feat: Add global admin role (no-changelog) (#7781)

Github issue / Community forum post (link here to close automatically):
2025-02-21 02:56:40 -08:00 · 2023-11-23 13:38:11 +00:00 · 2023-11-23 13:38:11 +00:00 · 865192adf0
parent 5835e055d3
commit 865192adf0
5 changed files with 66 additions and 1 deletions
--- a/packages/cli/src/databases/entities/User.ts
+++ b/packages/cli/src/databases/entities/User.ts
@ -20,7 +20,7 @@ import { objectRetriever, lowerCaser } from '../utils/transformers';
 import { WithTimestamps, jsonColumnType } from './AbstractEntity';
 import type { IPersonalizationSurveyAnswers } from '@/Interfaces';
 import type { AuthIdentity } from './AuthIdentity';
-import { ownerPermissions, memberPermissions } from '@/permissions/roles';
+import { ownerPermissions, memberPermissions, adminPermissions } from '@/permissions/roles';
 import { hasScope, type ScopeOptions, type Scope } from '@n8n/permissions';

 export const MIN_PASSWORD_LENGTH = 8;
@ -30,6 +30,7 @@ export const MAX_PASSWORD_LENGTH = 64;
 const STATIC_SCOPE_MAP: Record<string, Scope[]> = {
 	owner: ownerPermissions,
 	member: memberPermissions,
+	admin: adminPermissions,
 };

@Entity()
--- a/packages/cli/src/databases/migrations/common/1700571993961-AddGlobalAdminRole.ts
+++ b/packages/cli/src/databases/migrations/common/1700571993961-AddGlobalAdminRole.ts
@ -0,0 +1,58 @@
+import type { MigrationContext, ReversibleMigration } from '@db/types';
+
+export class AddGlobalAdminRole1700571993961 implements ReversibleMigration {
+	async up({ escape, runQuery }: MigrationContext) {
+		const tableName = escape.tableName('role');
+
+		await runQuery(`INSERT INTO ${tableName} (name, scope) VALUES (:name, :scope)`, {
+			name: 'admin',
+			scope: 'global',
+		});
+	}
+
+	async down({ escape, runQuery }: MigrationContext) {
+		const roleTableName = escape.tableName('role');
+		const userTableName = escape.tableName('user');
+
+		const adminRoleIdResult = await runQuery<Array<{ id: number }>>(
+			`SELECT id FROM ${roleTableName} WHERE name = :name AND scope = :scope`,
+			{
+				name: 'admin',
+				scope: 'global',
+			},
+		);
+
+		const memberRoleIdResult = await runQuery<Array<{ id: number }>>(
+			`SELECT id FROM ${roleTableName} WHERE name = :name AND scope = :scope`,
+			{
+				name: 'member',
+				scope: 'global',
+			},
+		);
+
+		const adminRoleId = adminRoleIdResult[0]?.id;
+		if (adminRoleId === undefined) {
+			// Couldn't find admin role. It's a bit odd but it means we don't
+			// have anything to do.
+			return;
+		}
+
+		const memberRoleId = memberRoleIdResult[0]?.id;
+		if (!memberRoleId) {
+			throw new Error('Could not find global member role!');
+		}
+
+		await runQuery(
+			`UPDATE ${userTableName} SET globalRoleId = :memberRoleId WHERE globalRoleId = :adminRoleId`,
+			{
+				memberRoleId,
+				adminRoleId,
+			},
+		);
+
+		await runQuery(`DELETE FROM ${roleTableName} WHERE name = :name AND scope = :scope`, {
+			name: 'admin',
+			scope: 'global',
+		});
+	}
+}
--- a/packages/cli/src/databases/migrations/mysqldb/index.ts
+++ b/packages/cli/src/databases/migrations/mysqldb/index.ts
@ -50,6 +50,7 @@ import { DisallowOrphanExecutions1693554410387 } from '../common/1693554410387-D
 import { ExecutionSoftDelete1693491613982 } from '../common/1693491613982-ExecutionSoftDelete';
 import { AddWorkflowMetadata1695128658538 } from '../common/1695128658538-AddWorkflowMetadata';
 import { ModifyWorkflowHistoryNodesAndConnections1695829275184 } from '../common/1695829275184-ModifyWorkflowHistoryNodesAndConnections';
+import { AddGlobalAdminRole1700571993961 } from '../common/1700571993961-AddGlobalAdminRole';

 export const mysqlMigrations: Migration[] = [
 	InitialMigration1588157391238,
@ -103,4 +104,5 @@ export const mysqlMigrations: Migration[] = [
 	ExecutionSoftDelete1693491613982,
 	AddWorkflowMetadata1695128658538,
 	ModifyWorkflowHistoryNodesAndConnections1695829275184,
+	AddGlobalAdminRole1700571993961,
 ];
--- a/packages/cli/src/databases/migrations/postgresdb/index.ts
+++ b/packages/cli/src/databases/migrations/postgresdb/index.ts
@ -49,6 +49,7 @@ import { ExecutionSoftDelete1693491613982 } from '../common/1693491613982-Execut
 import { AddWorkflowMetadata1695128658538 } from '../common/1695128658538-AddWorkflowMetadata';
 import { MigrateToTimestampTz1694091729095 } from './1694091729095-MigrateToTimestampTz';
 import { ModifyWorkflowHistoryNodesAndConnections1695829275184 } from '../common/1695829275184-ModifyWorkflowHistoryNodesAndConnections';
+import { AddGlobalAdminRole1700571993961 } from '../common/1700571993961-AddGlobalAdminRole';

 export const postgresMigrations: Migration[] = [
 	InitialMigration1587669153312,
@ -101,4 +102,5 @@ export const postgresMigrations: Migration[] = [
 	AddWorkflowMetadata1695128658538,
 	MigrateToTimestampTz1694091729095,
 	ModifyWorkflowHistoryNodesAndConnections1695829275184,
+	AddGlobalAdminRole1700571993961,
 ];
--- a/packages/cli/src/databases/migrations/sqlite/index.ts
+++ b/packages/cli/src/databases/migrations/sqlite/index.ts
@ -47,6 +47,7 @@ import { DisallowOrphanExecutions1693554410387 } from '../common/1693554410387-D
 import { ExecutionSoftDelete1693491613982 } from './1693491613982-ExecutionSoftDelete';
 import { AddWorkflowMetadata1695128658538 } from '../common/1695128658538-AddWorkflowMetadata';
 import { ModifyWorkflowHistoryNodesAndConnections1695829275184 } from '../common/1695829275184-ModifyWorkflowHistoryNodesAndConnections';
+import { AddGlobalAdminRole1700571993961 } from '../common/1700571993961-AddGlobalAdminRole';

 const sqliteMigrations: Migration[] = [
 	InitialMigration1588102412422,
@ -97,6 +98,7 @@ const sqliteMigrations: Migration[] = [
 	ExecutionSoftDelete1693491613982,
 	AddWorkflowMetadata1695128658538,
 	ModifyWorkflowHistoryNodesAndConnections1695829275184,
+	AddGlobalAdminRole1700571993961,
 ];

 export { sqliteMigrations };