refactor(core): Improve UX on permission errors (no-changelog) (#13795)

Co-authored-by: Iván Ovejero <ivov.src@gmail.com>

packages/cli/src/workflow-execute-additional-data.ts

@@ -14,7 +14,6 @@ import type {
 	INode,
 	INodeExecutionData,
 	INodeParameters,
-	IRun,
 	IRunExecutionData,
 	IWorkflowBase,
 	IWorkflowExecuteAdditionalData,
@@ -38,14 +37,17 @@ import { WorkflowRepository } from '@/databases/repositories/workflow.repository
 import { EventService } from '@/events/event.service';
 import type { AiEventMap, AiEventPayload } from '@/events/maps/ai.event-map';
 import { getLifecycleHooksForSubExecutions } from '@/execution-lifecycle/execution-lifecycle-hooks';
+import { ExecutionDataService } from '@/executions/execution-data.service';
+import {
+	CredentialsPermissionChecker,
+	SubworkflowPolicyChecker,
+} from '@/executions/pre-execution-checks';
 import type { UpdateExecutionPayload } from '@/interfaces';
 import { NodeTypes } from '@/node-types';
 import { Push } from '@/push';
 import { SecretsHelper } from '@/secrets-helpers.ee';
 import { UrlService } from '@/services/url.service';
-import { SubworkflowPolicyChecker } from '@/subworkflows/subworkflow-policy-checker.service';
 import { TaskRequester } from '@/task-runners/task-managers/task-requester';
-import { PermissionChecker } from '@/user-management/permission-checker';
 import { findSubworkflowStart } from '@/utils';
 import { objectToError } from '@/utils/object-to-error';
 import * as WorkflowHelpers from '@/workflow-helpers';
@@ -204,9 +206,11 @@ async function startExecution(
 	 */
 	await executionRepository.setRunning(executionId);
 
+	const startTime = Date.now();
+
 	let data;
 	try {
-		await Container.get(PermissionChecker).check(workflowData.id, workflowData.nodes);
+		await Container.get(CredentialsPermissionChecker).check(workflowData.id, workflowData.nodes);
 		await Container.get(SubworkflowPolicyChecker).check(
 			workflow,
 			options.parentWorkflowId,
@@ -239,7 +243,7 @@ async function startExecution(
 			// If no timeout was given from the parent, then we use our timeout.
 			subworkflowTimeout = Math.min(
 				additionalData.executionTimeoutTimestamp || Number.MAX_SAFE_INTEGER,
-				Date.now() + workflowSettings.executionTimeout * 1000,
+				startTime + workflowSettings.executionTimeout * 1000,
 			);
 		}
 
@@ -257,20 +261,14 @@ async function startExecution(
 		activeExecutions.attachWorkflowExecution(executionId, execution);
 		data = await execution;
 	} catch (error) {
-		const executionError = error ? (error as ExecutionError) : undefined;
-		const fullRunData: IRun = {
-			data: {
-				resultData: {
-					error: executionError,
-					runData: {},
-				},
-			},
-			finished: false,
-			mode: 'integrated',
-			startedAt: new Date(),
-			stoppedAt: new Date(),
-			status: 'error',
-		};
+		const executionError = error as ExecutionError;
+		const fullRunData = Container.get(ExecutionDataService).generateFailedExecutionFromError(
+			runData.executionMode,
+			executionError,
+			'node' in executionError ? executionError.node : undefined,
+			startTime,
+		);
+
 		// When failing, we might not have finished the execution
 		// Therefore, database might not contain finished errors.
 		// Force an update to db as there should be no harm doing this