2023-01-27 05:56:56 -08:00
|
|
|
import type { DeleteResult, EntityManager } from 'typeorm';
|
|
|
|
|
import { In, Not } from 'typeorm';
|
2022-11-09 06:25:00 -08:00
|
|
|
import * as Db from '@/Db';
|
|
|
|
|
import * as ResponseHelper from '@/ResponseHelper';
|
|
|
|
|
import * as WorkflowHelpers from '@/WorkflowHelpers';
|
2023-01-27 05:56:56 -08:00
|
|
|
import type { ICredentialsDb } from '@/Interfaces';
|
2022-11-09 06:25:00 -08:00
|
|
|
import { SharedWorkflow } from '@db/entities/SharedWorkflow';
|
2023-02-16 01:36:24 -08:00
|
|
|
import type { Role } from '@db/entities/Role';
|
2023-01-27 05:56:56 -08:00
|
|
|
import type { User } from '@db/entities/User';
|
2022-11-09 06:25:00 -08:00
|
|
|
import { WorkflowEntity } from '@db/entities/WorkflowEntity';
|
|
|
|
|
import { RoleService } from '@/role/role.service';
|
|
|
|
|
import { UserService } from '@/user/user.service';
|
2022-10-11 05:55:05 -07:00
|
|
|
import { WorkflowsService } from './workflows.services';
|
2022-11-23 06:34:17 -08:00
|
|
|
import type {
|
|
|
|
|
CredentialUsedByWorkflow,
|
|
|
|
|
WorkflowWithSharingsAndCredentials,
|
2023-02-16 01:36:24 -08:00
|
|
|
WorkflowForList,
|
2022-11-23 06:34:17 -08:00
|
|
|
} from './workflows.types';
|
2022-11-09 06:25:00 -08:00
|
|
|
import { EECredentialsService as EECredentials } from '@/credentials/credentials.service.ee';
|
2022-11-18 04:07:39 -08:00
|
|
|
import { getSharedWorkflowIds } from '@/WorkflowHelpers';
|
2022-12-21 07:42:07 -08:00
|
|
|
import { NodeOperationError } from 'n8n-workflow';
|
2022-10-11 05:55:05 -07:00
|
|
|
|
|
|
|
|
export class EEWorkflowsService extends WorkflowsService {
|
2022-11-18 04:07:39 -08:00
|
|
|
static async getWorkflowIdsForUser(user: User) {
|
|
|
|
|
// Get all workflows regardless of role
|
|
|
|
|
return getSharedWorkflowIds(user);
|
|
|
|
|
}
|
|
|
|
|
|
2022-10-11 05:55:05 -07:00
|
|
|
static async isOwned(
|
|
|
|
|
user: User,
|
|
|
|
|
workflowId: string,
|
|
|
|
|
): Promise<{ ownsWorkflow: boolean; workflow?: WorkflowEntity }> {
|
|
|
|
|
const sharing = await this.getSharing(user, workflowId, ['workflow', 'role'], {
|
|
|
|
|
allowGlobalOwner: false,
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
if (!sharing || sharing.role.name !== 'owner') return { ownsWorkflow: false };
|
|
|
|
|
|
|
|
|
|
const { workflow } = sharing;
|
|
|
|
|
|
|
|
|
|
return { ownsWorkflow: true, workflow };
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static async getSharings(
|
|
|
|
|
transaction: EntityManager,
|
|
|
|
|
workflowId: string,
|
|
|
|
|
): Promise<SharedWorkflow[]> {
|
2023-01-02 08:42:32 -08:00
|
|
|
const workflow = await transaction.findOne(WorkflowEntity, {
|
|
|
|
|
where: { id: workflowId },
|
2022-10-11 05:55:05 -07:00
|
|
|
relations: ['shared'],
|
|
|
|
|
});
|
|
|
|
|
return workflow?.shared ?? [];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static async pruneSharings(
|
|
|
|
|
transaction: EntityManager,
|
|
|
|
|
workflowId: string,
|
|
|
|
|
userIds: string[],
|
|
|
|
|
): Promise<DeleteResult> {
|
|
|
|
|
return transaction.delete(SharedWorkflow, {
|
2023-01-02 08:42:32 -08:00
|
|
|
workflowId,
|
|
|
|
|
userId: Not(In(userIds)),
|
2022-10-11 05:55:05 -07:00
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static async share(
|
|
|
|
|
transaction: EntityManager,
|
|
|
|
|
workflow: WorkflowEntity,
|
|
|
|
|
shareWithIds: string[],
|
|
|
|
|
