npm - n8n - Versions diffs - 0.167.0 → 0.168.0 - Mend

n8n 0.167.0 → 0.168.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (255) hide show

package/dist/src/Server.js CHANGED Viewed

@@ -11,13 +11,15 @@ var __rest = (this && this.__rest) || function (s, e) {
     return t;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.start = void 0;
+exports.start = exports.externalHooks = void 0;
 const express = require("express");
 const fs_1 = require("fs");
 const promises_1 = require("fs/promises");
+const lodash_1 = require("lodash");
 const path_1 = require("path");
 const typeorm_1 = require("typeorm");
 const bodyParser = require("body-parser");
+const cookieParser = require("cookie-parser");
 const history = require("connect-history-api-fallback");
 const os = require("os");
 const _ = require("lodash");
@@ -41,13 +43,21 @@ const Queue = require("./Queue");
 const _1 = require(".");
 const config = require("../config");
 const TagHelpers = require("./TagHelpers");
-const PersonalizationSurvey = require("./PersonalizationSurvey");
 const InternalHooksManager_1 = require("./InternalHooksManager");
 const TagEntity_1 = require("./databases/entities/TagEntity");
 const WorkflowEntity_1 = require("./databases/entities/WorkflowEntity");
+const WorkflowHelpers_1 = require("./WorkflowHelpers");
 const TranslationHelpers_1 = require("./TranslationHelpers");
 const WebhookHelpers_1 = require("./WebhookHelpers");
+const UserManagement_1 = require("./UserManagement");
+const jwt_1 = require("./UserManagement/auth/jwt");
+const GenericHelpers_1 = require("./GenericHelpers");
+const SharedWorkflow_1 = require("./databases/entities/SharedWorkflow");
+const constants_1 = require("./constants");
+const credentials_api_1 = require("./api/credentials.api");
+const UserManagementHelper_1 = require("./UserManagement/UserManagementHelper");
 require('body-parser-xml')(bodyParser);
+exports.externalHooks = _1.ExternalHooks();
 class App {
     constructor() {
         this.app = express();
@@ -72,7 +82,7 @@ class App {
         this.protocol = config.get('protocol');
         this.sslKey = config.get('ssl_key');
         this.sslCert = config.get('ssl_cert');
-        this.externalHooks = _1.ExternalHooks();
+        this.externalHooks = exports.externalHooks;
         this.presetCredentialsLoaded = false;
         this.endpointPresetCredentials = config.get('credentials.overwrite.endpoint');
         const urlBaseWebhook = _1.WebhookHelpers.getWebhookBaseUrl();
@@ -98,6 +108,7 @@ class App {
             maxExecutionTimeout: this.maxExecutionTimeout,
             timezone: this.timezone,
             urlBaseWebhook,
+            urlBaseEditor: UserManagementHelper_1.getInstanceBaseUrl(),
             versionCli: '',
             oauthCallbackUrls: {
                 oauth1: `${urlBaseWebhook}${this.restEndpoint}/oauth1-credential/callback`,
@@ -110,10 +121,17 @@ class App {
             },
             instanceId: '',
             telemetry: telemetrySettings,
-            personalizationSurvey: {
-                shouldShow: false,
-            },
+            personalizationSurveyEnabled: config.get('personalization.enabled') && config.get('diagnostics.enabled'),
             defaultLocale: config.get('defaultLocale'),
+            userManagement: {
+                enabled: config.get('userManagement.disabled') === false ||
+                    config.get('userManagement.isInstanceOwnerSetUp') === true,
+                showSetupOnFirstLoad: config.get('userManagement.disabled') === false &&
+                    config.get('userManagement.isInstanceOwnerSetUp') === false &&
+                    config.get('userManagement.skipInstanceOwnerSetup') === false,
+                smtpSetup: UserManagementHelper_1.isEmailSetUp(),
+            },
+            workflowTagsDisabled: config.get('workflowTagsDisabled'),
             logLevel: config.get('logs.level'),
             hiringBannerEnabled: config.get('hiringBanner.enabled'),
             templates: {
@@ -125,6 +143,16 @@ class App {
     getCurrentDate() {
         return new Date();
     }
+    getSettingsForFrontend() {
+        Object.assign(this.frontendSettings.userManagement, {
+            enabled: config.get('userManagement.disabled') === false ||
+                config.get('userManagement.isInstanceOwnerSetUp') === true,
+            showSetupOnFirstLoad: config.get('userManagement.disabled') === false &&
+                config.get('userManagement.isInstanceOwnerSetUp') === false &&
+                config.get('userManagement.skipInstanceOwnerSetup') === false,
+        });
