mirror of
https://github.com/n8n-io/n8n.git
synced 2024-12-24 20:24:05 -08:00
fix(core): Allow owner and admin to edit nodes with credentials that haven't been shared with them explicitly (#9922)
This commit is contained in:
parent
adb83155ca
commit
0f495986f8
|
@ -135,7 +135,11 @@ describe('Sharing', { disableAutoLogin: true }, () => {
|
|||
workflowsPage.getters.workflowCards().should('have.length', 2);
|
||||
workflowsPage.getters.workflowCard('Workflow W1').click();
|
||||
workflowPage.actions.openNode('Notion');
|
||||
ndv.getters.credentialInput().should('have.value', 'Credential C1').should('be.disabled');
|
||||
ndv.getters
|
||||
.credentialInput()
|
||||
.find('input')
|
||||
.should('have.value', 'Credential C1')
|
||||
.should('be.enabled');
|
||||
ndv.actions.close();
|
||||
|
||||
cy.waitForLoad();
|
||||
|
|
|
@ -63,11 +63,10 @@ export class CredentialsService {
|
|||
user: User,
|
||||
options: {
|
||||
listQueryOptions?: ListQuery.Options;
|
||||
onlyOwn?: boolean;
|
||||
includeScopes?: string;
|
||||
} = {},
|
||||
) {
|
||||
const returnAll = user.hasGlobalScope('credential:list') && !options.onlyOwn;
|
||||
const returnAll = user.hasGlobalScope('credential:list');
|
||||
const isDefaultSelect = !options.listQueryOptions?.select;
|
||||
|
||||
let projectRelations: ProjectRelation[] | undefined = undefined;
|
||||
|
|
|
@ -80,7 +80,10 @@ export class EnterpriseWorkflowService {
|
|||
currentUser: User,
|
||||
): Promise<void> {
|
||||
workflow.usedCredentials = [];
|
||||
const userCredentials = await this.credentialsService.getMany(currentUser, { onlyOwn: true });
|
||||
const userCredentials = await this.credentialsService.getCredentialsAUserCanUseInAWorkflow(
|
||||
currentUser,
|
||||
{ workflowId: workflow.id },
|
||||
);
|
||||
const credentialIdsUsedByWorkflow = new Set<string>();
|
||||
workflow.nodes.forEach((node) => {
|
||||
if (!node.credentials) {
|
||||
|
|
|
@ -428,28 +428,38 @@ describe('GET /workflows/:workflowId', () => {
|
|||
expect(responseWorkflow.sharedWithProjects).toHaveLength(0);
|
||||
});
|
||||
|
||||
test('should return workflow with credentials saying owner does not have access when not shared', async () => {
|
||||
const savedCredential = await saveCredential(randomCredentialPayload(), { user: member });
|
||||
test.each([
|
||||
['owner', () => owner],
|
||||
['admin', () => admin],
|
||||
])(
|
||||
'should return workflow with credentials saying %s does have access even when not shared',
|
||||
async (_description, getActor) => {
|
||||
const actor = getActor();
|
||||
const savedCredential = await saveCredential(randomCredentialPayload(), { user: member });
|
||||
|
||||
const workflowPayload = makeWorkflow({
|
||||
withPinData: false,
|
||||
withCredential: { id: savedCredential.id, name: savedCredential.name },
|
||||
});
|
||||
const workflow = await createWorkflow(workflowPayload, owner);
|
||||
const workflowPayload = makeWorkflow({
|
||||
withPinData: false,
|
||||
withCredential: { id: savedCredential.id, name: savedCredential.name },
|
||||
});
|
||||
const workflow = await createWorkflow(workflowPayload, actor);
|
||||
|
||||
const response = await authOwnerAgent.get(`/workflows/${workflow.id}`).expect(200);
|
||||
const responseWorkflow: WorkflowWithSharingsMetaDataAndCredentials = response.body.data;
|
||||
const response = await testServer
|
||||
.authAgentFor(actor)
|
||||
.get(`/workflows/${workflow.id}`)
|
||||
.expect(200);
|
||||
const responseWorkflow: WorkflowWithSharingsMetaDataAndCredentials = response.body.data;
|
||||
|
||||
expect(responseWorkflow.usedCredentials).toMatchObject([
|
||||
{
|
||||
id: savedCredential.id,
|
||||
name: savedCredential.name,
|
||||
currentUserHasAccess: false, // although owner can see, they do not have access
|
||||
},
|
||||
]);
|
||||
expect(responseWorkflow.usedCredentials).toMatchObject([
|
||||
{
|
||||
id: savedCredential.id,
|
||||
name: savedCredential.name,
|
||||
currentUserHasAccess: true,
|
||||
},
|
||||
]);
|
||||
|
||||
expect(responseWorkflow.sharedWithProjects).toHaveLength(0);
|
||||
});
|
||||
expect(responseWorkflow.sharedWithProjects).toHaveLength(0);
|
||||
},
|
||||
);
|
||||
|
||||
test('should return workflow with credentials for all users with or without access', async () => {
|
||||
const savedCredential = await saveCredential(randomCredentialPayload(), { user: member });
|
||||
|
|
Loading…
Reference in a new issue