UNPKG

n8n

Version:

n8n Workflow Automation Tool

n8n.io

n8n-io/n8n

63 lines 3.33 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.userHasScopes = userHasScopes; const db_1 = require("@n8n/db"); const di_1 = require("@n8n/di"); const permissions_1 = require("@n8n/permissions"); const n8n_workflow_1 = require("n8n-workflow"); const credentials_finder_service_1 = require("../credentials/credentials-finder.service"); const not_found_error_1 = require("../errors/response-errors/not-found.error"); const role_service_1 = require("../services/role.service"); async function userHasScopes(user, scopes, globalOnly, { credentialId, workflowId, projectId, }) { if ((0, permissions_1.hasGlobalScope)(user, scopes, { mode: 'allOf' })) return true; if (globalOnly) return false; const userProjectIds = (await di_1.Container.get(db_1.ProjectRepository) .createQueryBuilder('project') .innerJoin('project.projectRelations', 'relation') .innerJoin('relation.role', 'role') .innerJoin('role.scopes', 'scope') .where('relation.userId = :userId', { userId: user.id }) .andWhere('scope.slug IN (:...scopes)', { scopes }) .groupBy('project.id') .having('COUNT(DISTINCT scope.slug) = :scopeCount', { scopeCount: scopes.length }) .select(['project.id AS id']) .getRawMany()).map((row) => row.id); const roleService = di_1.Container.get(role_service_1.RoleService); if (credentialId) { const credentials = await di_1.Container.get(db_1.SharedCredentialsRepository).findBy({ credentialsId: credentialId, }); if (!credentials.length) { throw new not_found_error_1.NotFoundError(`Credential with ID "${credentialId}" not found.`); } const validRoles = await roleService.rolesWithScope('credential', scopes); const hasValidRoles = credentials.some((c) => userProjectIds.includes(c.projectId) && validRoles.includes(c.role)); if (hasValidRoles) { return true; } const credentialsFinderService = di_1.Container.get(credentials_finder_service_1.CredentialsFinderService); if (credentialsFinderService.hasGlobalReadOnlyAccess(scopes)) { const globalCredential = await credentialsFinderService.findGlobalCredentialById(credentialId); if (globalCredential) { return true; } } return false; } if (workflowId) { const workflows = await di_1.Container.get(db_1.SharedWorkflowRepository).findBy({ workflowId, }); if (!workflows.length) { throw new not_found_error_1.NotFoundError(`Workflow with ID "${workflowId}" not found.`); } const validRoles = await roleService.rolesWithScope('workflow', scopes); return workflows.some((w) => userProjectIds.includes(w.projectId) && validRoles.includes(w.role)); } if (projectId) return userProjectIds.includes(projectId); throw new n8n_workflow_1.UnexpectedError("`@ProjectScope` decorator was used but does not have a `credentialId`, `workflowId`, or `projectId` in its URL parameters. This is likely an implementation error. If you're a developer, please check your URL is correct or that this should be using `@GlobalScope`."); } //# sourceMappingURL=check-access.js.map