Skip to content

Commit

Permalink
fix(core): Non owner should be permitted to use their own credentials (
Browse files Browse the repository at this point in the history
  • Loading branch information
netroy authored Dec 27, 2022
1 parent d0865e2 commit 6efbac3
Showing 1 changed file with 6 additions and 9 deletions.
15 changes: 6 additions & 9 deletions packages/cli/src/UserManagement/PermissionChecker.ts
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ import {
Workflow,
WorkflowOperationError,
} from 'n8n-workflow';
import { FindManyOptions, In, ObjectLiteral } from 'typeorm';
import { FindConditions, In } from 'typeorm';
import * as Db from '@/Db';
import config from '@/config';
import type { SharedCredentials } from '@db/entities/SharedCredentials';
Expand Down Expand Up @@ -47,19 +47,16 @@ export class PermissionChecker {
workflowUserIds = workflowSharings.map((s) => s.userId);
}

const credentialsWhereCondition: FindManyOptions<SharedCredentials> & { where: ObjectLiteral } =
{
where: { user: In(workflowUserIds) },
};
const credentialsWhere: FindConditions<SharedCredentials> = { userId: In(workflowUserIds) };

if (!isSharingEnabled()) {
// If credential sharing is not enabled, get only credentials owned by this user
credentialsWhereCondition.where.role = await getRole('credential', 'owner');
credentialsWhere.role = await getRole('credential', 'owner');
}

const credentialSharings = await Db.collections.SharedCredentials.find(
credentialsWhereCondition,
);
const credentialSharings = await Db.collections.SharedCredentials.find({
where: credentialsWhere,
});

const accessibleCredIds = credentialSharings.map((s) => s.credentialsId.toString());

Expand Down

0 comments on commit 6efbac3

Please sign in to comment.