feat(editor): Add routing middleware, permission checks, RBAC store, RBAC component (#7702)

Github issue / Community forum post (link here to close automatically): --------- Co-authored-by: Csaba Tuncsik <csaba@n8n.io>
2023-11-23 13:22:47 +02:00
parent fdb2c18ecc
commit 67a88914f2
62 changed files with 1935 additions and 646 deletions
--- a/packages/editor-ui/src/stores/rbac.store.ts
+++ b/packages/editor-ui/src/stores/rbac.store.ts
@@ -0,0 +1,113 @@
+import { defineStore } from 'pinia';
+import { hasScope as genericHasScope } from '@n8n/permissions';
+import type { HasScopeOptions, Scope, Resource } from '@n8n/permissions';
+import { ref } from 'vue';
+import { STORES } from '@/constants';
+import type { IRole } from '@/Interface';
+
+export const useRBACStore = defineStore(STORES.RBAC, () => {
+	const globalRoles = ref<IRole[]>([]);
+	const rolesByProjectId = ref<Record<string, string[]>>({});
+
+	const globalScopes = ref<Scope[]>([]);
+	const scopesByProjectId = ref<Record<string, Scope[]>>({});
+	const scopesByResourceId = ref<Record<Resource, Record<string, Scope[]>>>({
+		workflow: {},
+		tag: {},
+		user: {},
+		credential: {},
+		variable: {},
+		sourceControl: {},
+		externalSecretsStore: {},
+	});
+
+	function addGlobalRole(role: IRole) {
+		if (!globalRoles.value.includes(role)) {
+			globalRoles.value.push(role);
+		}
+	}
+
+	function hasRole(role: IRole) {
+		return globalRoles.value.includes(role);
+	}
+
+	function addGlobalScope(scope: Scope) {
+		if (!globalScopes.value.includes(scope)) {
+			globalScopes.value.push(scope);
+		}
+	}
+
+	function setGlobalScopes(scopes: Scope[]) {
+		globalScopes.value = scopes;
+	}
+
+	function addProjectScope(
+		scope: Scope,
+		context: {
+			projectId: string;
+		},
+	) {
+		if (!scopesByProjectId.value[context.projectId]) {
+			scopesByProjectId.value[context.projectId] = [];
+		}
+
+		if (!scopesByProjectId.value[context.projectId].includes(scope)) {
+			scopesByProjectId.value[context.projectId].push(scope);
+		}
+	}
+
+	function addResourceScope(
+		scope: Scope,
+		context: {
+			resourceType: Resource;
+			resourceId: string;
+		},
+	) {
+		const scopesByResourceType = scopesByResourceId.value[context.resourceType];
+		if (!scopesByResourceType[context.resourceId]) {
+			scopesByResourceType[context.resourceId] = [];
+		}
+
+		if (!scopesByResourceType[context.resourceId].includes(scope)) {
+			scopesByResourceType[context.resourceId].push(scope);
+		}
+	}
+
+	function hasScope(
+		scope: Scope | Scope[],
+		context?: {
+			resourceType?: Resource;
+			resourceId?: string;
+			projectId?: string;
+		},
+		options?: HasScopeOptions,
+	): boolean {
+		return genericHasScope(
+			scope,
+			{
+				global: globalScopes.value,
+				project: context?.projectId ? scopesByProjectId.value[context.projectId] : [],
+				resource:
+					context?.resourceType && context?.resourceId
+						? scopesByResourceId.value[context.resourceType][context.resourceId]
+						: [],
+			},
+			options,
+		);
+	}
+
+	return {
+		globalRoles,
+		rolesByProjectId,
+		globalScopes,
+		scopesByProjectId,
+		scopesByResourceId,
+		addGlobalRole,
+		hasRole,
+		addGlobalScope,
+		setGlobalScopes,
+		addProjectScope,
+		addResourceScope,
+		hasScope,
+	};
+});