fix: When editing nodes only show the credentials in the dropdown that the user is allowed to use in that workflow (#9718)

cypress/composables/projects.ts

@@ -10,6 +10,7 @@ export const getProjectTabs = () => cy.getByTestId('project-tabs').find('a');
 export const getProjectTabWorkflows = () => getProjectTabs().filter('a[href$="/workflows"]');
 export const getProjectTabCredentials = () => getProjectTabs().filter('a[href$="/credentials"]');
 export const getProjectTabSettings = () => getProjectTabs().filter('a[href$="/settings"]');
+export const getProjectSettingsNameInput = () => cy.getByTestId('project-settings-name-input');
 export const getProjectSettingsSaveButton = () => cy.getByTestId('project-settings-save-button');
 export const getProjectSettingsCancelButton = () =>
 	cy.getByTestId('project-settings-cancel-button');
@@ -55,3 +56,11 @@ export function createCredential(name: string) {
 	credentialsModal.actions.save();
 	credentialsModal.actions.close();
 }
+
+export const actions = {
+	createProject: (name: string) => {
+		getAddProjectButton().click();
+		getProjectSettingsNameInput().type(name);
+		getProjectSettingsSaveButton().click();
+	},
+};

cypress/e2e/17-sharing.cy.ts

@@ -1,4 +1,4 @@
-import { INSTANCE_MEMBERS, INSTANCE_OWNER, INSTANCE_ADMIN } from '../constants';
+import { INSTANCE_MEMBERS, INSTANCE_OWNER, INSTANCE_ADMIN, NOTION_NODE_NAME } from '../constants';
 import {
 	CredentialsModal,
 	CredentialsPage,
@@ -8,6 +8,7 @@ import {
 	WorkflowsPage,
 } from '../pages';
 import { getVisibleSelect } from '../utils';
+import * as projects from '../composables/projects';
 
