feat: Add global admin role (no-changelog) (#7781)

Github issue / Community forum post (link here to close automatically):
2025-02-21 02:56:40 -08:00 · 2023-11-23 13:38:11 +00:00 · 2023-11-23 13:38:11 +00:00 · 865192adf0
parent 5835e055d3
commit 865192adf0
5 changed files with 66 additions and 1 deletions
--- a/packages/cli/src/databases/entities/User.ts
+++ b/packages/cli/src/databases/entities/User.ts
@ -20,7 +20,7 @@ import { objectRetriever, lowerCaser } from '../utils/transformers';
 import { WithTimestamps, jsonColumnType } from './AbstractEntity';
 import type { IPersonalizationSurveyAnswers } from '@/Interfaces';
 import type { AuthIdentity } from './AuthIdentity';
-import { ownerPermissions, memberPermissions } from '@/permissions/roles';
+import { ownerPermissions, memberPermissions, adminPermissions } from '@/permissions/roles';
 import { hasScope, type ScopeOptions, type Scope } from '@n8n/permissions';
 export const MIN_PASSWORD_LENGTH = 8;
@ -30,6 +30,7 @@ export const MAX_PASSWORD_LENGTH = 64;
 const STATIC_SCOPE_MAP: Record<string, Scope[]> = {
 	owner: ownerPermissions,
 	member: memberPermissions,
 	admin: adminPermissions,
 };
@Entity()
--- a/packages/cli/src/databases/migrations/common/1700571993961-AddGlobalAdminRole.ts
+++ b/packages/cli/src/databases/migrations/common/1700571993961-AddGlobalAdminRole.ts
@ -0,0 +1,58 @@
 import type { MigrationContext, ReversibleMigration } from '@db/types';
 export class AddGlobalAdminRole1700571993961 implements ReversibleMigration {
 	async up({ escape, runQuery }: MigrationContext) {
 		const tableName = escape.tableName('role');
 		await runQuery(`INSERT INTO ${tableName} (name, scope) VALUES (:name, :scope)`, {
 			name: 'admin',
 			scope: 'global',
 		});
 	}
 	async down({ escape, runQuery }: MigrationContext) {
 		const roleTableName = escape.tableName('role');
 		const userTableName = escape.tableName('user');
 		const adminRoleIdResult = await runQuery<Array<{ id: number }>>(
 			`SELECT id FROM ${roleTableName} WHERE name = :name AND scope = :scope`,
 			{
 				name: 'admin',
 				scope: 'global',
 			},
 		);
 		const memberRoleIdResult = await runQuery<Array<{ id: number }>>(
 			`SELECT id FROM ${roleTableName} WHERE name = :name AND scope = :scope`,
 			{
 				name: 'member',
 				scope: 'global',
 			},
 		);
 		const adminRoleId = adminRoleIdResult[0]?.id;
 		if (adminRoleId === undefined) {
 			// Couldn't find admin role. It's a bit odd but it means we don't
 			// have anything to do.
 			return;
 		}
 		const memberRoleId = memberRoleIdResult[0]?.id;
 		if (!memberRoleId) {
 			throw new Error('Could not find global member role!');
 		}
 		await runQuery(
 			`UPDATE ${userTableName} SET globalRoleId = :memberRoleId WHERE globalRoleId = :adminRoleId`,
 			{
 				memberRoleId,
 				adminRoleId,
 			},
 		);
 		await runQuery(`DELETE FROM ${roleTableName} WHERE name = :name AND scope = :scope`, {
 			name: 'admin',
 			scope: 'global',
 		});
 	}
 }
--- a/packages/cli/src/databases/migrations/mysqldb/index.ts
+++ b/packages/cli/src/databases/migrations/mysqldb/index.ts
@ -50,6 +50,7 @@ import { DisallowOrphanExecutions1693554410387 } from '../common/1693554410387-D
 import { ExecutionSoftDelete1693491613982 } from '../common/1693491613982-ExecutionSoftDelete';
 import { AddWorkflowMetadata1695128658538 } from '../common/1695128658538-AddWorkflowMetadata';
 import { ModifyWorkflowHistoryNodesAndConnections1695829275184 } from '../common/1695829275184-ModifyWorkflowHistoryNodesAndConnections';
 import { AddGlobalAdminRole1700571993961 } from '../common/1700571993961-AddGlobalAdminRole';
 export const mysqlMigrations: Migration[] = [
 	InitialMigration1588157391238,
@ -103,4 +104,5 @@ export const mysqlMigrations: Migration[] = [
 	ExecutionSoftDelete1693491613982,
 	AddWorkflowMetadata1695128658538,
 	ModifyWorkflowHistoryNodesAndConnections1695829275184,
 	AddGlobalAdminRole1700571993961,
 ];
--- a/packages/cli/src/databases/migrations/postgresdb/index.ts
+++ b/packages/cli/src/databases/migrations/postgresdb/index.ts
@ -49,6 +49,7 @@ import { ExecutionSoftDelete1693491613982 } from '../common/1693491613982-Execut
 import { AddWorkflowMetadata1695128658538 } from '../common/1695128658538-AddWorkflowMetadata';
 import { MigrateToTimestampTz1694091729095 } from './1694091729095-MigrateToTimestampTz';
 import { ModifyWorkflowHistoryNodesAndConnections1695829275184 } from '../common/1695829275184-ModifyWorkflowHistoryNodesAndConnections';
 import { AddGlobalAdminRole1700571993961 } from '../common/1700571993961-AddGlobalAdminRole';
 export const postgresMigrations: Migration[] = [
 	InitialMigration1587669153312,
@ -101,4 +102,5 @@ export const postgresMigrations: Migration[] = [
 	AddWorkflowMetadata1695128658538,
 	MigrateToTimestampTz1694091729095,
 	ModifyWorkflowHistoryNodesAndConnections1695829275184,
 	AddGlobalAdminRole1700571993961,
 ];
--- a/packages/cli/src/databases/migrations/sqlite/index.ts
+++ b/packages/cli/src/databases/migrations/sqlite/index.ts
@ -47,6 +47,7 @@ import { DisallowOrphanExecutions1693554410387 } from '../common/1693554410387-D
 import { ExecutionSoftDelete1693491613982 } from './1693491613982-ExecutionSoftDelete';
 import { AddWorkflowMetadata1695128658538 } from '../common/1695128658538-AddWorkflowMetadata';
 import { ModifyWorkflowHistoryNodesAndConnections1695829275184 } from '../common/1695829275184-ModifyWorkflowHistoryNodesAndConnections';
 import { AddGlobalAdminRole1700571993961 } from '../common/1700571993961-AddGlobalAdminRole';
 const sqliteMigrations: Migration[] = [
 	InitialMigration1588102412422,
@ -97,6 +98,7 @@ const sqliteMigrations: Migration[] = [
 	ExecutionSoftDelete1693491613982,
 	AddWorkflowMetadata1695128658538,
 	ModifyWorkflowHistoryNodesAndConnections1695829275184,
 	AddGlobalAdminRole1700571993961,
 ];
 export { sqliteMigrations };