✨ Added public api permissions handling.

2025-03-05 20:50:17 -08:00 · 2022-04-29 13:48:56 +03:00 · 2022-04-29 13:48:56 +03:00 · 3ce75c0460
parent c0f3bd3c17
commit 3ce75c0460
7 changed files with 50 additions and 9 deletions
--- a/packages/editor-ui/src/Interface.ts
+++ b/packages/editor-ui/src/Interface.ts
@ -530,6 +530,7 @@ export interface IPermissionGroup {
 	loginStatus?: ILogInStatus[];
 	role?: IRole[];
 	um?: boolean;
 	api?: boolean;
 }
 export interface IPermissions {
@ -632,6 +633,9 @@ export interface IN8nUISettings {
 		enabled: boolean;
 		host: string;
 	};
 	publicApi: {
 		enabled: boolean;
 	};
 }
 export interface IWorkflowSettings extends IWorkflowSettingsWorkflow {
@ -834,6 +838,7 @@ export interface ISettingsState {
 	userManagement: IUserManagementConfig;
 	templatesEndpointHealthy: boolean;
 	api: {
 		enabled: boolean;
 		key: string | undefined;
 	};
 }
--- a/packages/editor-ui/src/components/MainSidebar.vue
+++ b/packages/editor-ui/src/components/MainSidebar.vue
@ -259,7 +259,11 @@ export default mixins(
 				'isTemplatesEnabled',
 			]),
 			canUserAccessSettings(): boolean {
-				return this.canUserAccessRouteByName(VIEWS.PERSONAL_SETTINGS) || this.canUserAccessRouteByName(VIEWS.USERS_SETTINGS);
+				return [
 					VIEWS.PERSONAL_SETTINGS,
 					VIEWS.USERS_SETTINGS,
 					VIEWS.API_SETTINGS,
 				].some((route) => this.canUserAccessRouteByName(route));
 			},
 			helpMenuItems (): object[] {
 				return [
--- a/packages/editor-ui/src/components/SettingsSidebar.vue
+++ b/packages/editor-ui/src/components/SettingsSidebar.vue
@ -19,7 +19,7 @@
 				</i>
 				<span slot="title">{{ $locale.baseText('settings.users') }}</span>
 			</n8n-menu-item>
-			<n8n-menu-item index="/settings/api" :class="$style.tab">
+			<n8n-menu-item index="/settings/api" v-if="canAccessApiSettings()" :class="$style.tab">
 				<i :class="$style.icon">
 					<font-awesome-icon icon="plug" />
 				</i>
@ -54,6 +54,9 @@ export default mixins(
 		canAccessUsersSettings(): boolean {
 			return this.canUserAccessRouteByName(VIEWS.USERS_SETTINGS);
 		},
 		canAccessApiSettings(): boolean {
 			return this.canUserAccessRouteByName(VIEWS.API_SETTINGS);
 		},
 		onVersionClick() {
 			this.$store.dispatch('ui/openModal', ABOUT_MODAL_KEY);
 		},
--- a/packages/editor-ui/src/components/mixins/userHelpers.ts
+++ b/packages/editor-ui/src/components/mixins/userHelpers.ts
@ -19,11 +19,13 @@ export const userHelpers = Vue.extend({
 			const permissions: IPermissions = route.meta && route.meta.permissions;
 			const currentUser = this.$store.getters['users/currentUser'];
 			const isUMEnabled = this.$store.getters['settings/isUserManagementEnabled'];
 			const isPublicApiEnabled = this.$store.getters['settings/isPublicApiEnabled'];
-			if (permissions && isAuthorized(permissions, { currentUser, isUMEnabled })) {
+			return permissions && isAuthorized(permissions, {
-				return true;
+				currentUser,
-			}
+				isUMEnabled,
-			return false;
+				isPublicApiEnabled,
 			});
 		},
 	},
 });
--- a/packages/editor-ui/src/modules/settings.ts
+++ b/packages/editor-ui/src/modules/settings.ts
@ -26,6 +26,7 @@ const module: Module<ISettingsState, IRootState> = {
 		},
 		templatesEndpointHealthy: false,
 		api: {
 			enabled: false,
 			key: undefined,
 		},
 	},
@ -36,6 +37,9 @@ const module: Module<ISettingsState, IRootState> = {
 		isUserManagementEnabled(state: ISettingsState): boolean {
 			return state.userManagement.enabled;
 		},
 		isPublicApiEnabled(state: ISettingsState): boolean {
 			return state.api.enabled;
 		},
 		showSetupPage(state: ISettingsState) {
 			return state.userManagement.showSetupOnFirstLoad;
 		},
@ -82,6 +86,7 @@ const module: Module<ISettingsState, IRootState> = {
 			state.userManagement.enabled = settings.userManagement.enabled;
 			state.userManagement.showSetupOnFirstLoad = !!settings.userManagement.showSetupOnFirstLoad;
 			state.userManagement.smtpSetup = settings.userManagement.smtpSetup;
 			state.api.enabled = settings.publicApi.enabled;
 		},
 		stopShowingSetupPage(state: ISettingsState) {
 			Vue.set(state.userManagement, 'showSetupOnFirstLoad', false);
--- a/packages/editor-ui/src/modules/userHelpers.ts
+++ b/packages/editor-ui/src/modules/userHelpers.ts
@ -42,10 +42,25 @@ export const PERMISSIONS: IUserPermissions = {
 	},
 };
-export const isAuthorized = (permissions: IPermissions, {currentUser, isUMEnabled}: {currentUser: IUser | null, isUMEnabled: boolean}): boolean => {
+interface IsAuthorizedOptions {
 	currentUser: IUser | null;
 	isUMEnabled?: boolean;
 	isPublicApiEnabled?: boolean;
 }
 export const isAuthorized = (permissions: IPermissions, {
 	currentUser,
 	isUMEnabled,
 	isPublicApiEnabled,
 }: IsAuthorizedOptions): boolean => {
 	const loginStatus = currentUser ? LOGIN_STATUS.LoggedIn : LOGIN_STATUS.LoggedOut;
 	if (permissions.deny) {
-		if (permissions.deny.um === isUMEnabled) {
+		if (permissions.deny.hasOwnProperty('um') && permissions.deny.um === isUMEnabled) {
 			return false;
 		}
 		if (permissions.deny.hasOwnProperty('api') && permissions.deny.api === isPublicApiEnabled) {
 			return false;
 		}
@ -65,7 +80,11 @@ export const isAuthorized = (permissions: IPermissions, {currentUser, isUMEnable
 	}
 	if (permissions.allow) {
-		if (permissions.allow.um === isUMEnabled) {
+		if (permissions.allow.hasOwnProperty('um') && permissions.allow.um === isUMEnabled) {
 			return true;
 		}
 		if (permissions.allow.hasOwnProperty('api') && permissions.allow.api === isPublicApiEnabled) {
 			return true;
 		}
--- a/packages/editor-ui/src/router.ts
+++ b/packages/editor-ui/src/router.ts
@ -375,6 +375,9 @@ const router = new Router({
 					allow: {
 						loginStatus: [LOGIN_STATUS.LoggedIn],
 					},
 					deny: {
 						api: false,
 					},
 				},
 			},
 		},