refactor(core): Remove roleId indirection (no-changelog) (#8413)

packages/cli/src/credentials/credentials.controller.ee.ts

@@ -45,7 +45,7 @@ EECredentialsController.get(
 
 		let credential = await Container.get(CredentialsRepository).findOne({
 			where: { id: credentialId },
-			relations: ['shared', 'shared.role', 'shared.user'],
+			relations: ['shared', 'shared.user'],
 		});
 
 		if (!credential) {
@@ -62,7 +62,7 @@ EECredentialsController.get(
 
 		credential = Container.get(OwnershipService).addOwnedByAndSharedWith(credential);
 
-		if (!includeDecryptedData || !userSharing || userSharing.role.name !== 'owner') {
+		if (!includeDecryptedData || !userSharing || userSharing.role !== 'credential:owner') {
 			const { data: _, ...rest } = credential;
 			return { ...rest };
 		}
@@ -151,10 +151,9 @@ EECredentialsController.put(
 		const ownerIds = (
 			await EECredentials.getSharings(Db.getConnection().createEntityManager(), credentialId, [
 				'shared',
-				'shared.role',
 			])
 		)
-			.filter((e) => e.role.name === 'owner')
+			.filter((e) => e.role === 'credential:owner')
 			.map((e) => e.userId);
 
 		let amountRemoved: number | null = null;

packages/cli/src/credentials/credentials.controller.ts

@@ -147,7 +147,7 @@ credentialsController.patch(
 				allowGlobalScope: true,
 				globalScope: 'credential:update',
 			},
-			['credentials', 'role'],
+			['credentials'],
 		);
 
 		if (!sharing) {
@@ -163,7 +163,7 @@ credentialsController.patch(
 			);
 		}
 
-		if (sharing.role.name !== 'owner' && !req.user.hasGlobalScope('credential:update')) {
+		if (sharing.role !== 'credential:owner' && !req.user.hasGlobalScope('credential:update')) {
 			Container.get(Logger).info(
 				'Attempt to update credential blocked due to lack of permissions',
 				{
@@ -216,7 +216,7 @@ credentialsController.delete(
 				allowGlobalScope: true,
 				globalScope: 'credential:delete',
 			},
-			['credentials', 'role'],
+			['credentials'],
 		);
 
 		if (!sharing) {
@@ -232,7 +232,7 @@ credentialsController.delete(
 			);
 		}
 
-		if (sharing.role.name !== 'owner' && !req.user.hasGlobalScope('credential:delete')) {
+		if (sharing.role !== 'credential:owner' && !req.user.hasGlobalScope('credential:delete')) {
 			Container.get(Logger).info(
 				'Attempt to delete credential blocked due to lack of permissions',
 				{

packages/cli/src/credentials/credentials.service.ee.ts

@@ -1,10 +1,9 @@
+import { Container } from 'typedi';
 import type { EntityManager, FindOptionsWhere } from 'typeorm';
 import { CredentialsEntity } from '@db/entities/CredentialsEntity';
 import type { SharedCredentials } from '@db/entities/SharedCredentials';
 import type { User } from '@db/entities/User';
 import { CredentialsService, type CredentialsGetSharedOptions } from './credentials.service';
-import { RoleService } from '@/services/role.service';
-import Container from 'typedi';
 import { SharedCredentialsRepository } from '@db/repositories/sharedCredentials.repository';
 import { UserRepository } from '@/databases/repositories/user.repository';
 
@@ -15,10 +14,9 @@ export class EECredentialsService extends CredentialsService {
 	): Promise<{ ownsCredential: boolean; credential?: CredentialsEntity }> {
 		const sharing = await this.getSharing(user, credentialId, { allowGlobalScope: false }, [
 			'credentials',
-			'role',
 		]);
 
-		if (!sharing || sharing.role.name !== 'owner') return { ownsCredential: false };
+		if (!sharing || sharing.role !== 'credential:owner') return { ownsCredential: false };
 
 		const { credentials: credential } = sharing;
 
@@ -67,7 +65,6 @@ export class EECredentialsService extends CredentialsService {
 		shareWithIds: string[],
 	): Promise<SharedCredentials[]> {
 		const users = await Container.get(UserRepository).getByIds(transaction, shareWithIds);
-		const role = await Container.get(RoleService).findCredentialUserRole();
 
 		const newSharedCredentials = users
 			.filter((user) => !user.isPending)
@@ -75,7 +72,7 @@ export class EECredentialsService extends CredentialsService {
 				Container.get(SharedCredentialsRepository).create({
 					credentialsId: credential.id,
 					userId: user.id,
-					roleId: role?.id,
+					role: 'credential:user',
 				}),
 			);
 

packages/cli/src/credentials/credentials.service.ts

@@ -23,7 +23,6 @@ import { ExternalHooks } from '@/ExternalHooks';
 import type { User } from '@db/entities/User';
 import type { CredentialRequest, ListQuery } from '@/requests';
 import { CredentialTypes } from '@/CredentialTypes';
-import { RoleService } from '@/services/role.service';
 import { OwnershipService } from '@/services/ownership.service';
 import { Logger } from '@/Logger';
 import { CredentialsRepository } from '@db/repositories/credentials.repository';
@@ -85,13 +84,8 @@ export class CredentialsService {
 		// global credential permissions. This allows the user to
 		// access credentials they don't own.
 		if (!options.allowGlobalScope || !user.hasGlobalScope(options.globalScope)) {
-			Object.assign(where, {
-				userId: user.id,
-				role: { name: 'owner' },
-			});
-			if (!relations.includes('role')) {
-				relations.push('role');
-			}
+			where.userId = user.id;
+			where.role = 'credential:owner';
 		}
 
 		return await Container.get(SharedCredentialsRepository).findOne({ where, relations });
@@ -194,8 +188,6 @@ export class CredentialsService {
 
 		await Container.get(ExternalHooks).run('credentials.create', [encryptedData]);
 
-		const role = await Container.get(RoleService).findCredentialOwnerRole();
-
 		const result = await Db.transaction(async (transactionManager) => {
 			const savedCredential = await transactionManager.save<CredentialsEntity>(newCredential);
 
@@ -204,7 +196,7 @@ export class CredentialsService {
 			const newSharedCredential = new SharedCredentials();
 
 			Object.assign(newSharedCredential, {
-				role,
+				role: 'credential:owner',
 				user,
 				credentials: savedCredential,
 			});