mudhorn/n8n
1
0
Fork 0
mirror of https://github.com/n8n-io/n8n.git synced 2024-11-13 16:14:07 -08:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
n8n/packages/editor-ui/src/permissions.ts
Iván Ovejero d5c44987f4
refactor(editor): Add infix to Pinia stores (no-changelog) (#6149) 
*  Add infix to Pinia stores

*  Fix paths in mocks

* 🐛 Fix import
2023-05-05 10:41:54 +02:00

153 lines
4.4 KiB
TypeScript
Raw Blame History

/**
* Permissions table implementation
*
* @usage getCredentialPermissions(user, credential).isOwner;
*/
import type { IUser, ICredentialsResponse, IWorkflowDb } from '@/Interface';
import { EnterpriseEditionFeature, PLACEHOLDER_EMPTY_WORKFLOW_ID } from '@/constants';
import { useSettingsStore } from './stores/settings.store';
export const enum UserRole {
InstanceOwner = 'isInstanceOwner',
ResourceOwner = 'isOwner',
ResourceEditor = 'isEditor',
ResourceSharee = 'isSharee',
}
export type IPermissions = Record<string, boolean>;
type IPermissionsTableRowTestFn = (permissions: IPermissions) => boolean;
export interface IPermissionsTableRow {
name: string;
test: string[] | IPermissionsTableRowTestFn;
}
export type IPermissionsTable = IPermissionsTableRow[];
/**
* Returns the permissions for the given user and resource
*
* @param user
* @param table
*/
export const parsePermissionsTable = (
user: IUser | null,
table: IPermissionsTable,
): IPermissions => {
const genericTable = [{ name: UserRole.InstanceOwner, test: () => user?.isOwner }];
return [...genericTable, ...table].reduce((permissions: IPermissions, row) => {
permissions[row.name] = Array.isArray(row.test)
? row.test.some((ability) => permissions[ability])
: (row.test as IPermissionsTableRowTestFn)(permissions);
return permissions;
}, {});
};
/**
* User permissions definition
*/
export const getCredentialPermissions = (user: IUser | null, credential: ICredentialsResponse) => {
const settingsStore = useSettingsStore();
const isSharingEnabled = settingsStore.isEnterpriseFeatureEnabled(
EnterpriseEditionFeature.Sharing,
);
const table: IPermissionsTable = [
{
name: UserRole.ResourceOwner,
test: () =>
!!(credential && credential.ownedBy && credential.ownedBy.id === user?.id) ||
!isSharingEnabled,
},
{
name: UserRole.ResourceSharee,
test: () =>
!!(
credential &&
credential.sharedWith &&
credential.sharedWith.find((sharee) => sharee.id === user?.id)
),
},
{
name: 'read',
test: [UserRole.ResourceOwner, UserRole.InstanceOwner, UserRole.ResourceSharee],
},
{ name: 'save', test: [UserRole.ResourceOwner, UserRole.InstanceOwner] },
{ name: 'updateName', test: [UserRole.ResourceOwner, UserRole.InstanceOwner] },
{ name: 'updateConnection', test: [UserRole.ResourceOwner] },
{ name: 'updateSharing', test: [UserRole.ResourceOwner] },
{ name: 'updateNodeAccess', test: [UserRole.ResourceOwner] },
{ name: 'delete', test: [UserRole.ResourceOwner, UserRole.InstanceOwner] },
{ name: 'use', test: [UserRole.ResourceOwner, UserRole.ResourceSharee] },
];
return parsePermissionsTable(user, table);
};
export const getWorkflowPermissions = (user: IUser | null, workflow: IWorkflowDb) => {
const settingsStore = useSettingsStore();
const isSharingEnabled = settingsStore.isEnterpriseFeatureEnabled(
EnterpriseEditionFeature.Sharing,
);
const isNewWorkflow = workflow.id === PLACEHOLDER_EMPTY_WORKFLOW_ID;
const table: IPermissionsTable = [
{
name: UserRole.ResourceOwner,
test: () =>
!!(isNewWorkflow || (workflow && workflow.ownedBy && workflow.ownedBy.id === user?.id)) ||
!isSharingEnabled,
},
{
name: UserRole.ResourceSharee,
test: () =>
!!(
workflow &&
workflow.sharedWith &&
workflow.sharedWith.find((sharee) => sharee.id === user?.id)
),
},
{
name: 'read',
test: [UserRole.ResourceOwner, UserRole.InstanceOwner, UserRole.ResourceSharee],
},
{ name: 'save', test: [UserRole.ResourceOwner, UserRole.InstanceOwner] },
{ name: 'updateName', test: [UserRole.ResourceOwner, UserRole.InstanceOwner] },
{ name: 'updateConnection', test: [UserRole.ResourceOwner] },
{ name: 'updateSharing', test: [UserRole.ResourceOwner] },
{ name: 'updateNodeAccess', test: [UserRole.ResourceOwner] },
{ name: 'delete', test: [UserRole.ResourceOwner, UserRole.InstanceOwner] },
{
name: 'use',
test: [UserRole.ResourceOwner, UserRole.InstanceOwner, UserRole.ResourceSharee],
},
];
return parsePermissionsTable(user, table);
};
export const getVariablesPermissions = (user: IUser | null) => {
const table: IPermissionsTable = [
{
name: 'create',
test: [UserRole.InstanceOwner],
},
{
name: 'edit',
test: [UserRole.InstanceOwner],
},
{
name: 'delete',
test: [UserRole.InstanceOwner],
},
{ name: 'use', test: () => true },
];
return parsePermissionsTable(user, table);
};
Reference in a new issue View git blame Copy permalink