fix(core): Allow owner and admin to edit nodes with credentials that haven't been shared with them explicitly (#9922)

This commit is contained in:
Danny Martini 2024-07-09 16:25:50 +02:00 committed by GitHub
parent adb83155ca
commit 0f495986f8
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 38 additions and 22 deletions

View file

@ -135,7 +135,11 @@ describe('Sharing', { disableAutoLogin: true }, () => {
workflowsPage.getters.workflowCards().should('have.length', 2);
workflowsPage.getters.workflowCard('Workflow W1').click();
workflowPage.actions.openNode('Notion');
ndv.getters.credentialInput().should('have.value', 'Credential C1').should('be.disabled');
ndv.getters
.credentialInput()
.find('input')
.should('have.value', 'Credential C1')
.should('be.enabled');
ndv.actions.close();
cy.waitForLoad();

View file

@ -63,11 +63,10 @@ export class CredentialsService {
user: User,
options: {
listQueryOptions?: ListQuery.Options;
onlyOwn?: boolean;
includeScopes?: string;
} = {},
) {
const returnAll = user.hasGlobalScope('credential:list') && !options.onlyOwn;
const returnAll = user.hasGlobalScope('credential:list');
const isDefaultSelect = !options.listQueryOptions?.select;
let projectRelations: ProjectRelation[] | undefined = undefined;

View file

@ -80,7 +80,10 @@ export class EnterpriseWorkflowService {
currentUser: User,
): Promise<void> {
workflow.usedCredentials = [];
const userCredentials = await this.credentialsService.getMany(currentUser, { onlyOwn: true });
const userCredentials = await this.credentialsService.getCredentialsAUserCanUseInAWorkflow(
currentUser,
{ workflowId: workflow.id },
);
const credentialIdsUsedByWorkflow = new Set<string>();
workflow.nodes.forEach((node) => {
if (!node.credentials) {

View file

@ -428,28 +428,38 @@ describe('GET /workflows/:workflowId', () => {
expect(responseWorkflow.sharedWithProjects).toHaveLength(0);
});
test('should return workflow with credentials saying owner does not have access when not shared', async () => {
const savedCredential = await saveCredential(randomCredentialPayload(), { user: member });
test.each([
['owner', () => owner],
['admin', () => admin],
])(
'should return workflow with credentials saying %s does have access even when not shared',
async (_description, getActor) => {
const actor = getActor();
const savedCredential = await saveCredential(randomCredentialPayload(), { user: member });
const workflowPayload = makeWorkflow({
withPinData: false,
withCredential: { id: savedCredential.id, name: savedCredential.name },
});
const workflow = await createWorkflow(workflowPayload, owner);
const workflowPayload = makeWorkflow({
withPinData: false,
withCredential: { id: savedCredential.id, name: savedCredential.name },
});
const workflow = await createWorkflow(workflowPayload, actor);
const response = await authOwnerAgent.get(`/workflows/${workflow.id}`).expect(200);
const responseWorkflow: WorkflowWithSharingsMetaDataAndCredentials = response.body.data;
const response = await testServer
.authAgentFor(actor)
.get(`/workflows/${workflow.id}`)
.expect(200);
const responseWorkflow: WorkflowWithSharingsMetaDataAndCredentials = response.body.data;
expect(responseWorkflow.usedCredentials).toMatchObject([
{
id: savedCredential.id,
name: savedCredential.name,
currentUserHasAccess: false, // although owner can see, they do not have access
},
]);
expect(responseWorkflow.usedCredentials).toMatchObject([
{
id: savedCredential.id,
name: savedCredential.name,
currentUserHasAccess: true,
},
]);
expect(responseWorkflow.sharedWithProjects).toHaveLength(0);
});
expect(responseWorkflow.sharedWithProjects).toHaveLength(0);
},
);
test('should return workflow with credentials for all users with or without access', async () => {
const savedCredential = await saveCredential(randomCredentialPayload(), { user: member });