feat: RBAC (#8922)
Signed-off-by: Oleg Ivaniv <me@olegivaniv.com> Co-authored-by: Val <68596159+valya@users.noreply.github.com> Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <aditya@netroy.in> Co-authored-by: Valya Bullions <valya@n8n.io> Co-authored-by: Danny Martini <danny@n8n.io> Co-authored-by: Danny Martini <despair.blue@gmail.com> Co-authored-by: Iván Ovejero <ivov.src@gmail.com> Co-authored-by: Omar Ajoue <krynble@gmail.com> Co-authored-by: oleg <me@olegivaniv.com> Co-authored-by: Michael Kret <michael.k@radency.com> Co-authored-by: Michael Kret <88898367+michael-radency@users.noreply.github.com> Co-authored-by: Elias Meire <elias@meire.dev> Co-authored-by: Giulio Andreini <andreini@netseven.it> Co-authored-by: Giulio Andreini <g.andreini@gmail.com> Co-authored-by: Ayato Hayashi <go12limchangyong@gmail.com>
This commit is contained in:
Csaba Tuncsik
GitHub
@@ -22,23 +22,24 @@ export class EnterpriseExecutionsService {
|
||||
|
||||
if (!execution) return;
|
||||
|
||||
const relations = ['shared', 'shared.user'];
|
||||
|
||||
const workflow = (await this.workflowRepository.get(
|
||||
{ id: execution.workflowId },
|
||||
{ relations },
|
||||
)) as WorkflowWithSharingsAndCredentials;
|
||||
const workflow = (await this.workflowRepository.get({
|
||||
id: execution.workflowId,
|
||||
})) as WorkflowWithSharingsAndCredentials;
|
||||
|
||||
if (!workflow) return;
|
||||
|
||||
this.enterpriseWorkflowService.addOwnerAndSharings(workflow);
|
||||
await this.enterpriseWorkflowService.addCredentialsToWorkflow(workflow, req.user);
|
||||
const workflowWithSharingsMetaData =
|
||||
this.enterpriseWorkflowService.addOwnerAndSharings(workflow);
|
||||
await this.enterpriseWorkflowService.addCredentialsToWorkflow(
|
||||
workflowWithSharingsMetaData,
|
||||
req.user,
|
||||
);
|
||||
|
||||
execution.workflowData = {
|
||||
...execution.workflowData,
|
||||
ownedBy: workflow.ownedBy,
|
||||
sharedWith: workflow.sharedWith,
|
||||
usedCredentials: workflow.usedCredentials,
|
||||
homeProject: workflowWithSharingsMetaData.homeProject,
|
||||
sharedWithProjects: workflowWithSharingsMetaData.sharedWithProjects,
|
||||
usedCredentials: workflowWithSharingsMetaData.usedCredentials,
|
||||
} as WorkflowWithSharingsAndCredentials;
|
||||
|
||||
return execution;
|
||||
|
||||
@@ -7,6 +7,7 @@ import { WorkflowSharingService } from '@/workflows/workflowSharing.service';
|
||||
import { NotFoundError } from '@/errors/response-errors/not-found.error';
|
||||
import { parseRangeQuery } from './parse-range-query.middleware';
|
||||
import type { User } from '@/databases/entities/User';
|
||||
import type { Scope } from '@n8n/permissions';
|
||||
|
||||
@RestController('/executions')
|
||||
export class ExecutionsController {
|
||||
@@ -17,15 +18,20 @@ export class ExecutionsController {
|
||||
private readonly license: License,
|
||||
) {}
|
||||
|
||||
private async getAccessibleWorkflowIds(user: User) {
|
||||
return this.license.isSharingEnabled()
|
||||
? await this.workflowSharingService.getSharedWorkflowIds(user)
|
||||
: await this.workflowSharingService.getSharedWorkflowIds(user, ['workflow:owner']);
|
||||
private async getAccessibleWorkflowIds(user: User, scope: Scope) {
|
||||
if (this.license.isSharingEnabled()) {
|
||||
return await this.workflowSharingService.getSharedWorkflowIds(user, { scopes: [scope] });
|
||||
} else {
|
||||
return await this.workflowSharingService.getSharedWorkflowIds(user, {
|
||||
workflowRoles: ['workflow:owner'],
|
||||
projectRoles: ['project:personalOwner'],
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
@Get('/', { middlewares: [parseRangeQuery] })
|
||||
async getMany(req: ExecutionRequest.GetMany) {
|
||||
const accessibleWorkflowIds = await this.getAccessibleWorkflowIds(req.user);
|
||||
const accessibleWorkflowIds = await this.getAccessibleWorkflowIds(req.user, 'workflow:read');
|
||||
|
||||
if (accessibleWorkflowIds.length === 0) {
|
||||
return { count: 0, estimated: false, results: [] };
|
||||
@@ -53,7 +59,7 @@ export class ExecutionsController {
|
||||
|
||||
@Get('/:id')
|
||||
async getOne(req: ExecutionRequest.GetOne) {
|
||||
const workflowIds = await this.getAccessibleWorkflowIds(req.user);
|
||||
const workflowIds = await this.getAccessibleWorkflowIds(req.user, 'workflow:read');
|
||||
|
||||
if (workflowIds.length === 0) throw new NotFoundError('Execution not found');
|
||||
|
||||
@@ -64,7 +70,7 @@ export class ExecutionsController {
|
||||
|
||||
@Post('/:id/stop')
|
||||
async stop(req: ExecutionRequest.Stop) {
|
||||
const workflowIds = await this.getAccessibleWorkflowIds(req.user);
|
||||
const workflowIds = await this.getAccessibleWorkflowIds(req.user, 'workflow:execute');
|
||||
|
||||
if (workflowIds.length === 0) throw new NotFoundError('Execution not found');
|
||||
|
||||
@@ -73,7 +79,7 @@ export class ExecutionsController {
|
||||
|
||||
@Post('/:id/retry')
|
||||
async retry(req: ExecutionRequest.Retry) {
|
||||
const workflowIds = await this.getAccessibleWorkflowIds(req.user);
|
||||
const workflowIds = await this.getAccessibleWorkflowIds(req.user, 'workflow:execute');
|
||||
|
||||
if (workflowIds.length === 0) throw new NotFoundError('Execution not found');
|
||||
|
||||
@@ -82,7 +88,7 @@ export class ExecutionsController {
|
||||
|
||||
@Post('/delete')
|
||||
async delete(req: ExecutionRequest.Delete) {
|
||||
const workflowIds = await this.getAccessibleWorkflowIds(req.user);
|
||||
const workflowIds = await this.getAccessibleWorkflowIds(req.user, 'workflow:execute');
|
||||
|
||||
if (workflowIds.length === 0) throw new NotFoundError('Execution not found');
|
||||
|
||||
|
||||
Reference in New Issue
Block a user