+        return this.frontendSettings;
+    }
     async config() {
         const enableMetrics = config.get('endpoints.metrics.enable');
         let register;
@@ -137,8 +165,6 @@ class App {
         this.versions = await _1.GenericHelpers.getVersions();
         this.frontendSettings.versionCli = this.versions.cli;
         this.frontendSettings.instanceId = await n8n_core_1.UserSettings.getInstanceId();
-        this.frontendSettings.personalizationSurvey =
-            await PersonalizationSurvey.preparePersonalizationSurvey();
         await this.externalHooks.run('frontend.settings', [this.frontendSettings]);
         const excludeEndpoints = config.get('security.excludeEndpoints');
         const ignoredEndpoints = [
@@ -163,7 +189,8 @@ class App {
             const basicAuthHashEnabled = (await _1.GenericHelpers.getConfigValue('security.basicAuth.hash'));
             let validPassword = null;
             this.app.use(async (req, res, next) => {
-                if (authIgnoreRegex.exec(req.url)) {
+                if (authIgnoreRegex.exec(req.url) ||
+                    config.get('userManagement.isInstanceOwnerSetUp')) {
                     return next();
                 }
                 const realm = 'n8n - Editor UI';
@@ -254,12 +281,22 @@ class App {
                 });
             });
         }
-        this.app.use((req, res, next) => {
+        this.app.use(cookieParser());
+        this.app.use(async (req, res, next) => {
+            var _a, _b;
             if (req.url.indexOf(`/${this.restEndpoint}/push`) === 0) {
                 if (req.query.sessionId === undefined) {
                     next(new Error('The query parameter "sessionId" is missing!'));
                     return;
                 }
+                try {
+                    const authCookie = (_b = (_a = req.cookies) === null || _a === void 0 ? void 0 : _a[constants_1.AUTH_COOKIE_NAME]) !== null && _b !== void 0 ? _b : '';
+                    await jwt_1.resolveJwt(authCookie);
+                }
+                catch (error) {
+                    res.status(401).send('Unauthorized');
+                    return;
+                }
                 this.push.add(req.query.sessionId, req, res);
                 return;
             }
@@ -311,6 +348,7 @@ class App {
         if (process.env.NODE_ENV !== 'production') {
             this.app.use((req, res, next) => {
                 res.header('Access-Control-Allow-Origin', 'http://localhost:8080');
+                res.header('Access-Control-Allow-Credentials', 'true');
                 res.header('Access-Control-Allow-Methods', 'GET, POST, OPTIONS, PUT, PATCH, DELETE');
                 res.header('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept, sessionid');
                 next();
@@ -323,6 +361,8 @@ class App {
             }
             next();
         });
+        await UserManagement_1.userManagementRouter.addRoutes.apply(this, [ignoredEndpoints, this.restEndpoint]);
+        this.app.use(`/${this.restEndpoint}/credentials`, credentials_api_1.credentialsController);
         this.app.get('/healthz', async (req, res) => {
             n8n_workflow_1.LoggerProxy.debug('Health check started!');
             const connection = typeorm_1.getConnectionManager().get();
@@ -350,29 +390,47 @@ class App {
                 _1.ResponseHelper.sendSuccessResponse(res, response, true, 200);
             });
         }
-        this.app.post(`/${this.restEndpoint}/workflows`, _1.ResponseHelper.send(async (req, res) => {
+        this.app.post(`/${this.restEndpoint}/workflows`, _1.ResponseHelper.send(async (req) => {
             delete req.body.id;
-            const incomingData = req.body;
             const newWorkflow = new WorkflowEntity_1.WorkflowEntity();
-            Object.assign(newWorkflow, incomingData);
-            newWorkflow.name = incomingData.name.trim();
-            const incomingTagOrder = incomingData.tags.slice();
-            if (incomingData.tags.length) {
-                newWorkflow.tags = await _1.Db.collections.Tag.findByIds(incomingData.tags, {
+            Object.assign(newWorkflow, req.body);
+            await GenericHelpers_1.validateEntity(newWorkflow);
+            await this.externalHooks.run('workflow.create', [newWorkflow]);
+            const { tags: tagIds } = req.body;
+            if ((tagIds === null || tagIds === void 0 ? void 0 : tagIds.length) && !config.get('workflowTagsDisabled')) {
+                newWorkflow.tags = await _1.Db.collections.Tag.findByIds(tagIds, {
                     select: ['id', 'name'],
                 });
