mudhorn/n8n
1
0
Fork 0
mirror of https://github.com/n8n-io/n8n.git synced 2025-01-11 04:47:29 -08:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

fix(core): Account for owner when filtering by project ID in GET /workflows in Public API (#10379)

Browse source
This commit is contained in:
Iván Ovejero 2024-08-13 15:05:40 +02:00 committed by GitHub
parent 7ab38114db
commit 5ac65b36bc
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 37 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
packages/cli/src/PublicApi/v1/handlers/workflows/workflows.handler.ts
View file

@ -143,6 +143,19 @@ export = {
); );
where.id = In(workflowIds); where.id = In(workflowIds);
} }
if (projectId) {
const workflows = await Container.get(SharedWorkflowRepository).findAllWorkflowsForUser(
req.user,
['workflow:read'],
);
const workflowIds = workflows
.filter((workflow) => workflow.projectId === projectId)
.map((workflow) => workflow.id);
where.id = In(workflowIds);
}
} else { } else {
const options: { workflowIds?: string[] } = {}; const options: { workflowIds?: string[] } = {};

26
packages/cli/test/integration/publicApi/workflows.test.ts
View file

@ -267,8 +267,30 @@ describe('GET /workflows', () => {
} }
}); });
test('should return all user-accessible workflows filtered by `projectId`', async () => { test('for owner, should return all workflows filtered by `projectId`', async () => {
license.setQuota('quota:maxTeamProjects', 2); license.setQuota('quota:maxTeamProjects', -1);
const firstProject = await Container.get(ProjectService).createTeamProject('First', owner);
const secondProject = await Container.get(ProjectService).createTeamProject('Second', member);
await Promise.all([
createWorkflow({ name: 'First workflow' }, firstProject),
createWorkflow({ name: 'Second workflow' }, secondProject),
]);
const firstResponse = await authOwnerAgent.get(`/workflows?projectId=${firstProject.id}`);
const secondResponse = await authOwnerAgent.get(`/workflows?projectId=${secondProject.id}`);
expect(firstResponse.statusCode).toBe(200);
expect(firstResponse.body.data.length).toBe(1);
expect(firstResponse.body.data[0].name).toBe('First workflow');
expect(secondResponse.statusCode).toBe(200);
expect(secondResponse.body.data.length).toBe(1);
expect(secondResponse.body.data[0].name).toBe('Second workflow');
});
test('for member, should return all member-accessible workflows filtered by `projectId`', async () => {
license.setQuota('quota:maxTeamProjects', -1);
const otherProject = await Container.get(ProjectService).createTeamProject( const otherProject = await Container.get(ProjectService).createTeamProject(
'Other project', 'Other project',
member, member,