feat: RBAC (#8922)

Signed-off-by: Oleg Ivaniv <me@olegivaniv.com> Co-authored-by: Val <68596159+valya@users.noreply.github.com> Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <aditya@netroy.in> Co-authored-by: Valya Bullions <valya@n8n.io> Co-authored-by: Danny Martini <danny@n8n.io> Co-authored-by: Danny Martini <despair.blue@gmail.com> Co-authored-by: Iván Ovejero <ivov.src@gmail.com> Co-authored-by: Omar Ajoue <krynble@gmail.com> Co-authored-by: oleg <me@olegivaniv.com> Co-authored-by: Michael Kret <michael.k@radency.com> Co-authored-by: Michael Kret <88898367+michael-radency@users.noreply.github.com> Co-authored-by: Elias Meire <elias@meire.dev> Co-authored-by: Giulio Andreini <andreini@netseven.it> Co-authored-by: Giulio Andreini <g.andreini@gmail.com> Co-authored-by: Ayato Hayashi <go12limchangyong@gmail.com>
n8n-io · May 17, 2024 · 596c472 · 596c472
1 parent b1f977e
commit 596c472
Show file tree

Hide file tree

Showing 292 changed files with 14,079 additions and 3,939 deletions.
diff --git a/cypress/composables/projects.ts b/cypress/composables/projects.ts
@@ -0,0 +1,18 @@
+export const getHomeButton = () => cy.getByTestId('project-home-menu-item');
+export const getMenuItems = () => cy.getByTestId('project-menu-item');
+export const getAddProjectButton = () => cy.getByTestId('add-project-menu-item');
+export const getProjectTabs = () => cy.getByTestId('project-tabs').find('a');
+export const getProjectTabWorkflows = () => getProjectTabs().filter('a[href$="/workflows"]');
+export const getProjectTabCredentials = () => getProjectTabs().filter('a[href$="/credentials"]');
+export const getProjectTabSettings = () => getProjectTabs().filter('a[href$="/settings"]');
+export const getProjectSettingsSaveButton = () => cy.getByTestId('project-settings-save-button');
+export const getProjectSettingsCancelButton = () =>
+	cy.getByTestId('project-settings-cancel-button');
+export const getProjectSettingsDeleteButton = () =>
+	cy.getByTestId('project-settings-delete-button');
+export const getProjectMembersSelect = () => cy.getByTestId('project-members-select');
+
+export const addProjectMember = (email: string) => {
+	getProjectMembersSelect().click();
+	getProjectMembersSelect().get('.el-select-dropdown__item').contains(email.toLowerCase()).click();
+};
diff --git a/cypress/e2e/17-sharing.cy.ts b/cypress/e2e/17-sharing.cy.ts
@@ -30,7 +30,7 @@ const workflowSharingModal = new WorkflowSharingModal();
 const ndv = new NDV();
 
 describe('Sharing', { disableAutoLogin: true }, () => {
-	before(() => cy.enableFeature('sharing', true));
+	before(() => cy.enableFeature('sharing'));
 
 	let workflowW2Url = '';
 	it('should create C1, W1, W2, share W1 with U3, as U2', () => {
@@ -171,11 +171,11 @@ describe('Sharing', { disableAutoLogin: true }, () => {
 		cy.get('input').should('not.have.length');
 		credentialsModal.actions.changeTab('Sharing');
 		cy.contains(
-			'You can view this credential because you have permission to read and share',
+			'Sharing a credential allows people to use it in their workflows. They cannot access credential details.',
 		).should('be.visible');
 
 		credentialsModal.getters.usersSelect().click();
-		cy.getByTestId('user-email')
+		cy.getByTestId('project-sharing-info')
 			.filter(':visible')
 			.should('have.length', 3)
 			.contains(INSTANCE_ADMIN.email)

diff --git a/cypress/e2e/19-execution.cy.ts b/cypress/e2e/19-execution.cy.ts
@@ -501,7 +501,7 @@ describe('Execution', () => {
 
 		workflowPage.getters.clearExecutionDataButton().should('be.visible');
 
-		cy.intercept('POST', '/rest/workflows/run').as('workflowRun');
+		cy.intercept('POST', '/rest/workflows/**/run').as('workflowRun');
 
 		workflowPage.getters
 			.canvasNodeByName('do something with them')
@@ -525,7 +525,7 @@ describe('Execution', () => {
 
 		workflowPage.getters.zoomToFitButton().click();
 
