feat: Add initial scope checks via decorators (#7737)

2025-12-18 02:21:13 +00:00 · 2023-11-28 11:41:34 +00:00
parent 753cbc1e96
commit a37f1cb0ba
22 changed files with 233 additions and 89 deletions
--- a/packages/@n8n/permissions/src/types.ts
+++ b/packages/@n8n/permissions/src/types.ts
@@ -6,7 +6,14 @@ export type Resource =
 	| 'credential'
 	| 'variable'
 	| 'sourceControl'
-	| 'externalSecretsStore';
+	| 'externalSecretsProvider'
+	| 'externalSecret'
+	| 'eventBusEvent'
+	| 'eventBusDestination'
+	| 'orchestration'
+	| 'communityPackage'
+	| 'ldap'
+	| 'saml';

 export type ResourceScope<
 	R extends Resource,
@@ -17,14 +24,27 @@ export type WildcardScope = `${Resource}:*` | '*';

 export type WorkflowScope = ResourceScope<'workflow', DefaultOperations | 'share'>;
 export type TagScope = ResourceScope<'tag'>;
-export type UserScope = ResourceScope<'user'>;
+export type UserScope = ResourceScope<'user', DefaultOperations | 'resetPassword'>;
 export type CredentialScope = ResourceScope<'credential', DefaultOperations | 'share'>;
 export type VariableScope = ResourceScope<'variable'>;
 export type SourceControlScope = ResourceScope<'sourceControl', 'pull' | 'push' | 'manage'>;
-export type ExternalSecretStoreScope = ResourceScope<
-	'externalSecretsStore',
-	DefaultOperations | 'refresh'
+export type ExternalSecretProviderScope = ResourceScope<
+	'externalSecretsProvider',
+	DefaultOperations | 'sync'
 >;
+export type ExternalSecretScope = ResourceScope<'externalSecret', 'list'>;
+export type EventBusEventScope = ResourceScope<'eventBusEvent', DefaultOperations | 'query'>;
+export type EventBusDestinationScope = ResourceScope<
+	'eventBusDestination',
+	DefaultOperations | 'test'
+>;
+export type OrchestrationScope = ResourceScope<'orchestration', 'read' | 'list'>;
+export type CommunityPackageScope = ResourceScope<
+	'communityPackage',
+	'install' | 'uninstall' | 'update' | 'list'
+>;
+export type LdapScope = ResourceScope<'ldap', 'manage' | 'sync'>;
+export type SamlScope = ResourceScope<'saml', 'manage'>;

 export type Scope =
 	| WorkflowScope
@@ -33,7 +53,14 @@ export type Scope =
 	| CredentialScope
 	| VariableScope
 	| SourceControlScope
-	| ExternalSecretStoreScope;
+	| ExternalSecretProviderScope
+	| ExternalSecretScope
+	| EventBusEventScope
+	| EventBusDestinationScope
+	| OrchestrationScope
+	| CommunityPackageScope
+	| LdapScope
+	| SamlScope;

 export type ScopeLevel = 'global' | 'project' | 'resource';
 export type GetScopeLevel<T extends ScopeLevel> = Record<T, Scope[]>;