 /**
  * User U1 - Instance owner
@@ -188,3 +189,177 @@ describe('Sharing', { disableAutoLogin: true }, () => {
 		credentialsModal.actions.close();
 	});
 });
+
+describe('Credential Usage in Cross Shared Workflows', () => {
+	beforeEach(() => {
+		cy.resetDatabase();
+		cy.enableFeature('advancedPermissions');
+		cy.enableFeature('projectRole:admin');
+		cy.enableFeature('projectRole:editor');
+		cy.changeQuota('maxTeamProjects', -1);
+		cy.reload();
+		cy.signinAsOwner();
+		cy.visit(credentialsPage.url);
+	});
+
+	it('should only show credentials from the same team project', () => {
+		cy.enableFeature('advancedPermissions');
+		cy.enableFeature('projectRole:admin');
+		cy.enableFeature('projectRole:editor');
+		cy.changeQuota('maxTeamProjects', -1);
+
+		// Create a notion credential in the home project
+		credentialsPage.getters.emptyListCreateCredentialButton().click();
+		credentialsModal.actions.createNewCredential('Notion API');
+
+		// Create a notion credential in one project
+		projects.actions.createProject('Development');
+		projects.getProjectTabCredentials().click();
+		credentialsPage.getters.emptyListCreateCredentialButton().click();
+		credentialsModal.actions.createNewCredential('Notion API');
+
+		// Create a notion credential in another project
+		projects.actions.createProject('Test');
+		projects.getProjectTabCredentials().click();
+		credentialsPage.getters.emptyListCreateCredentialButton().click();
+		credentialsModal.actions.createNewCredential('Notion API');
+		// Create a workflow with a notion node in the same project
+		projects.getProjectTabWorkflows().click();
+		workflowsPage.actions.createWorkflowFromCard();
+		workflowPage.actions.addNodeToCanvas(NOTION_NODE_NAME, true, true);
+
+		// Only the credential in this project (+ the 'Create new' option) should
+		// be in the dropdown
+		workflowPage.getters.nodeCredentialsSelect().click();
+		getVisibleSelect().find('li').should('have.length', 2);
+	});
+
+	it('should only show credentials in their personal project for members', () => {
+		cy.enableFeature('sharing');
+		cy.reload();
+
+		// Create a notion credential as the owner
+		credentialsPage.getters.emptyListCreateCredentialButton().click();
+		credentialsModal.actions.createNewCredential('Notion API');
+
+		// Create another notion credential as the owner, but share it with member
+		// 0
+		credentialsPage.getters.createCredentialButton().click();
+		credentialsModal.actions.createNewCredential('Notion API', false);
+		credentialsModal.actions.changeTab('Sharing');
+		credentialsModal.actions.addUser(INSTANCE_MEMBERS[0].email);
+		credentialsModal.actions.saveSharing();
+
+		// As the member, create a new notion credential and a workflow
+		cy.signinAsMember();
+		cy.visit(credentialsPage.url);
+		credentialsPage.getters.createCredentialButton().click();
+		credentialsModal.actions.createNewCredential('Notion API');
+		cy.visit(workflowsPage.url);
+		workflowsPage.actions.createWorkflowFromCard();
+		workflowPage.actions.addNodeToCanvas(NOTION_NODE_NAME, true, true);
+
+		// Only the own credential the shared one (+ the 'Create new' option)
+		// should be in the dropdown
+		workflowPage.getters.nodeCredentialsSelect().click();
+		getVisibleSelect().find('li').should('have.length', 3);
+	});
+
+	it('should only show credentials in their personal project for members if the workflow was shared with them', () => {
+		const workflowName = 'Test workflow';
+		cy.enableFeature('sharing');
+		cy.reload();
+
+		// Create a notion credential as the owner and a workflow that is shared
+		// with member 0
+		credentialsPage.getters.emptyListCreateCredentialButton().click();
+		credentialsModal.actions.createNewCredential('Notion API');
+		//cy.visit(workflowsPage.url);
+		projects.getProjectTabWorkflows().click();
+		workflowsPage.actions.createWorkflowFromCard();
+		workflowPage.actions.setWorkflowName(workflowName);
+		workflowPage.actions.openShareModal();
+		workflowSharingModal.actions.addUser(INSTANCE_MEMBERS[0].email);
+		workflowSharingModal.actions.save();
+
+		// As the member, create a new notion credential
+		cy.signinAsMember();
+		cy.visit(credentialsPage.url);
+		credentialsPage.getters.emptyListCreateCredentialButton().click();
+		credentialsModal.actions.createNewCredential('Notion API');
+		cy.visit(workflowsPage.url);
+		workflowsPage.getters.workflowCard(workflowName).click();
+		workflowPage.actions.addNodeToCanvas(NOTION_NODE_NAME, true, true);
+
+		// Only the own credential the shared one (+ the 'Create new' option)
+		// should be in the dropdown
+		workflowPage.getters.nodeCredentialsSelect().click();
+		getVisibleSelect().find('li').should('have.length', 2);
+	});
+
+	it("should show all credentials from all personal projects the workflow's been shared into for the global owner", () => {
+		const workflowName = 'Test workflow';
+		cy.enableFeature('sharing');
+
+		// As member 1, create a new notion credential. This should not show up.
+		cy.signinAsMember(1);
+		cy.visit(credentialsPage.url);
+		credentialsPage.getters.emptyListCreateCredentialButton().click();
+		credentialsModal.actions.createNewCredential('Notion API');
+
+		// As admin, create a new notion credential. This should show up.
+		cy.signinAsAdmin();
+		cy.visit(credentialsPage.url);
+		credentialsPage.getters.createCredentialButton().click();
+		credentialsModal.actions.createNewCredential('Notion API');
+
+		// As member 0, create a new notion credential and a workflow and share it
+		// with the global owner and the admin.
+		cy.signinAsMember();
+		cy.visit(credentialsPage.url);
+		credentialsPage.getters.emptyListCreateCredentialButton().click();
+		credentialsModal.actions.createNewCredential('Notion API');
+		cy.visit(workflowsPage.url);
+		workflowsPage.actions.createWorkflowFromCard();
+		workflowPage.actions.setWorkflowName(workflowName);
+		workflowPage.actions.openShareModal();
+		workflowSharingModal.actions.addUser(INSTANCE_OWNER.email);
+		workflowSharingModal.actions.addUser(INSTANCE_ADMIN.email);
+		workflowSharingModal.actions.save();
+
+		// As the global owner, create a new notion credential and open the shared
+		// workflow
+		cy.signinAsOwner();
+		cy.visit(credentialsPage.url);
+		credentialsPage.getters.createCredentialButton().click();
+		credentialsModal.actions.createNewCredential('Notion API');
+		cy.visit(workflowsPage.url);
+		workflowsPage.getters.workflowCard(workflowName).click();
+		workflowPage.actions.addNodeToCanvas(NOTION_NODE_NAME, true, true);
+
+		// Only the personal credentials of the workflow owner and the global owner
+		// should show up.
+		workflowPage.getters.nodeCredentialsSelect().click();
+		getVisibleSelect().find('li').should('have.length', 4);
+	});
+
+	it('should show all personal credentials if the global owner owns the workflow', () => {
+		cy.enableFeature('sharing');
+
+		// As member 0, create a new notion credential.
+		cy.signinAsMember();
+		cy.visit(credentialsPage.url);
+		credentialsPage.getters.emptyListCreateCredentialButton().click();
+		credentialsModal.actions.createNewCredential('Notion API');
+
+		// As the global owner, create a workflow and add a notion node
+		cy.signinAsOwner();
+		cy.visit(workflowsPage.url);
+		workflowsPage.actions.createWorkflowFromCard();
+		workflowPage.actions.addNodeToCanvas(NOTION_NODE_NAME, true, true);
+
+		// Show all personal credentials
+		workflowPage.getters.nodeCredentialsSelect().click();
+		getVisibleSelect().find('li').should('have.have.length', 2);
+	});
+});

