Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Implement runtine check for enterprise features #4676

Merged
merged 10 commits into from
Nov 22, 2022
Merged

feat: Implement runtine check for enterprise features #4676

Show file tree
Hide file tree
Changes from 9 commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
7998ae7
refactor: Adjust credential endpoints permissions
krynble Nov 18, 2022
1ab563c
Merge branch 'master' into n8n-5633-prevent-access-to-credentials-when
krynble Nov 21, 2022
4157116
fix: Types and minor changes
krynble Nov 21, 2022
c47ac3c
refactor: Implement runtime checks for enterprise features
krynble Nov 21, 2022
68ae7de
Merge branch 'master' into n8n-5634-change-runtime-when-enterprise-fe…
krynble Nov 21, 2022
3253ec9
feat: Implement runtine check for enterprise features
krynble Nov 21, 2022
e6bbecb
fix: correct typeorm import
krynble Nov 22, 2022
c6b2a3f
merge master
krynble Nov 22, 2022
f6e4a8a
fix: Minor code improvements
krynble Nov 22, 2022
7ab074c
Merge branch 'master' into n8n-5634-change-runtime-when-enterprise-fe…
krynble Nov 22, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
29 changes: 19 additions & 10 deletions packages/cli/src/UserManagement/PermissionChecker.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,9 @@
import { INode, NodeOperationError, Workflow } from 'n8n-workflow';
import { In } from 'typeorm';
import { FindManyOptions, In, ObjectLiteral } from 'typeorm';
import * as Db from '@/Db';
import config from '@/config';
import type { SharedCredentials } from '@db/entities/SharedCredentials';
import { getRole } from './UserManagementHelper';

export class PermissionChecker {
/**
Expand All @@ -26,23 +29,29 @@ export class PermissionChecker {
// allow if all creds used in this workflow are a subset of
// all creds accessible to users who have access to this workflow

let workflowUserIds: string[] = [];
let workflowUserIds = [userId];

if (workflow.id) {
if (workflow.id && config.getEnv('enterprise.workflowSharingEnabled')) {
const workflowSharings = await Db.collections.SharedWorkflow.find({
relations: ['workflow'],
where: { workflow: { id: Number(workflow.id) } },
});

workflowUserIds = workflowSharings.map((s) => s.userId);
} else {
// unsaved workflows have no id, so only get credentials for current user
workflowUserIds = [userId];
}

const credentialSharings = await Db.collections.SharedCredentials.find({
where: { user: In(workflowUserIds) },
});
const credentialsWhereCondition: FindManyOptions<SharedCredentials> & { where: ObjectLiteral } =
{
where: { user: In(workflowUserIds) },
};

if (!config.getEnv('enterprise.features.sharing')) {
// If credential sharing is not enabled, get only credentials owned by this user
credentialsWhereCondition.where.role = await getRole('credential', 'owner');
}

const credentialSharings = await Db.collections.SharedCredentials.find(
credentialsWhereCondition,
);

const accessibleCredIds = credentialSharings.map((s) => s.credentialId.toString());

Expand Down
9 changes: 9 additions & 0 deletions packages/cli/src/UserManagement/UserManagementHelper.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,15 @@ export async function getInstanceOwner(): Promise<User> {
return owner;
}

export async function getRole(scope: Role['scope'], name: Role['name']): Promise<Role> {
return Db.collections.Role.findOneOrFail({
where: {
name,
scope,
},
});
}

/**
* Return the n8n instance base URL without trailing slash.
*/
Expand Down