fix(core): Fix broken API permissions in public API (#5978)

packages/cli/src/PublicApi/v1/handlers/executions/executions.handler.ts

@@ -91,7 +91,7 @@ export = {
 
 			// user does not have workflows hence no executions
 			// or the execution he is trying to access belongs to a workflow he does not own
-			if (!sharedWorkflowsIds.length) {
+			if (!sharedWorkflowsIds.length || (workflowId && !sharedWorkflowsIds.includes(workflowId))) {
 				return res.status(200).json({ data: [], nextCursor: null });
 			}
 
@@ -105,7 +105,7 @@ export = {
 				limit,
 				lastId,
 				includeData,
-				...(workflowId && { workflowIds: [workflowId] }),
+				workflowIds: workflowId ? [workflowId] : sharedWorkflowsIds,
 				excludedExecutionsIds: runningExecutionsIds,
 			};
 

packages/cli/src/PublicApi/v1/handlers/workflows/workflows.service.ts

@@ -18,9 +18,12 @@ function insertIf(condition: boolean, elements: string[]): string[] {
 }
 
 export async function getSharedWorkflowIds(user: User): Promise<string[]> {
+	const where = user.globalRole.name === 'owner' ? {} : { userId: user.id };
 	const sharedWorkflows = await Db.collections.SharedWorkflow.find({
-		where: { userId: user.id },
+		where,
+		select: ['workflowId'],
 	});
+	return sharedWorkflows.map(({ workflowId }) => workflowId);
 
 	return sharedWorkflows.map(({ workflowId }) => workflowId);
 }