): Promise<SharedWorkflow[]> {
|
|
|
|
|
const [users, role] = await Promise.all([
|
|
|
|
|
UserService.getByIds(transaction, shareWithIds),
|
|
|
|
|
RoleService.trxGet(transaction, { scope: 'workflow', name: 'editor' }),
|
|
|
|
|
]);
|
|
|
|
|
|
|
|
|
|
const newSharedWorkflows = users.reduce<SharedWorkflow[]>((acc, user) => {
|
|
|
|
|
if (user.isPending) {
|
|
|
|
|
return acc;
|
|
|
|
|
}
|
2023-01-13 09:12:22 -08:00
|
|
|
const entity: Partial<SharedWorkflow> = {
|
|
|
|
|
workflowId: workflow.id,
|
|
|
|
|
userId: user.id,
|
|
|
|
|
roleId: role?.id,
|
|
|
|
|
};
|
|
|
|
|
acc.push(Db.collections.SharedWorkflow.create(entity));
|
2022-10-11 05:55:05 -07:00
|
|
|
return acc;
|
|
|
|
|
}, []);
|
|
|
|
|
|
|
|
|
|
return transaction.save(newSharedWorkflows);
|
|
|
|
|
}
|
2022-10-11 07:40:39 -07:00
|
|
|
|
2023-02-16 01:36:24 -08:00
|
|
|
static addOwnerId(workflow: WorkflowForList, workflowOwnerRole: Role): void {
|
|
|
|
|
const ownerId = workflow.shared?.find(
|
|
|
|
|
({ roleId }) => String(roleId) === workflowOwnerRole.id,
|
|
|
|
|
)?.userId;
|
|
|
|
|
workflow.ownedBy = ownerId ? { id: ownerId } : null;
|
|
|
|
|
delete workflow.shared;
|
|
|
|
|
}
|
|
|
|
|
|
2022-11-25 05:20:28 -08:00
|
|
|
static addOwnerAndSharings(workflow: WorkflowWithSharingsAndCredentials): void {
|
2022-10-11 07:40:39 -07:00
|
|
|
workflow.ownedBy = null;
|
|
|
|
|
workflow.sharedWith = [];
|
2022-12-23 04:58:34 -08:00
|
|
|
if (!workflow.usedCredentials) {
|
|
|
|
|
workflow.usedCredentials = [];
|
|
|
|
|
}
|
2022-10-11 07:40:39 -07:00
|
|
|
|
|
|
|
|
workflow.shared?.forEach(({ user, role }) => {
|
|
|
|
|
const { id, email, firstName, lastName } = user;
|
|
|
|
|
|
|
|
|
|
if (role.name === 'owner') {
|
|
|
|
|
workflow.ownedBy = { id, email, firstName, lastName };
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
workflow.sharedWith?.push({ id, email, firstName, lastName });
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
delete workflow.shared;
|
|
|
|
|
}
|
2022-10-13 02:55:58 -07:00
|
|
|
|
2022-10-31 07:08:25 -07:00
|
|
|
static async addCredentialsToWorkflow(
|
|
|
|
|
workflow: WorkflowWithSharingsAndCredentials,
|
|
|
|
|
currentUser: User,
|
2022-11-25 05:20:28 -08:00
|
|
|
): Promise<void> {
|
2022-10-31 07:08:25 -07:00
|
|
|
workflow.usedCredentials = [];
|
2022-11-29 06:54:24 -08:00
|
|
|
const userCredentials = await EECredentials.getAll(currentUser, { disableGlobalRole: true });
|
2023-01-02 08:42:32 -08:00
|
|
|
const credentialIdsUsedByWorkflow = new Set<string>();
|
2022-10-31 07:08:25 -07:00
|
|
|
workflow.nodes.forEach((node) => {
|
|
|
|
|
if (!node.credentials) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
Object.keys(node.credentials).forEach((credentialType) => {
|
|
|
|
|
const credential = node.credentials?.[credentialType];
|
|
|
|
|
if (!credential?.id) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
2023-01-02 08:42:32 -08:00
|
|
|
credentialIdsUsedByWorkflow.add(credential.id);
|
2022-10-31 07:08:25 -07:00
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
const workflowCredentials = await EECredentials.getMany({
|
|
|
|
|
where: {
|
|
|
|
|
id: In(Array.from(credentialIdsUsedByWorkflow)),
|
|
|
|
|
},
|
2022-11-23 06:34:17 -08:00
|
|
|
relations: ['shared', 'shared.user', 'shared.role'],
|
2022-10-31 07:08:25 -07:00
|
|
|
});
|
2023-01-02 08:42:32 -08:00
|
|
|
