fix(core): Non owner should be permitted to use their own credentials (#5036)

This commit is contained in:
कारतोफ्फेलस्क्रिप्ट™ 2022-12-27 16:09:43 +01:00 committed by GitHub
parent d0865e28ff
commit 6efbac307f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -5,7 +5,7 @@ import {
Workflow, Workflow,
WorkflowOperationError, WorkflowOperationError,
} from 'n8n-workflow'; } from 'n8n-workflow';
import { FindManyOptions, In, ObjectLiteral } from 'typeorm'; import { FindConditions, In } from 'typeorm';
import * as Db from '@/Db'; import * as Db from '@/Db';
import config from '@/config'; import config from '@/config';
import type { SharedCredentials } from '@db/entities/SharedCredentials'; import type { SharedCredentials } from '@db/entities/SharedCredentials';
@ -47,19 +47,16 @@ export class PermissionChecker {
workflowUserIds = workflowSharings.map((s) => s.userId); workflowUserIds = workflowSharings.map((s) => s.userId);
} }
const credentialsWhereCondition: FindManyOptions<SharedCredentials> & { where: ObjectLiteral } = const credentialsWhere: FindConditions<SharedCredentials> = { userId: In(workflowUserIds) };
{
where: { user: In(workflowUserIds) },
};
if (!isSharingEnabled()) { if (!isSharingEnabled()) {
// If credential sharing is not enabled, get only credentials owned by this user // If credential sharing is not enabled, get only credentials owned by this user
credentialsWhereCondition.where.role = await getRole('credential', 'owner'); credentialsWhere.role = await getRole('credential', 'owner');
} }
const credentialSharings = await Db.collections.SharedCredentials.find( const credentialSharings = await Db.collections.SharedCredentials.find({
credentialsWhereCondition, where: credentialsWhere,
); });
const accessibleCredIds = credentialSharings.map((s) => s.credentialsId.toString()); const accessibleCredIds = credentialSharings.map((s) => s.credentialsId.toString());