chore(core): Use roles from database in global roles (#18768)

2025-12-18 10:31:15 +00:00 · 2025-08-26 17:53:46 +02:00
parent cff3f4a67e
commit ecad12b77a
117 changed files with 956 additions and 424 deletions
--- a/packages/cli/test/integration/shared/db/users.ts
+++ b/packages/cli/test/integration/shared/db/users.ts
@@ -1,14 +1,23 @@
 import { randomEmail, randomName, randomValidPassword } from '@n8n/backend-test-utils';
-import { AuthIdentity, AuthIdentityRepository, UserRepository } from '@n8n/db';
+import {
+	AuthIdentity,
+	AuthIdentityRepository,
+	GLOBAL_ADMIN_ROLE,
+	GLOBAL_MEMBER_ROLE,
+	GLOBAL_OWNER_ROLE,
+	type Role,
+	UserRepository,
+} from '@n8n/db';
 import { type User } from '@n8n/db';
 import { Container } from '@n8n/di';
-import type { ApiKeyScope, GlobalRole } from '@n8n/permissions';
+import type { ApiKeyScope } from '@n8n/permissions';
 import { getApiKeyScopesForRole } from '@n8n/permissions';
 import { hash } from 'bcryptjs';

 import { MfaService } from '@/mfa/mfa.service';
 import { TOTPService } from '@/mfa/totp.service';
 import { PublicApiKeyService } from '@/services/public-api-key.service';
+import type { DeepPartial } from '@n8n/typeorm';

 type ApiKeyOptions = {
 	expiresAt?: number | null;
@@ -32,26 +41,26 @@ async function handlePasswordSetup(password: string | null | undefined): Promise
 }

 /** Store a new user object, defaulting to a `member` */
-export async function newUser(attributes: Partial<User> = {}): Promise<User> {
+export async function newUser(attributes: DeepPartial<User> = {}): Promise<User> {
 	const { email, password, firstName, lastName, role, ...rest } = attributes;
 	return Container.get(UserRepository).create({
 		email: email ?? randomEmail(),
 		password: await handlePasswordSetup(password),
 		firstName: firstName ?? randomName(),
 		lastName: lastName ?? randomName(),
-		role: role ?? 'global:member',
+		role: role ?? GLOBAL_MEMBER_ROLE,
 		...rest,
 	});
 }

 /** Store a user object in the DB */
-export async function createUser(attributes: Partial<User> = {}): Promise<User> {
+export async function createUser(attributes: DeepPartial<User> = {}): Promise<User> {
 	const userInstance = await newUser(attributes);
 	const { user } = await Container.get(UserRepository).createUserWithProject(userInstance);
 	return user;
 }

-export async function createLdapUser(attributes: Partial<User>, ldapId: string): Promise<User> {
+export async function createLdapUser(attributes: DeepPartial<User>, ldapId: string): Promise<User> {
 	const user = await createUser(attributes);
 	await Container.get(AuthIdentityRepository).save(AuthIdentity.create(user, ldapId, 'ldap'));
 	return user;
@@ -105,7 +114,7 @@ export const addApiKey = async (
 	return await Container.get(PublicApiKeyService).createPublicApiKeyForUser(user, {
 		label: randomName(),
 		expiresAt,
-		scopes: scopes.length ? scopes : getApiKeyScopesForRole(user.role),
+		scopes: scopes.length ? scopes : getApiKeyScopesForRole(user),
 	});
 };

@@ -134,21 +143,21 @@ export async function createAdminWithApiKey({ expiresAt = null, scopes = [] }: A
 }

 export async function createOwner() {
-	return await createUser({ role: 'global:owner' });
+	return await createUser({ role: GLOBAL_OWNER_ROLE });
 }

 export async function createMember() {
-	return await createUser({ role: 'global:member' });
+	return await createUser({ role: GLOBAL_MEMBER_ROLE });
 }

 export async function createAdmin() {
-	return await createUser({ role: 'global:admin' });
+	return await createUser({ role: GLOBAL_ADMIN_ROLE });
 }

-export async function createUserShell(role: GlobalRole): Promise<User> {
-	const shell: Partial<User> = { role };
+export async function createUserShell(role: Role): Promise<User> {
+	const shell: DeepPartial<User> = { role };

-	if (role !== 'global:owner') {
+	if (role.slug !== GLOBAL_OWNER_ROLE.slug) {
 		shell.email = randomEmail();
 	}

@@ -161,7 +170,7 @@ export async function createUserShell(role: GlobalRole): Promise<User> {
 */
 export async function createManyUsers(
 	amount: number,
-	attributes: Partial<User> = {},
+	attributes: DeepPartial<User> = {},
 ): Promise<User[]> {
 	const result = await Promise.all(
 		Array(amount)
@@ -176,13 +185,13 @@ export async function createManyUsers(

 export const getAllUsers = async () =>
 	await Container.get(UserRepository).find({
-		relations: ['authIdentities'],
+		relations: ['authIdentities', 'role'],
 	});

 export const getUserById = async (id: string) =>
 	await Container.get(UserRepository).findOneOrFail({
 		where: { id },
-		relations: ['authIdentities'],
+		relations: ['authIdentities', 'role'],
 	});

 export const getLdapIdentities = async () =>
@@ -192,5 +201,8 @@ export const getLdapIdentities = async () =>
 	});

 export async function getGlobalOwner() {
-	return await Container.get(UserRepository).findOneByOrFail({ role: 'global:owner' });
+	return await Container.get(UserRepository).findOneOrFail({
+		where: { role: { slug: GLOBAL_OWNER_ROLE.slug } },
+		relations: ['role'],
+	});
 }