cypress/e2e/30-editor-after-route-changes.cy.ts

@@ -102,7 +102,7 @@ const switchBetweenEditorAndHistory = () => {
 
 const switchBetweenEditorAndWorkflowlist = () => {
 	cy.getByTestId('menu-item').first().click();
-	cy.wait(['@getUsers', '@getWorkflows', '@getActiveWorkflows', '@getCredentials']);
+	cy.wait(['@getUsers', '@getWorkflows', '@getActiveWorkflows', '@getProjects']);
 
 	cy.getByTestId('resources-list-item').first().click();
 
@@ -197,7 +197,7 @@ describe('Editor zoom should work after route changes', () => {
 		cy.intercept('GET', '/rest/users').as('getUsers');
 		cy.intercept('GET', '/rest/workflows?*').as('getWorkflows');
 		cy.intercept('GET', '/rest/active-workflows').as('getActiveWorkflows');
-		cy.intercept('GET', '/rest/credentials?*').as('getCredentials');
+		cy.intercept('GET', '/rest/projects').as('getProjects');
 
 		switchBetweenEditorAndHistory();
 		zoomInAndCheckNodes();

cypress/pages/modals/credentials-modal.ts

@@ -55,7 +55,7 @@ export class CredentialsModal extends BasePage {
 		close: () => {
 			this.getters.closeButton().click();
 		},
-		fillCredentialsForm: () => {
+		fillCredentialsForm: (closeModal = true) => {
 			this.getters.credentialsEditModal().should('be.visible');
 			this.getters.credentialInputs().should('have.length.greaterThan', 0);
 			this.getters
@@ -65,14 +65,23 @@ export class CredentialsModal extends BasePage {
 					cy.wrap($el).type('test');
 				});
 			this.getters.saveButton().click();
-			this.getters.closeButton().click();
+			if (closeModal) {
+				this.getters.closeButton().click();
+			}
+		},
+		createNewCredential: (type: string, closeModal = true) => {
+			this.getters.newCredentialModal().should('be.visible');
+			this.getters.newCredentialTypeSelect().should('be.visible');
+			this.getters.newCredentialTypeOption(type).click();
+			this.getters.newCredentialTypeButton().click();
+			this.actions.fillCredentialsForm(closeModal);
 		},
 		renameCredential: (newName: string) => {
 			this.getters.nameInput().type('{selectall}');
 			this.getters.nameInput().type(newName);
 			this.getters.nameInput().type('{enter}');
 		},
-		changeTab: (tabName: string) => {
+		changeTab: (tabName: 'Sharing') => {
 			this.getters.menuItem(tabName).click();
 		},
 	};

cypress/support/index.ts

@@ -32,10 +32,13 @@ declare global {
 			 * @param [workflowName] Optional name for the workflow. A random nanoid is used if not given
 			 */
 			createFixtureWorkflow(fixtureKey: string, workflowName?: string): void;
-			/** @deprecated */
+			/** @deprecated use signinAsOwner, signinAsAdmin or signinAsMember instead */
 			signin(payload: SigninPayload): void;
 			signinAsOwner(): void;
 			signinAsAdmin(): void;
+			/**
+			 * Omitting the index will default to index 0.
+			 */
 			signinAsMember(index?: number): void;
 			signout(): void;
 			overrideSettings(value: Partial<IN8nUISettings>): void;