-		cy.intercept('POST', '/rest/workflows/run').as('workflowRun');
+		cy.intercept('POST', '/rest/workflows/**/run').as('workflowRun');
 
 		workflowPage.getters
 			.canvasNodeByName('If')
@@ -545,7 +545,7 @@ describe('Execution', () => {
 
 		workflowPage.getters.clearExecutionDataButton().should('be.visible');
 
-		cy.intercept('POST', '/rest/workflows/run').as('workflowRun');
+		cy.intercept('POST', '/rest/workflows/**/run').as('workflowRun');
 
 		workflowPage.getters
 			.canvasNodeByName('NoOp2')
@@ -576,7 +576,7 @@ describe('Execution', () => {
 			'My test workflow',
 		);
 
-		cy.intercept('POST', '/rest/workflows/run').as('workflowRun');
+		cy.intercept('POST', '/rest/workflows/**/run').as('workflowRun');
 
 		workflowPage.getters.zoomToFitButton().click();
 		workflowPage.getters.executeWorkflowButton().click();
@@ -599,7 +599,7 @@ describe('Execution', () => {
 			'My test workflow',
 		);
 
-		cy.intercept('POST', '/rest/workflows/run').as('workflowRun');
+		cy.intercept('POST', '/rest/workflows/**/run').as('workflowRun');
 
 		workflowPage.getters.zoomToFitButton().click();
 		workflowPage.getters.executeWorkflowButton().click();

diff --git a/cypress/e2e/23-variables.cy.ts b/cypress/e2e/23-variables.cy.ts
@@ -4,7 +4,7 @@ const variablesPage = new VariablesPage();
 
 describe('Variables', () => {
 	it('should show the unlicensed action box when the feature is disabled', () => {
-		cy.disableFeature('variables', false);
+		cy.disableFeature('variables');
 		cy.visit(variablesPage.url);
 
 		variablesPage.getters.unavailableResourcesList().should('be.visible');
@@ -18,14 +18,15 @@ describe('Variables', () => {
 
 		beforeEach(() => {
 			cy.intercept('GET', '/rest/variables').as('loadVariables');
+			cy.intercept('GET', '/rest/login').as('login');
 
 			cy.visit(variablesPage.url);
-			cy.wait(['@loadVariables', '@loadSettings']);
+			cy.wait(['@loadVariables', '@loadSettings', '@login']);
 		});
 
 		it('should show the licensed action box when the feature is enabled', () => {
 			variablesPage.getters.emptyResourcesList().should('be.visible');
-			variablesPage.getters.createVariableButton().should('be.visible');
+			variablesPage.getters.emptyResourcesListNewVariableButton().should('be.visible');
 		});
 
 		it('should create a new variable using empty state row', () => {

diff --git a/cypress/e2e/28-debug.cy.ts b/cypress/e2e/28-debug.cy.ts
@@ -19,7 +19,7 @@ describe('Debug', () => {
 	it('should be able to debug executions', () => {
 		cy.intercept('GET', '/rest/executions?filter=*').as('getExecutions');
 		cy.intercept('GET', '/rest/executions/*').as('getExecution');
-		cy.intercept('POST', '/rest/workflows/run').as('postWorkflowRun');
+		cy.intercept('POST', '/rest/workflows/**/run').as('postWorkflowRun');
 
 		cy.signin({ email: INSTANCE_OWNER.email, password: INSTANCE_OWNER.password });
 

diff --git a/cypress/e2e/29-templates.cy.ts b/cypress/e2e/29-templates.cy.ts
@@ -10,7 +10,7 @@ describe('Workflow templates', () => {
 	beforeEach(() => {
 		cy.intercept('GET', '**/rest/settings', (req) => {
 			// Disable cache
-			delete req.headers['if-none-match']
+			delete req.headers['if-none-match'];
 			req.reply((res) => {
 				if (res.body.data) {
 					// Disable custom templates host if it has been overridden by another intercept
@@ -22,25 +22,34 @@ describe('Workflow templates', () => {
 
