admin/n8n-enterprise-unlocked
1
0
Fork 0
mirror of https://github.com/Abdulazizzn/n8n-enterprise-unlocked.git synced 2025-12-18 02:21:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor: Forbid access to workflows when enterprise features is unavailable (#4635) (no-changelog)

Browse Source 
* refactor: Forbid access to workflows when enterprise features is unavailable
This commit is contained in:
Omar Ajoue
2022-11-18 13:07:39 +01:00
committed by GitHub
parent bb5ebdf6c9
commit e1a491edce
11 changed files with 74 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
packages/cli/src/WorkflowHelpers.ts
View File

@@ -33,7 +33,6 @@ import {
ITransferNodeTypes,
IWorkflowErrorData,
IWorkflowExecutionDataProcess,
WhereClause,
} from '@/Interfaces';
import { NodeTypes } from '@/NodeTypes';
import { WorkflowRunner } from '@/WorkflowRunner';
@@ -41,7 +40,7 @@ import { WorkflowRunner } from '@/WorkflowRunner';
import config from '@/config';
import { WorkflowEntity } from '@db/entities/WorkflowEntity';
import { User } from '@db/entities/User';
import { getWorkflowOwner } from '@/UserManagement/UserManagementHelper';
import { getWorkflowOwner, whereClause } from '@/UserManagement/UserManagementHelper';
const ERROR_TRIGGER_TYPE = config.getEnv('nodes.errorTriggerType');
@@ -573,40 +572,14 @@ export async function replaceInvalidCredentials(workflow: WorkflowEntity): Promi
return workflow;
}
/**
* Build a `where` clause for a TypeORM entity search,
* checking for member access if the user is not an owner.
*/
export function whereClause({
user,
entityType,
entityId = '',
}: {
user: User;
entityType: 'workflow' | 'credentials';
entityId?: string;
}): WhereClause {
const where: WhereClause = entityId ? { [entityType]: { id: entityId } } : {};
// TODO: Decide if owner access should be restricted
if (user.globalRole.name !== 'owner') {
where.user = { id: user.id };
}
return where;
}
/**
* Get the IDs of the workflows that have been shared with the user.
* Returns all IDs if user is global owner (see `whereClause`)
*/
export async function getSharedWorkflowIds(user: User): Promise<number[]> {
export async function getSharedWorkflowIds(user: User, roles?: string[]): Promise<number[]> {
const sharedWorkflows = await Db.collections.SharedWorkflow.find({
relations: ['workflow'],
where: whereClause({
user,
entityType: 'workflow',
}),
relations: ['workflow', 'role'],
where: whereClause({ user, entityType: 'workflow', roles }),
});
return sharedWorkflows.map(({ workflow }) => workflow.id);