feat: Introduce advanced permissions (#7844)

This PR introduces the possibility of inviting new users with an `admin` role and changing the role of already invited users. Also using scoped permission checks where applicable instead of using user role checks. --------- Co-authored-by: Val <68596159+valya@users.noreply.github.com> Co-authored-by: Alex Grozav <alex@grozav.com> Co-authored-by: Iván Ovejero <ivov.src@gmail.com>
2025-12-20 19:32:15 +00:00 · 2023-12-08 12:52:25 +01:00
parent e00577b1d3
commit dbd62a4992
26 changed files with 364 additions and 71 deletions
--- a/packages/editor-ui/src/components/InviteUsersModal.vue
+++ b/packages/editor-ui/src/components/InviteUsersModal.vue
@@ -12,6 +12,15 @@
 		:eventBus="modalBus"
 	>
 		<template #content>
+			<n8n-notice v-if="!isAdvancedPermissionsEnabled">
+				<i18n-t keypath="settings.users.advancedPermissions.warning">
+					<template #link>
+						<n8n-link size="small" @click="goToUpgradeAdvancedPermissions">
+							{{ $locale.baseText('settings.users.advancedPermissions.warning.link') }}
+						</n8n-link>
+					</template>
+				</i18n-t>
+			</n8n-notice>
 			<div v-if="showInviteUrls">
 				<n8n-users-list :users="invitedUsers">
 					<template #actions="{ user }">
@@ -58,10 +67,11 @@ import { useToast } from '@/composables/useToast';
 import { copyPaste } from '@/mixins/copyPaste';
 import Modal from './Modal.vue';
 import type { IFormInputs, IInviteResponse, IUser } from '@/Interface';
-import { VALID_EMAIL_REGEX, INVITE_USER_MODAL_KEY } from '@/constants';
 import { ROLE } from '@/utils/userUtils';
+import { EnterpriseEditionFeature, VALID_EMAIL_REGEX, INVITE_USER_MODAL_KEY } from '@/constants';
 import { useUsersStore } from '@/stores/users.store';
 import { useSettingsStore } from '@/stores/settings.store';
+import { useUIStore } from '@/stores/ui.store';
 import { createEventBus } from 'n8n-design-system/utils';

 const NAME_EMAIL_FORMAT_REGEX = /^.* <(.*)>$/;
@@ -97,6 +107,7 @@ export default defineComponent({
 			formBus: createEventBus(),
 			modalBus: createEventBus(),
 			emails: '',
+			role: 'member',
 			showInviteUrls: null as IInviteResponse[] | null,
 			loading: false,
 			INVITE_USER_MODAL_KEY,
@@ -132,6 +143,11 @@ export default defineComponent({
 							value: ROLE.Member,
 							label: this.$locale.baseText('auth.roles.member'),
 						},
+						{
+							value: ROLE.Admin,
+							label: this.$locale.baseText('auth.roles.admin'),
+							disabled: !this.isAdvancedPermissionsEnabled,
+						},
 					],
 					capitalize: true,
 				},
@@ -139,7 +155,7 @@ export default defineComponent({
 		];
 	},
 	computed: {
-		...mapStores(useUsersStore, useSettingsStore),
+		...mapStores(useUsersStore, useSettingsStore, useUIStore),
 		emailsCount(): number {
 			return this.emails.split(',').filter((email: string) => !!email.trim()).length;
 		},
@@ -167,6 +183,11 @@ export default defineComponent({
 				  )
 				: [];
 		},
+		isAdvancedPermissionsEnabled(): boolean {
+			return this.settingsStore.isEnterpriseFeatureEnabled(
+				EnterpriseEditionFeature.AdvancedPermissions,
+			);
+		},
 	},
 	methods: {
 		validateEmails(value: string | number | boolean | null | undefined) {
@@ -193,6 +214,9 @@ export default defineComponent({
 			if (e.name === 'emails') {
 				this.emails = e.value;
 			}
+			if (e.name === 'role') {
+				this.role = e.value;
+			}
 		},
 		async onSubmit() {
 			try {
@@ -200,7 +224,7 @@ export default defineComponent({

 				const emails = this.emails
 					.split(',')
-					.map((email) => ({ email: getEmail(email) }))
+					.map((email) => ({ email: getEmail(email), role: this.role }))
 					.filter((invite) => !!invite.email);

 				if (emails.length === 0) {
@@ -308,6 +332,9 @@ export default defineComponent({
 				this.showCopyInviteLinkToast([]);
 			}
 		},
+		goToUpgradeAdvancedPermissions() {
+			void this.uiStore.goToUpgrade('settings-users', 'upgrade-advanced-permissions');
+		},
 	},
 });
 </script>