             }
             await _1.WorkflowHelpers.replaceInvalidCredentials(newWorkflow);
-            await this.externalHooks.run('workflow.create', [newWorkflow]);
-            await _1.WorkflowHelpers.validateWorkflow(newWorkflow);
-            const savedWorkflow = (await _1.Db.collections
-                .Workflow.save(newWorkflow)
-                .catch(_1.WorkflowHelpers.throwDuplicateEntryError));
-            savedWorkflow.tags = TagHelpers.sortByRequestOrder(savedWorkflow.tags, incomingTagOrder);
-            savedWorkflow.id = savedWorkflow.id.toString();
+            let savedWorkflow;
+            await typeorm_1.getConnection().transaction(async (transactionManager) => {
+                savedWorkflow = await transactionManager.save(newWorkflow);
+                const role = await _1.Db.collections.Role.findOneOrFail({
+                    name: 'owner',
+                    scope: 'workflow',
+                });
+                const newSharedWorkflow = new SharedWorkflow_1.SharedWorkflow();
+                Object.assign(newSharedWorkflow, {
+                    role,
+                    user: req.user,
+                    workflow: savedWorkflow,
+                });
+                await transactionManager.save(newSharedWorkflow);
+            });
+            if (!savedWorkflow) {
+                n8n_workflow_1.LoggerProxy.error('Failed to create workflow', { userId: req.user.id });
+                throw new _1.ResponseHelper.ResponseError('Failed to save workflow');
+            }
+            if (tagIds && !config.get('workflowTagsDisabled')) {
+                savedWorkflow.tags = TagHelpers.sortByRequestOrder(savedWorkflow.tags, {
+                    requestOrder: tagIds,
+                });
+            }
             await this.externalHooks.run('workflow.afterCreate', [savedWorkflow]);
-            void InternalHooksManager_1.InternalHooksManager.getInstance().onWorkflowCreated(newWorkflow);
-            return savedWorkflow;
+            void InternalHooksManager_1.InternalHooksManager.getInstance().onWorkflowCreated(req.user.id, newWorkflow);
+            const { id } = savedWorkflow, rest = __rest(savedWorkflow, ["id"]);
+            return Object.assign({ id: id.toString() }, rest);
         }));
         this.app.get(`/${this.restEndpoint}/workflows/from-url`, _1.ResponseHelper.send(async (req, res) => {
             if (req.query.url === undefined) {
@@ -399,45 +457,92 @@ class App {
             }
             return workflowData;
         }));
-        this.app.get(`/${this.restEndpoint}/workflows`, _1.ResponseHelper.send(async (req, res) => {
-            const findQuery = {
+        this.app.get(`/${this.restEndpoint}/workflows`, _1.ResponseHelper.send(async (req) => {
+            let workflows = [];
+            const filter = req.query.filter ? JSON.parse(req.query.filter) : {};
+            const query = {
                 select: ['id', 'name', 'active', 'createdAt', 'updatedAt'],
                 relations: ['tags'],
             };
-            if (req.query.filter) {
-                findQuery.where = JSON.parse(req.query.filter);
+            if (config.get('workflowTagsDisabled')) {
+                delete query.relations;
             }
-            const workflows = await _1.Db.collections.Workflow.find(findQuery);
-            workflows.forEach((workflow) => {
-                workflow.id = workflow.id.toString();
-                workflow.tags = workflow.tags.map(({ id, name }) => ({ id: id.toString(), name }));
+            if (req.user.globalRole.name === 'owner') {
+                workflows = await _1.Db.collections.Workflow.find(Object.assign(query, {
+                    where: filter,
+                }));
+            }
+            else {
+                const shared = await _1.Db.collections.SharedWorkflow.find({
+                    relations: ['workflow'],
+                    where: WorkflowHelpers_1.whereClause({
+                        user: req.user,
+                        entityType: 'workflow',
+                    }),
+                });
+                if (!shared.length)
+                    return [];
+                workflows = await _1.Db.collections.Workflow.find(Object.assign(query, {
+                    where: Object.assign({ id: typeorm_1.In(shared.map(({ workflow }) => workflow.id)) }, filter),
+                }));
+            }
+            return workflows.map((workflow) => {
+                const { id } = workflow, rest = __rest(workflow, ["id"]);
+                return Object.assign({ id: id.toString() }, rest);
             });
