mohiit1502/Automata
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

refactor: Forbid access to workflows when enterprise features is unavailable (#4635) (no-changelog)

Browse Source 
* refactor: Forbid access to workflows when enterprise features is unavailable
This commit is contained in:
Omar Ajoue
2022-11-18 13:07:39 +01:00
committed by GitHub
parent bb5ebdf6c9
commit e1a491edce
11 changed files with 74 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
packages/cli/src/UserManagement/UserManagementHelper.ts
View File

@@ -13,6 +13,7 @@ import { Role } from '@db/entities/Role';
import { AuthenticatedRequest } from '@/requests';
import config from '@/config';
import { getWebhookBaseUrl } from '../WebhookHelpers';
import { WhereClause } from '@/Interfaces';
export async function getWorkflowOwner(workflowId: string | number): Promise<User> {
const sharedWorkflow = await Db.collections.SharedWorkflow.findOneOrFail({
@@ -210,3 +211,31 @@ export function rightDiff<T1, T2>(
return acc;
}, []);
}
/**
* Build a `where` clause for a TypeORM entity search,
* checking for member access if the user is not an owner.
*/
export function whereClause({
user,
entityType,
entityId = '',
roles = [],
}: {
user: User;
entityType: 'workflow' | 'credentials';
entityId?: string;
roles?: string[];
}): WhereClause {
const where: WhereClause = entityId ? { [entityType]: { id: entityId } } : {};
// TODO: Decide if owner access should be restricted
if (user.globalRole.name !== 'owner') {
where.user = { id: user.id };
if (roles?.length) {
where.role = { name: In(roles) };
}
}
return where;
}