mirror of
https://github.com/n8n-io/n8n.git
synced 2024-12-25 04:34:06 -08:00
fix(core): Non owner should be permitted to use their own credentials (#5036)
This commit is contained in:
parent
d0865e28ff
commit
6efbac307f
|
@ -5,7 +5,7 @@ import {
|
||||||
Workflow,
|
Workflow,
|
||||||
WorkflowOperationError,
|
WorkflowOperationError,
|
||||||
} from 'n8n-workflow';
|
} from 'n8n-workflow';
|
||||||
import { FindManyOptions, In, ObjectLiteral } from 'typeorm';
|
import { FindConditions, In } from 'typeorm';
|
||||||
import * as Db from '@/Db';
|
import * as Db from '@/Db';
|
||||||
import config from '@/config';
|
import config from '@/config';
|
||||||
import type { SharedCredentials } from '@db/entities/SharedCredentials';
|
import type { SharedCredentials } from '@db/entities/SharedCredentials';
|
||||||
|
@ -47,19 +47,16 @@ export class PermissionChecker {
|
||||||
workflowUserIds = workflowSharings.map((s) => s.userId);
|
workflowUserIds = workflowSharings.map((s) => s.userId);
|
||||||
}
|
}
|
||||||
|
|
||||||
const credentialsWhereCondition: FindManyOptions<SharedCredentials> & { where: ObjectLiteral } =
|
const credentialsWhere: FindConditions<SharedCredentials> = { userId: In(workflowUserIds) };
|
||||||
{
|
|
||||||
where: { user: In(workflowUserIds) },
|
|
||||||
};
|
|
||||||
|
|
||||||
if (!isSharingEnabled()) {
|
if (!isSharingEnabled()) {
|
||||||
// If credential sharing is not enabled, get only credentials owned by this user
|
// If credential sharing is not enabled, get only credentials owned by this user
|
||||||
credentialsWhereCondition.where.role = await getRole('credential', 'owner');
|
credentialsWhere.role = await getRole('credential', 'owner');
|
||||||
}
|
}
|
||||||
|
|
||||||
const credentialSharings = await Db.collections.SharedCredentials.find(
|
const credentialSharings = await Db.collections.SharedCredentials.find({
|
||||||
credentialsWhereCondition,
|
where: credentialsWhere,
|
||||||
);
|
});
|
||||||
|
|
||||||
const accessibleCredIds = credentialSharings.map((s) => s.credentialsId.toString());
|
const accessibleCredIds = credentialSharings.map((s) => s.credentialsId.toString());
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue