mirror of
https://github.com/Abdulazizzn/n8n-enterprise-unlocked.git
synced 2025-12-18 02:21:13 +00:00
feat(core): Rebuild project roles to load from the database (#17909)
This commit is contained in:
Guillaume Jacquart
committed by
GitHub
GitHub
parent
ab7998b441
commit
f757790394
@@ -1,3 +1,10 @@
|
||||
import {
|
||||
PROJECT_ADMIN_ROLE_SLUG,
|
||||
PROJECT_EDITOR_ROLE_SLUG,
|
||||
PROJECT_OWNER_ROLE_SLUG,
|
||||
PROJECT_VIEWER_ROLE_SLUG,
|
||||
} from '@/constants.ee';
|
||||
|
||||
import {
|
||||
roleNamespaceSchema,
|
||||
globalRoleSchema,
|
||||
@@ -53,10 +60,26 @@ describe('assignableGlobalRoleSchema', () => {
|
||||
|
||||
describe('projectRoleSchema', () => {
|
||||
test.each([
|
||||
{ name: 'valid role: project:personalOwner', value: 'project:personalOwner', expected: true },
|
||||
{ name: 'valid role: project:admin', value: 'project:admin', expected: true },
|
||||
{ name: 'valid role: project:editor', value: 'project:editor', expected: true },
|
||||
{ name: 'valid role: project:viewer', value: 'project:viewer', expected: true },
|
||||
{
|
||||
name: `valid role: ${PROJECT_OWNER_ROLE_SLUG}`,
|
||||
value: PROJECT_OWNER_ROLE_SLUG,
|
||||
expected: true,
|
||||
},
|
||||
{
|
||||
name: `valid role: ${PROJECT_ADMIN_ROLE_SLUG}`,
|
||||
value: PROJECT_ADMIN_ROLE_SLUG,
|
||||
expected: true,
|
||||
},
|
||||
{
|
||||
name: `valid role: ${PROJECT_EDITOR_ROLE_SLUG}`,
|
||||
value: PROJECT_EDITOR_ROLE_SLUG,
|
||||
expected: true,
|
||||
},
|
||||
{
|
||||
name: `valid role: ${PROJECT_VIEWER_ROLE_SLUG}`,
|
||||
value: PROJECT_VIEWER_ROLE_SLUG,
|
||||
expected: true,
|
||||
},
|
||||
{ name: 'invalid role', value: 'invalid-role', expected: false },
|
||||
])('should validate $name', ({ value, expected }) => {
|
||||
const result = projectRoleSchema.safeParse(value);
|
||||
|
||||
@@ -43,3 +43,8 @@ export const API_KEY_RESOURCES = {
|
||||
sourceControl: ['pull'] as const,
|
||||
workflowTags: ['update', 'list'] as const,
|
||||
} as const;
|
||||
|
||||
export const PROJECT_OWNER_ROLE_SLUG = 'project:personalOwner';
|
||||
export const PROJECT_ADMIN_ROLE_SLUG = 'project:admin';
|
||||
export const PROJECT_EDITOR_ROLE_SLUG = 'project:editor';
|
||||
export const PROJECT_VIEWER_ROLE_SLUG = 'project:viewer';
|
||||
|
||||
@@ -6,7 +6,7 @@ export * from './scope-information';
|
||||
export * from './roles/role-maps.ee';
|
||||
export * from './roles/all-roles';
|
||||
|
||||
export { projectRoleSchema } from './schemas.ee';
|
||||
export { projectRoleSchema, teamRoleSchema } from './schemas.ee';
|
||||
|
||||
export { hasScope } from './utilities/has-scope.ee';
|
||||
export { hasGlobalScope } from './utilities/has-global-scope.ee';
|
||||
|
||||
@@ -1,3 +1,9 @@
|
||||
import {
|
||||
PROJECT_ADMIN_ROLE_SLUG,
|
||||
PROJECT_EDITOR_ROLE_SLUG,
|
||||
PROJECT_OWNER_ROLE_SLUG,
|
||||
PROJECT_VIEWER_ROLE_SLUG,
|
||||
} from '../constants.ee';
|
||||
import {
|
||||
CREDENTIALS_SHARING_SCOPE_MAP,
|
||||
GLOBAL_SCOPE_MAP,
|
||||
@@ -11,10 +17,10 @@ const ROLE_NAMES: Record<AllRoleTypes, string> = {
|
||||
'global:owner': 'Owner',
|
||||
'global:admin': 'Admin',
|
||||
'global:member': 'Member',
|
||||
'project:personalOwner': 'Project Owner',
|
||||
'project:admin': 'Project Admin',
|
||||
'project:editor': 'Project Editor',
|
||||
'project:viewer': 'Project Viewer',
|
||||
[PROJECT_OWNER_ROLE_SLUG]: 'Project Owner',
|
||||
[PROJECT_ADMIN_ROLE_SLUG]: 'Project Admin',
|
||||
[PROJECT_EDITOR_ROLE_SLUG]: 'Project Editor',
|
||||
[PROJECT_VIEWER_ROLE_SLUG]: 'Project Viewer',
|
||||
'credential:user': 'Credential User',
|
||||
'credential:owner': 'Credential Owner',
|
||||
'workflow:owner': 'Workflow Owner',
|
||||
|
||||
@@ -1,5 +1,7 @@
|
||||
import { z } from 'zod';
|
||||
|
||||
import { PROJECT_OWNER_ROLE_SLUG } from './constants.ee';
|
||||
|
||||
export const roleNamespaceSchema = z.enum(['global', 'project', 'credential', 'workflow']);
|
||||
|
||||
export const globalRoleSchema = z.enum(['global:owner', 'global:admin', 'global:member']);
|
||||
@@ -14,7 +16,11 @@ export const personalRoleSchema = z.enum([
|
||||
|
||||
export const teamRoleSchema = z.enum(['project:admin', 'project:editor', 'project:viewer']);
|
||||
|
||||
export const projectRoleSchema = z.enum([...personalRoleSchema.options, ...teamRoleSchema.options]);
|
||||
export const customRoleSchema = z.string().refine((val) => val !== PROJECT_OWNER_ROLE_SLUG, {
|
||||
message: `'${PROJECT_OWNER_ROLE_SLUG}' is not assignable`,
|
||||
});
|
||||
|
||||
export const projectRoleSchema = z.union([personalRoleSchema, teamRoleSchema]);
|
||||
|
||||
export const credentialSharingRoleSchema = z.enum(['credential:owner', 'credential:user']);
|
||||
|
||||
|
||||
@@ -58,6 +58,7 @@ export type CredentialSharingRole = z.infer<typeof credentialSharingRoleSchema>;
|
||||
export type WorkflowSharingRole = z.infer<typeof workflowSharingRoleSchema>;
|
||||
export type TeamProjectRole = z.infer<typeof teamRoleSchema>;
|
||||
export type ProjectRole = z.infer<typeof projectRoleSchema>;
|
||||
export type CustomRole = string;
|
||||
|
||||
/** Union of all possible role types in the system */
|
||||
export type AllRoleTypes = GlobalRole | ProjectRole | WorkflowSharingRole | CredentialSharingRole;
|
||||
|
||||
Reference in New Issue
Block a user