const userCredentialIds = userCredentials.map((credential) => credential.id);
|
2022-10-31 07:08:25 -07:00
|
|
|
workflowCredentials.forEach((credential) => {
|
2023-01-02 08:42:32 -08:00
|
|
|
const credentialId = credential.id;
|
2022-11-23 06:34:17 -08:00
|
|
|
const workflowCredential: CredentialUsedByWorkflow = {
|
2023-01-02 08:42:32 -08:00
|
|
|
id: credentialId,
|
2022-10-31 07:08:25 -07:00
|
|
|
name: credential.name,
|
2022-11-08 08:52:42 -08:00
|
|
|
type: credential.type,
|
2022-10-31 07:08:25 -07:00
|
|
|
currentUserHasAccess: userCredentialIds.includes(credentialId),
|
2022-11-23 06:34:17 -08:00
|
|
|
sharedWith: [],
|
|
|
|
|
ownedBy: null,
|
|
|
|
|
};
|
|
|
|
|
credential.shared?.forEach(({ user, role }) => {
|
|
|
|
|
const { id, email, firstName, lastName } = user;
|
|
|
|
|
if (role.name === 'owner') {
|
|
|
|
|
workflowCredential.ownedBy = { id, email, firstName, lastName };
|
|
|
|
|
} else {
|
|
|
|
|
workflowCredential.sharedWith?.push({ id, email, firstName, lastName });
|
|
|
|
|
}
|
2022-10-31 07:08:25 -07:00
|
|
|
});
|
2022-11-23 06:34:17 -08:00
|
|
|
workflow.usedCredentials?.push(workflowCredential);
|
2022-10-31 07:08:25 -07:00
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
|
2022-10-13 02:55:58 -07:00
|
|
|
static validateCredentialPermissionsToUser(
|
|
|
|
|
workflow: WorkflowEntity,
|
|
|
|
|
allowedCredentials: ICredentialsDb[],
|
|
|
|
|
) {
|
|
|
|
|
workflow.nodes.forEach((node) => {
|
|
|
|
|
if (!node.credentials) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
Object.keys(node.credentials).forEach((credentialType) => {
|
2023-01-02 08:42:32 -08:00
|
|
|
const credentialId = node.credentials?.[credentialType].id;
|
|
|
|
|
if (credentialId === undefined) return;
|
|
|
|
|
const matchedCredential = allowedCredentials.find(({ id }) => id === credentialId);
|
2022-10-13 02:55:58 -07:00
|
|
|
if (!matchedCredential) {
|
|
|
|
|
throw new Error('The workflow contains credentials that you do not have access to');
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
}
|
2022-10-26 06:49:43 -07:00
|
|
|
|
2022-11-11 02:14:45 -08:00
|
|
|
static async preventTampering(workflow: WorkflowEntity, workflowId: string, user: User) {
|
2023-01-02 08:42:32 -08:00
|
|
|
const previousVersion = await EEWorkflowsService.get({ id: workflowId });
|
2022-11-11 02:14:45 -08:00
|
|
|
|
2022-10-26 06:49:43 -07:00
|
|
|
if (!previousVersion) {
|
2022-11-22 05:00:36 -08:00
|
|
|
throw new ResponseHelper.NotFoundError('Workflow not found');
|
2022-10-26 06:49:43 -07:00
|
|
|
}
|
2022-11-11 02:14:45 -08:00
|
|
|
|
2022-10-26 06:49:43 -07:00
|
|
|
const allCredentials = await EECredentials.getAll(user);
|
2022-11-11 02:14:45 -08:00
|
|
|
|
2022-10-26 06:49:43 -07:00
|
|
|
try {
|
2022-11-11 02:14:45 -08:00
|
|
|
return WorkflowHelpers.validateWorkflowCredentialUsage(
|
2022-10-26 06:49:43 -07:00
|
|
|
workflow,
|
|
|
|
|
previousVersion,
|
|
|
|
|
allCredentials,
|
|
|
|
|
);
|
|
|
|
|
} catch (error) {
|
2022-12-21 07:42:07 -08:00
|
|
|
if (error instanceof NodeOperationError) {
|
|
|
|
|
throw new ResponseHelper.BadRequestError(error.message);
|
|
|
|
|
}
|
2022-11-22 05:00:36 -08:00
|
|
|
throw new ResponseHelper.BadRequestError(
|
2022-10-26 06:49:43 -07:00
|
|
|
'Invalid workflow credentials - make sure you have access to all credentials and try again.',
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
}
|
2022-10-11 05:55:05 -07:00
|
|
|
}
|