-            return workflows;
         }));
-        this.app.get(`/${this.restEndpoint}/workflows/new`, _1.ResponseHelper.send(async (req, res) => {
+        this.app.get(`/${this.restEndpoint}/workflows/new`, _1.ResponseHelper.send(async (req) => {
             const requestedName = req.query.name && req.query.name !== '' ? req.query.name : this.defaultWorkflowName;
             return await _1.GenericHelpers.generateUniqueName(requestedName, 'workflow');
         }));
-        this.app.get(`/${this.restEndpoint}/workflows/:id`, _1.ResponseHelper.send(async (req, res) => {
-            const workflow = await _1.Db.collections.Workflow.findOne(req.params.id, {
-                relations: ['tags'],
+        this.app.get(`/${this.restEndpoint}/workflows/:id`, _1.ResponseHelper.send(async (req) => {
+            const { id: workflowId } = req.params;
+            let relations = ['workflow', 'workflow.tags'];
+            if (config.get('workflowTagsDisabled')) {
+                relations = relations.filter((relation) => relation !== 'workflow.tags');
+            }
+            const shared = await _1.Db.collections.SharedWorkflow.findOne({
+                relations,
+                where: WorkflowHelpers_1.whereClause({
+                    user: req.user,
+                    entityType: 'workflow',
+                    entityId: workflowId,
+                }),
             });
-            if (workflow === undefined) {
-                return undefined;
+            if (!shared) {
+                n8n_workflow_1.LoggerProxy.info('User attempted to access a workflow without permissions', {
+                    workflowId,
+                    userId: req.user.id,
+                });
+                throw new _1.ResponseHelper.ResponseError(`Workflow with ID "${workflowId}" could not be found.`, undefined, 404);
             }
-            workflow.id = workflow.id.toString();
-            workflow.tags.forEach((tag) => (tag.id = tag.id.toString()));
-            return workflow;
+            const _a = shared.workflow, { id } = _a, rest = __rest(_a, ["id"]);
+            return Object.assign({ id: id.toString() }, rest);
         }));
-        this.app.patch(`/${this.restEndpoint}/workflows/:id`, _1.ResponseHelper.send(async (req, res) => {
-            const _a = req.body, { tags } = _a, updateData = __rest(_a, ["tags"]);
-            const { id } = req.params;
-            updateData.id = id;
+        this.app.patch(`/${this.restEndpoint}/workflows/:id`, _1.ResponseHelper.send(async (req) => {
+            const { id: workflowId } = req.params;
+            const updateData = new WorkflowEntity_1.WorkflowEntity();
+            const _a = req.body, { tags } = _a, rest = __rest(_a, ["tags"]);
+            Object.assign(updateData, rest);
+            const shared = await _1.Db.collections.SharedWorkflow.findOne({
+                relations: ['workflow'],
+                where: WorkflowHelpers_1.whereClause({
+                    user: req.user,
+                    entityType: 'workflow',
+                    entityId: workflowId,
+                }),
+            });
+            if (!shared) {
+                n8n_workflow_1.LoggerProxy.info('User attempted to update a workflow without permissions', {
+                    workflowId,
+                    userId: req.user.id,
+                });
+                throw new _1.ResponseHelper.ResponseError(`Workflow with ID "${workflowId}" could not be found to be updated.`, undefined, 404);
+            }
             await _1.WorkflowHelpers.replaceInvalidCredentials(updateData);
             await this.externalHooks.run('workflow.update', [updateData]);
-            const isActive = await this.activeWorkflowRunner.isActive(id);
-            if (isActive) {
-                await this.activeWorkflowRunner.remove(id);
+            if (shared.workflow.active) {
+                await this.activeWorkflowRunner.remove(workflowId);
             }
             if (updateData.settings) {
                 if (updateData.settings.timezone === 'DEFAULT') {
@@ -456,55 +561,78 @@ class App {
                     delete updateData.settings.executionTimeout;
                 }
             }
-            updateData.updatedAt = this.getCurrentDate();
-            await _1.WorkflowHelpers.validateWorkflow(updateData);
-            await _1.Db.collections
-                .Workflow.update(id, updateData)
-                .catch(_1.WorkflowHelpers.throwDuplicateEntryError);
-            if (tags) {
+            if (updateData.name) {
+                updateData.updatedAt = this.getCurrentDate();
