feat(core): Add onlySharedWithMe filter to GET /credentials endpoint (no-changelog) (#14885)

Co-authored-by: Danny Martini <danny@n8n.io>
2025-12-17 10:02:05 +00:00 · 2025-05-02 13:08:30 -04:00
parent 8a30c35c33
commit e01bab58a5
5 changed files with 143 additions and 5 deletions
--- a/packages/cli/test/integration/credentials/credentials.api.test.ts
+++ b/packages/cli/test/integration/credentials/credentials.api.test.ts
@@ -25,7 +25,7 @@ import {
 	shareCredentialWithUsers,
 } from '../shared/db/credentials';
 import { createTeamProject, linkUserToProject } from '../shared/db/projects';
-import { createManyUsers, createMember, createOwner } from '../shared/db/users';
+import { createAdmin, createManyUsers, createMember, createOwner } from '../shared/db/users';
 import {
 	randomCredentialPayload as payload,
 	randomCredentialPayload,
@@ -42,6 +42,7 @@ const testServer = setupTestServer({ endpointGroups: ['credentials'] });

 let owner: User;
 let member: User;
+let admin: User;
 let secondMember: User;

 let ownerPersonalProject: Project;
@@ -49,6 +50,7 @@ let memberPersonalProject: Project;

 let authOwnerAgent: SuperAgentTest;
 let authMemberAgent: SuperAgentTest;
+let authAdminAgent: SuperAgentTest;

 let projectRepository: ProjectRepository;
 let sharedCredentialsRepository: SharedCredentialsRepository;
@@ -58,6 +60,7 @@ beforeEach(async () => {

 	owner = await createOwner();
 	member = await createMember();
+	admin = await createAdmin();
 	secondMember = await createMember();

 	ownerPersonalProject = await Container.get(ProjectRepository).getPersonalProjectForUserOrFail(
@@ -69,6 +72,7 @@ beforeEach(async () => {

 	authOwnerAgent = testServer.authAgentFor(owner);
 	authMemberAgent = testServer.authAgentFor(member);
+	authAdminAgent = testServer.authAgentFor(admin);

 	projectRepository = Container.get(ProjectRepository);
 	sharedCredentialsRepository = Container.get(SharedCredentialsRepository);
@@ -1509,6 +1513,103 @@ describe('POST /credentials/test', () => {
 			data: credential.data,
 		});
 	});
+
+	test('should return only credentials shared with me when ?onlySharedWithMe=true (owner)', async () => {
+		await saveCredential(randomCredentialPayload(), {
+			user: owner,
+			role: 'credential:owner',
+		});
+
+		await saveCredential(randomCredentialPayload(), {
+			user: owner,
+			role: 'credential:owner',
+		});
+
+		const memberCredential = await saveCredential(randomCredentialPayload(), {
+			user: member,
+			role: 'credential:owner',
+		});
+
+		await shareCredentialWithUsers(memberCredential, [owner]);
+
+		let response;
+
+		response = await authOwnerAgent.get('/credentials').query({ onlySharedWithMe: true });
+		expect(response.statusCode).toBe(200);
+		expect(response.body.data).toHaveLength(1);
+		expect(response.body.data[0].id).toBe(memberCredential.id);
+		expect(response.body.data[0].homeProject).not.toBeNull();
+
+		response = await authMemberAgent.get('/credentials').query({ onlySharedWithMe: true });
+		expect(response.statusCode).toBe(200);
+		expect(response.body.data).toHaveLength(0);
+	});
+
+	test('should return only credentials shared with me when ?onlySharedWithMe=true (admin)', async () => {
+		await saveCredential(randomCredentialPayload(), {
+			user: admin,
+			role: 'credential:owner',
+		});
+
+		await saveCredential(randomCredentialPayload(), {
+			user: admin,
+			role: 'credential:owner',
+		});
+
+		const memberCredential = await saveCredential(randomCredentialPayload(), {
+			user: member,
+			role: 'credential:owner',
+		});
+
+		await shareCredentialWithUsers(memberCredential, [admin]);
+
+		let response;
+
+		response = await authAdminAgent.get('/credentials').query({ onlySharedWithMe: true });
+		expect(response.statusCode).toBe(200);
+		expect(response.body.data).toHaveLength(1);
+		expect(response.body.data[0].id).toBe(memberCredential.id);
+		expect(response.body.data[0].homeProject).not.toBeNull();
+
+		response = await authMemberAgent.get('/credentials').query({ onlySharedWithMe: true });
+		expect(response.statusCode).toBe(200);
+		expect(response.body.data).toHaveLength(0);
+	});
+
+	test('should return only credentials shared with me when ?onlySharedWithMe=true (member)', async () => {
+		await saveCredential(randomCredentialPayload(), {
+			user: member,
+			role: 'credential:owner',
+		});
+
+		await saveCredential(randomCredentialPayload(), {
+			user: member,
+			role: 'credential:owner',
+		});
+
+		const ownerCredential = await saveCredential(randomCredentialPayload(), {
+			user: owner,
+			role: 'credential:owner',
+		});
+
+		await shareCredentialWithUsers(ownerCredential, [member]);
+
+		let response;
+
+		response = await authMemberAgent.get('/credentials').query({ onlySharedWithMe: true });
+
+		expect(response.statusCode).toBe(200);
+
+		expect(response.body.data).toHaveLength(1);
+		expect(response.body.data[0].id).toBe(ownerCredential.id);
+		expect(response.body.data[0].homeProject).not.toBeNull();
+
+		response = await authOwnerAgent.get('/credentials').query({ onlySharedWithMe: true });
+
+		expect(response.statusCode).toBe(200);
+
+		expect(response.body.data).toHaveLength(0);
+	});
 });

 const INVALID_PAYLOADS = [