 	it('Opens website when clicking templates sidebar link', () => {
 		cy.visit(workflowsPage.url);
-		mainSidebar.getters.menuItem('Templates').should('be.visible');
+		mainSidebar.getters.templates().should('be.visible');
 		// Templates should be a link to the website
-		mainSidebar.getters.templates().parent('a').should('have.attr', 'href').and('include', 'https://n8n.io/workflows');
+		mainSidebar.getters
+			.templates()
+			.parent('a')
+			.should('have.attr', 'href')
+			.and('include', 'https://n8n.io/workflows');
 		// Link should contain instance address and n8n version
-		mainSidebar.getters.templates().parent('a').then(($a) => {
-			const href = $a.attr('href');
-			const params = new URLSearchParams(href);
-			// Link should have all mandatory parameters expected on the website
-			expect(decodeURIComponent(`${params.get('utm_instance')}`)).to.include(window.location.origin);
-			expect(params.get('utm_n8n_version')).to.match(/[0-9]+\.[0-9]+\.[0-9]+/);
-			expect(params.get('utm_awc')).to.match(/[0-9]+/);
-		});
+		mainSidebar.getters
+			.templates()
+			.parent('a')
+			.then(($a) => {
+				const href = $a.attr('href');
+				const params = new URLSearchParams(href);
+				// Link should have all mandatory parameters expected on the website
+				expect(decodeURIComponent(`${params.get('utm_instance')}`)).to.include(
+					window.location.origin,
+				);
+				expect(params.get('utm_n8n_version')).to.match(/[0-9]+\.[0-9]+\.[0-9]+/);
+				expect(params.get('utm_awc')).to.match(/[0-9]+/);
+			});
 		mainSidebar.getters.templates().parent('a').should('have.attr', 'target', '_blank');
 	});
 
 	it('Redirects to website when visiting templates page directly', () => {
 		cy.visit(templatesPage.url);
 		cy.origin('https://n8n.io', () => {
 			cy.url().should('include', 'https://n8n.io/workflows');
-		})
+		});
 	});
 });
diff --git a/cypress/e2e/30-editor-after-route-changes.cy.ts b/cypress/e2e/30-editor-after-route-changes.cy.ts
@@ -148,7 +148,7 @@ describe('Editor actions should work', () => {
 	it('after switching between Editor and Debug', () => {
 		cy.intercept('GET', '/rest/executions?filter=*').as('getExecutions');
 		cy.intercept('GET', '/rest/executions/*').as('getExecution');
-		cy.intercept('POST', '/rest/workflows/run').as('postWorkflowRun');
+		cy.intercept('POST', '/rest/workflows/**/run').as('postWorkflowRun');
 
 		editWorkflowAndDeactivate();
 		workflowPage.actions.executeWorkflow();
@@ -196,9 +196,9 @@ describe('Editor zoom should work after route changes', () => {
 		cy.intercept('GET', '/rest/workflow-history/workflow/*/version/*').as('getVersion');
 		cy.intercept('GET', '/rest/workflow-history/workflow/*').as('getHistory');
 		cy.intercept('GET', '/rest/users').as('getUsers');
-		cy.intercept('GET', '/rest/workflows').as('getWorkflows');
+		cy.intercept('GET', '/rest/workflows?*').as('getWorkflows');
 		cy.intercept('GET', '/rest/active-workflows').as('getActiveWorkflows');
-		cy.intercept('GET', '/rest/credentials').as('getCredentials');
+		cy.intercept('GET', '/rest/credentials?*').as('getCredentials');
 
 		switchBetweenEditorAndHistory();
 		zoomInAndCheckNodes();