+                await GenericHelpers_1.validateEntity(updateData);
+            }
+            await _1.Db.collections.Workflow.update(workflowId, updateData);
+            if (tags && !config.get('workflowTagsDisabled')) {
                 const tablePrefix = config.get('database.tablePrefix');
-                await TagHelpers.removeRelations(req.params.id, tablePrefix);
+                await TagHelpers.removeRelations(workflowId, tablePrefix);
                 if (tags.length) {
-                    await TagHelpers.createRelations(req.params.id, tags, tablePrefix);
+                    await TagHelpers.createRelations(workflowId, tags, tablePrefix);
                 }
             }
-            const workflow = await _1.Db.collections.Workflow.findOne(id, { relations: ['tags'] });
-            if (workflow === undefined) {
-                throw new _1.ResponseHelper.ResponseError(`Workflow with id "${id}" could not be found to be updated.`, undefined, 400);
+            const options = {
+                relations: ['tags'],
+            };
+            if (config.get('workflowTagsDisabled')) {
+                delete options.relations;
+            }
+            const updatedWorkflow = await _1.Db.collections.Workflow.findOne(workflowId, options);
+            if (updatedWorkflow === undefined) {
+                throw new _1.ResponseHelper.ResponseError(`Workflow with ID "${workflowId}" could not be found to be updated.`, undefined, 400);
             }
-            if (tags === null || tags === void 0 ? void 0 : tags.length) {
-                workflow.tags = TagHelpers.sortByRequestOrder(workflow.tags, tags);
+            if (updatedWorkflow.tags.length && (tags === null || tags === void 0 ? void 0 : tags.length)) {
+                updatedWorkflow.tags = TagHelpers.sortByRequestOrder(updatedWorkflow.tags, {
+                    requestOrder: tags,
+                });
             }
-            await this.externalHooks.run('workflow.afterUpdate', [workflow]);
-            void InternalHooksManager_1.InternalHooksManager.getInstance().onWorkflowSaved(workflow);
-            if (workflow.active) {
+            await this.externalHooks.run('workflow.afterUpdate', [updatedWorkflow]);
+            void InternalHooksManager_1.InternalHooksManager.getInstance().onWorkflowSaved(req.user.id, updatedWorkflow);
+            if (updatedWorkflow.active) {
                 try {
-                    await this.externalHooks.run('workflow.activate', [workflow]);
-                    await this.activeWorkflowRunner.add(id, isActive ? 'update' : 'activate');
+                    await this.externalHooks.run('workflow.activate', [updatedWorkflow]);
+                    await this.activeWorkflowRunner.add(workflowId, shared.workflow.active ? 'update' : 'activate');
                 }
                 catch (error) {
                     updateData.active = false;
-                    await _1.Db.collections.Workflow.update(id, updateData);
-                    workflow.active = false;
+                    await _1.Db.collections.Workflow.update(workflowId, updateData);
+                    updatedWorkflow.active = false;
                     throw error;
                 }
             }
-            workflow.id = workflow.id.toString();
-            return workflow;
+            const { id } = updatedWorkflow, remainder = __rest(updatedWorkflow, ["id"]);
+            return Object.assign({ id: id.toString() }, remainder);
         }));
-        this.app.delete(`/${this.restEndpoint}/workflows/:id`, _1.ResponseHelper.send(async (req, res) => {
-            const { id } = req.params;
-            await this.externalHooks.run('workflow.delete', [id]);
-            const isActive = await this.activeWorkflowRunner.isActive(id);
-            if (isActive) {
-                await this.activeWorkflowRunner.remove(id);
-            }
-            await _1.Db.collections.Workflow.delete(id);
-            void InternalHooksManager_1.InternalHooksManager.getInstance().onWorkflowDeleted(id);
-            await this.externalHooks.run('workflow.afterDelete', [id]);
+        this.app.delete(`/${this.restEndpoint}/workflows/:id`, _1.ResponseHelper.send(async (req) => {
+            const { id: workflowId } = req.params;
+            await this.externalHooks.run('workflow.delete', [workflowId]);
+            const shared = await _1.Db.collections.SharedWorkflow.findOne({
+                relations: ['workflow'],
+                where: WorkflowHelpers_1.whereClause({
+                    user: req.user,
+                    entityType: 'workflow',
