perf(core): Cache roles (#6803)

* refactor: Create `RoleService`

* refactor: Refactor to use service

* refactor: Move `getUserRoleForWorkflow`

* refactor: Clear out old `RoleService`

* refactor: Consolidate utils into service

* refactor: Remove unused methods

* test: Add tests

* refactor: Remove redundant return types

* refactor: Missing utility

* chore: Remove commented out bit

* refactor: Make `Db.collections.Repository` inaccessible

* chore: Cleanup

* feat: Prepopulate cache

* chore: Remove logging

* fix: Account for tests where roles are undefined

* fix: Restore `prettier.prettierPath`

* test: Account for cache enabled and disabled

* fix: Restore `Role` in `Db.collections`

* refactor: Simplify by removing `orFail`

* refactor: Rename for clarity

* refactor: Use `cacheKey` for readability

* refactor: Validate role before creation

* refacator: Remove redundant `cache` prefix

* ci: Lint fix

* test: Fix e2e

packages/cli/src/UserManagement/PermissionChecker.ts

@@ -9,11 +9,12 @@ import { In } from 'typeorm';
 import * as Db from '@/Db';
 import config from '@/config';
 import type { SharedCredentials } from '@db/entities/SharedCredentials';
-import { getRoleId, isSharingEnabled } from './UserManagementHelper';
+import { isSharingEnabled } from './UserManagementHelper';
 import { WorkflowsService } from '@/workflows/workflows.services';
 import { UserService } from '@/user/user.service';
 import { OwnershipService } from '@/services/ownership.service';
 import Container from 'typedi';
+import { RoleService } from '@/services/role.service';
 
 export class PermissionChecker {
 	/**
@@ -54,8 +55,9 @@ export class PermissionChecker {
 		const credentialsWhere: FindOptionsWhere<SharedCredentials> = { userId: In(workflowUserIds) };
 
 		if (!isSharingEnabled()) {
+			const role = await Container.get(RoleService).findCredentialOwnerRole();
 			// If credential sharing is not enabled, get only credentials owned by this user
-			credentialsWhere.roleId = await getRoleId('credential', 'owner');
+			credentialsWhere.roleId = role.id;
 		}
 
 		const credentialSharings = await Db.collections.SharedCredentials.find({

packages/cli/src/UserManagement/UserManagementHelper.ts

@@ -7,12 +7,11 @@ import * as ResponseHelper from '@/ResponseHelper';
 import type { CurrentUser, PublicUser, WhereClause } from '@/Interfaces';
 import type { User } from '@db/entities/User';
 import { MAX_PASSWORD_LENGTH, MIN_PASSWORD_LENGTH } from '@db/entities/User';
-import type { Role } from '@db/entities/Role';
-import { RoleRepository } from '@db/repositories';
 import config from '@/config';
 import { License } from '@/License';
 import { getWebhookBaseUrl } from '@/WebhookHelpers';
 import type { PostHogClient } from '@/posthog';
+import { RoleService } from '@/services/role.service';
 
 export function isEmailSetUp(): boolean {
 	const smtp = config.getEnv('userManagement.emails.mode') === 'smtp';
@@ -27,22 +26,15 @@ export function isSharingEnabled(): boolean {
 	return Container.get(License).isSharingEnabled();
 }
 
-export async function getRoleId(scope: Role['scope'], name: Role['name']): Promise<Role['id']> {
-	return Container.get(RoleRepository)
-		.findRoleOrFail(scope, name)
-		.then((role) => role.id);
-}
+export async function getInstanceOwner() {
+	const globalOwnerRole = await Container.get(RoleService).findGlobalOwnerRole();
 
-export async function getInstanceOwner(): Promise<User> {
-	const ownerRoleId = await getRoleId('global', 'owner');
-
-	const owner = await Db.collections.User.findOneOrFail({
+	return Db.collections.User.findOneOrFail({
 		relations: ['globalRole'],
 		where: {
-			globalRoleId: ownerRoleId,
+			globalRoleId: globalOwnerRole.id,
 		},
 	});
-	return owner;
 }
 
 /**