diff --git a/cypress/e2e/39-projects.cy.ts b/cypress/e2e/39-projects.cy.ts
@@ -0,0 +1,151 @@
+import { INSTANCE_ADMIN, INSTANCE_MEMBERS } from '../constants';
+import { WorkflowsPage, WorkflowPage, CredentialsModal, CredentialsPage } from '../pages';
+import * as projects from '../composables/projects';
+
+const workflowsPage = new WorkflowsPage();
+const workflowPage = new WorkflowPage();
+const credentialsPage = new CredentialsPage();
+const credentialsModal = new CredentialsModal();
+
+describe('Projects', () => {
+	beforeEach(() => {
+		cy.resetDatabase();
+		cy.enableFeature('advancedPermissions');
+		cy.enableFeature('projectRole:admin');
+		cy.enableFeature('projectRole:editor');
+		cy.changeQuota('maxTeamProjects', -1);
+	});
+
+	it('should handle workflows and credentials', () => {
+		cy.signin(INSTANCE_ADMIN);
+		cy.visit(workflowsPage.url);
+		workflowsPage.getters.workflowCards().should('not.have.length');
+
+		workflowsPage.getters.newWorkflowButtonCard().click();
+
+		cy.intercept('POST', '/rest/workflows').as('workflowSave');
+		workflowPage.actions.saveWorkflowOnButtonClick();
+
+		cy.wait('@workflowSave').then((interception) => {
+			expect(interception.request.body).not.to.have.property('projectId');
+		});
+
+		projects.getHomeButton().click();
+		projects.getProjectTabs().should('have.length', 2);
+
+		projects.getProjectTabCredentials().click();
+		credentialsPage.getters.credentialCards().should('not.have.length');
+
+		credentialsPage.getters.emptyListCreateCredentialButton().click();
+		credentialsModal.getters.newCredentialModal().should('be.visible');
+		credentialsModal.getters.newCredentialTypeSelect().should('be.visible');
+		credentialsModal.getters.newCredentialTypeOption('Notion API').click();
+		credentialsModal.getters.newCredentialTypeButton().click();
+		credentialsModal.getters.connectionParameter('Internal Integration Secret').type('1234567890');
+		credentialsModal.actions.setName('My awesome Notion account');
+
+		cy.intercept('POST', '/rest/credentials').as('credentialSave');
+		credentialsModal.actions.save();
+		cy.wait('@credentialSave').then((interception) => {
+			expect(interception.request.body).not.to.have.property('projectId');
+		});
+
+		credentialsModal.actions.close();
+		credentialsPage.getters.credentialCards().should('have.length', 1);
+
+		projects.getProjectTabWorkflows().click();
+		workflowsPage.getters.workflowCards().should('have.length', 1);
+
+		projects.getMenuItems().should('not.have.length');
+
+		cy.intercept('POST', '/rest/projects').as('projectCreate');
+		projects.getAddProjectButton().click();
+		cy.wait('@projectCreate');
+		projects.getMenuItems().should('have.length', 1);
+		projects.getProjectTabs().should('have.length', 3);
+
+		cy.get('input[name="name"]').type('Development');
+		projects.addProjectMember(INSTANCE_MEMBERS[0].email);
+
+		cy.intercept('PATCH', '/rest/projects/*').as('projectSettingsSave');
+		projects.getProjectSettingsSaveButton().click();
+		cy.wait('@projectSettingsSave').then((interception) => {
+			expect(interception.request.body).to.have.property('name').and.to.equal('Development');
+			expect(interception.request.body).to.have.property('relations').to.have.lengthOf(2);
+		});
+
+		projects.getMenuItems().first().click();
+		workflowsPage.getters.workflowCards().should('not.have.length');
+		projects.getProjectTabs().should('have.length', 3);
+
+		workflowsPage.getters.newWorkflowButtonCard().click();
+
+		cy.intercept('POST', '/rest/workflows').as('workflowSave');
+		workflowPage.actions.saveWorkflowOnButtonClick();
+
+		cy.wait('@workflowSave').then((interception) => {
+			expect(interception.request.body).to.have.property('projectId');
+		});
+
+		projects.getMenuItems().first().click();
+
+		projects.getProjectTabCredentials().click();
+		credentialsPage.getters.credentialCards().should('not.have.length');
+
+		credentialsPage.getters.emptyListCreateCredentialButton().click();
+		credentialsModal.getters.newCredentialModal().should('be.visible');
+		credentialsModal.getters.newCredentialTypeSelect().should('be.visible');
+		credentialsModal.getters.newCredentialTypeOption('Notion API').click();
+		credentialsModal.getters.newCredentialTypeButton().click();
+		credentialsModal.getters.connectionParameter('Internal Integration Secret').type('1234567890');
+		credentialsModal.actions.setName('My awesome Notion account');
+
+		cy.intercept('POST', '/rest/credentials').as('credentialSave');
+		credentialsModal.actions.save();
+		cy.wait('@credentialSave').then((interception) => {
+			expect(interception.request.body).to.have.property('projectId');
+		});
+		credentialsModal.actions.close();
+
+		projects.getAddProjectButton().click();
+		projects.getMenuItems().should('have.length', 2);
+
+		let projectId: string;
+		projects.getMenuItems().first().click();
+		cy.intercept('GET', '/rest/credentials*').as('credentialsList');
+		projects.getProjectTabCredentials().click();
+		cy.wait('@credentialsList').then((interception) => {
+			const url = new URL(interception.request.url);
+			const queryParams = new URLSearchParams(url.search);
+			const filter = queryParams.get('filter');
+			expect(filter).to.be.a('string').and.to.contain('projectId');
+
+			if (filter) {
+				projectId = JSON.parse(filter).projectId;
+			}
+		});
+
+		projects.getMenuItems().last().click();
+		cy.intercept('GET', '/rest/credentials*').as('credentialsList');
+		projects.getProjectTabCredentials().click();
+		cy.wait('@credentialsList').then((interception) => {
+			const url = new URL(interception.request.url);
+			const queryParams = new URLSearchParams(url.search);
+			const filter = queryParams.get('filter');
+			expect(filter).to.be.a('string').and.to.contain('projectId');
+
+			if (filter) {
+				expect(JSON.parse(filter).projectId).not.to.equal(projectId);
+			}
+		});
+
+		projects.getHomeButton().click();
+		workflowsPage.getters.workflowCards().should('have.length', 2);
+
+		cy.intercept('GET', '/rest/credentials*').as('credentialsList');
+		projects.getProjectTabCredentials().click();
+		cy.wait('@credentialsList').then((interception) => {
+			expect(interception.request.url).not.to.contain('filter');
+		});
+	});
+});
diff --git a/cypress/e2e/5-ndv.cy.ts b/cypress/e2e/5-ndv.cy.ts
@@ -697,7 +697,7 @@ describe('NDV', () => {
 	});
 