+                    entityId: workflowId,
+                }),
+            });
+            if (!shared) {
+                n8n_workflow_1.LoggerProxy.info('User attempted to delete a workflow without permissions', {
+                    workflowId,
+                    userId: req.user.id,
+                });
+                throw new _1.ResponseHelper.ResponseError(`Workflow with ID "${workflowId}" could not be found to be deleted.`, undefined, 400);
+            }
+            if (shared.workflow.active) {
+                await this.activeWorkflowRunner.remove(workflowId);
+            }
+            await _1.Db.collections.Workflow.delete(workflowId);
+            void InternalHooksManager_1.InternalHooksManager.getInstance().onWorkflowDeleted(req.user.id, workflowId);
+            await this.externalHooks.run('workflow.afterDelete', [workflowId]);
             return true;
         }));
         this.app.post(`/${this.restEndpoint}/workflows/run`, _1.ResponseHelper.send(async (req, res) => {
+            var _a;
             const { workflowData } = req.body;
             const { runData } = req.body;
             const { startNodes } = req.body;
@@ -516,10 +644,10 @@ class App {
                 startNodes === undefined ||
                 startNodes.length === 0 ||
                 destinationNode === undefined) {
-                const additionalData = await _1.WorkflowExecuteAdditionalData.getBase();
+                const additionalData = await _1.WorkflowExecuteAdditionalData.getBase(req.user.id);
                 const nodeTypes = _1.NodeTypes();
                 const workflowInstance = new n8n_workflow_1.Workflow({
-                    id: workflowData.id,
+                    id: (_a = workflowData.id) === null || _a === void 0 ? void 0 : _a.toString(),
                     name: workflowData.name,
                     nodes: workflowData.nodes,
                     connections: workflowData.connections,
@@ -543,6 +671,7 @@ class App {
                 sessionId,
                 startNodes,
                 workflowData,
+                userId: req.user.id,
             };
             const workflowRunner = new _1.WorkflowRunner();
             const executionId = await workflowRunner.run(data);
@@ -551,61 +680,68 @@ class App {
             };
         }));
         this.app.get(`/${this.restEndpoint}/tags`, _1.ResponseHelper.send(async (req, res) => {
+            if (config.get('workflowTagsDisabled')) {
+                throw new _1.ResponseHelper.ResponseError('Workflow tags are disabled');
+            }
             if (req.query.withUsageCount === 'true') {
                 const tablePrefix = config.get('database.tablePrefix');
                 return TagHelpers.getTagsWithCountDb(tablePrefix);
             }
-            const tags = await _1.Db.collections.Tag.find({ select: ['id', 'name'] });
-            tags.forEach((tag) => (tag.id = tag.id.toString()));
-            return tags;
+            return _1.Db.collections.Tag.find({ select: ['id', 'name'] });
         }));
         this.app.post(`/${this.restEndpoint}/tags`, _1.ResponseHelper.send(async (req, res) => {
+            if (config.get('workflowTagsDisabled')) {
+                throw new _1.ResponseHelper.ResponseError('Workflow tags are disabled');
+            }
             const newTag = new TagEntity_1.TagEntity();
             newTag.name = req.body.name.trim();
             await this.externalHooks.run('tag.beforeCreate', [newTag]);
-            await TagHelpers.validateTag(newTag);
-            const tag = await _1.Db.collections
-                .Tag.save(newTag)
-                .catch(TagHelpers.throwDuplicateEntryError);
+            await GenericHelpers_1.validateEntity(newTag);
+            const tag = await _1.Db.collections.Tag.save(newTag);
             await this.externalHooks.run('tag.afterCreate', [tag]);
-            tag.id = tag.id.toString();
             return tag;
         }));
         this.app.patch(`/${this.restEndpoint}/tags/:id`, _1.ResponseHelper.send(async (req, res) => {
+            if (config.get('workflowTagsDisabled')) {
+                throw new _1.ResponseHelper.ResponseError('Workflow tags are disabled');
+            }
             const { name } = req.body;
             const { id } = req.params;
             const newTag = new TagEntity_1.TagEntity();
-            newTag.id = Number(id);
+            newTag.id = id;
             newTag.name = name.trim();
             await this.externalHooks.run('tag.beforeUpdate', [newTag]);
-            await TagHelpers.validateTag(newTag);
