...rest } = credential;
 				return { ...rest };
 			}

packages/cli/src/permissions/roles.ts

@@ -4,6 +4,7 @@ export const ownerPermissions: Scope[] = [
 	'auditLogs:manage',
 	'credential:create',
 	'credential:read',
+	'credential:update',
 	'credential:delete',
 	'credential:list',
 	'credential:share',