 	it('Stop listening for trigger event from NDV', () => {
-		cy.intercept('POST', '/rest/workflows/run').as('workflowRun');
+		cy.intercept('POST', '/rest/workflows/**/run').as('workflowRun');
 		workflowPage.actions.addInitialNodeToCanvas('Local File Trigger', {
 			keepNdvOpen: true,
 			action: 'On Changes To A Specific File',

diff --git a/cypress/pages/credentials.ts b/cypress/pages/credentials.ts
@@ -1,7 +1,7 @@
 import { BasePage } from './base';
 
 export class CredentialsPage extends BasePage {
-	url = '/credentials';
+	url = '/home/credentials';
 	getters = {
 		emptyListCreateCredentialButton: () => cy.getByTestId('empty-resources-list').find('button'),
 		createCredentialButton: () => cy.getByTestId('resources-list-add'),

diff --git a/cypress/pages/modals/credentials-modal.ts b/cypress/pages/modals/credentials-modal.ts
@@ -25,7 +25,7 @@ export class CredentialsModal extends BasePage {
 		credentialInputs: () => cy.getByTestId('credential-connection-parameter'),
 		menu: () => this.getters.editCredentialModal().get('.menu-container'),
 		menuItem: (name: string) => this.getters.menu().get('.n8n-menu-item').contains(name),
-		usersSelect: () => cy.getByTestId('credential-sharing-modal-users-select'),
+		usersSelect: () => cy.getByTestId('project-sharing-select').filter(':visible'),
 		testSuccessTag: () => cy.getByTestId('credentials-config-container-test-success'),
 	};
 	actions = {

diff --git a/cypress/pages/modals/workflow-sharing-modal.ts b/cypress/pages/modals/workflow-sharing-modal.ts
@@ -3,7 +3,7 @@ import { BasePage } from '../base';
 export class WorkflowSharingModal extends BasePage {
 	getters = {
 		modal: () => cy.getByTestId('workflowShare-modal', { timeout: 5000 }),
-		usersSelect: () => cy.getByTestId('workflow-sharing-modal-users-select'),
+		usersSelect: () => cy.getByTestId('project-sharing-select'),
 		saveButton: () => cy.getByTestId('workflow-sharing-modal-save-button'),
 		closeButton: () => this.getters.modal().find('.el-dialog__close').first(),
 	};

diff --git a/cypress/pages/settings-users.ts b/cypress/pages/settings-users.ts
@@ -41,10 +41,10 @@ export class SettingsUsersPage extends BasePage {
 			workflowPage.actions.visit();
 			mainSidebar.actions.goToSettings();
 			if (isOwner) {
-				settingsSidebar.getters.menuItem('Users').click();
+				settingsSidebar.getters.users().click();
 				cy.url().should('match', new RegExp(this.url));
 			} else {
-				settingsSidebar.getters.menuItem('Users').should('not.exist');
+				settingsSidebar.getters.users().should('not.exist');
 				// Should be redirected to workflows page if trying to access UM url
 				cy.visit('/settings/users');
 				cy.url().should('match', new RegExp(workflowsPage.url));