-            const tag = await _1.Db.collections
-                .Tag.save(newTag)
-                .catch(TagHelpers.throwDuplicateEntryError);
+            await GenericHelpers_1.validateEntity(newTag);
+            const tag = await _1.Db.collections.Tag.save(newTag);
             await this.externalHooks.run('tag.afterUpdate', [tag]);
-            tag.id = tag.id.toString();
             return tag;
         }));
         this.app.delete(`/${this.restEndpoint}/tags/:id`, _1.ResponseHelper.send(async (req, res) => {
+            if (config.get('workflowTagsDisabled')) {
+                throw new _1.ResponseHelper.ResponseError('Workflow tags are disabled');
+            }
+            if (config.get('userManagement.isInstanceOwnerSetUp') === true &&
+                req.user.globalRole.name !== 'owner') {
+                throw new _1.ResponseHelper.ResponseError('You are not allowed to perform this action', undefined, 403, 'Only owners can remove tags');
+            }
             const id = Number(req.params.id);
             await this.externalHooks.run('tag.beforeDelete', [id]);
             await _1.Db.collections.Tag.delete({ id });
             await this.externalHooks.run('tag.afterDelete', [id]);
             return true;
         }));
-        this.app.get(`/${this.restEndpoint}/node-parameter-options`, _1.ResponseHelper.send(async (req, res) => {
-            const nodeTypeAndVersion = JSON.parse(`${req.query.nodeTypeAndVersion}`);
-            const path = req.query.path;
+        this.app.get(`/${this.restEndpoint}/node-parameter-options`, _1.ResponseHelper.send(async (req) => {
+            const nodeTypeAndVersion = JSON.parse(req.query.nodeTypeAndVersion);
+            const { path, methodName } = req.query;
+            const currentNodeParameters = JSON.parse(req.query.currentNodeParameters);
             let credentials;
-            const currentNodeParameters = JSON.parse(`${req.query.currentNodeParameters}`);
-            if (req.query.credentials !== undefined) {
+            if (req.query.credentials) {
                 credentials = JSON.parse(req.query.credentials);
             }
-            const nodeTypes = _1.NodeTypes();
-            const loadDataInstance = new n8n_core_1.LoadNodeParameterOptions(nodeTypeAndVersion, nodeTypes, path, currentNodeParameters, credentials);
-            const additionalData = await _1.WorkflowExecuteAdditionalData.getBase(currentNodeParameters);
-            if (req.query.methodName) {
-                return loadDataInstance.getOptionsViaMethodName(req.query.methodName, additionalData);
+            const loadDataInstance = new n8n_core_1.LoadNodeParameterOptions(nodeTypeAndVersion, _1.NodeTypes(), path, currentNodeParameters, credentials);
+            const additionalData = await _1.WorkflowExecuteAdditionalData.getBase(req.user.id, currentNodeParameters);
+            if (methodName) {
+                return loadDataInstance.getOptionsViaMethodName(methodName, additionalData);
             }
             if (req.query.loadOptions) {
                 return loadDataInstance.getOptionsViaRequestProperty(JSON.parse(req.query.loadOptions), additionalData);
@@ -723,144 +859,28 @@ class App {
                 return _1.ResponseHelper.sendErrorResponse(res, error);
             }
         });
-        this.app.get(`/${this.restEndpoint}/active`, _1.ResponseHelper.send(async (req, res) => {
-            const activeWorkflows = await this.activeWorkflowRunner.getActiveWorkflows();
-            return activeWorkflows.map((workflow) => workflow.id.toString());
-        }));
-        this.app.get(`/${this.restEndpoint}/active/error/:id`, _1.ResponseHelper.send(async (req, res) => {
-            const { id } = req.params;
-            return this.activeWorkflowRunner.getActivationError(id);
-        }));
-        this.app.get(`/${this.restEndpoint}/credentials/new`, _1.ResponseHelper.send(async (req, res) => {
-            const requestedName = req.query.name && req.query.name !== '' ? req.query.name : this.defaultCredentialsName;
-            return await _1.GenericHelpers.generateUniqueName(requestedName, 'credentials');
-        }));
-        this.app.delete(`/${this.restEndpoint}/credentials/:id`, _1.ResponseHelper.send(async (req, res) => {
-            const { id } = req.params;
-            await this.externalHooks.run('credentials.delete', [id]);
-            await _1.Db.collections.Credentials.delete({ id });
-            return true;
-        }));
-        this.app.post(`/${this.restEndpoint}/credentials`, _1.ResponseHelper.send(async (req, res) => {
-            const incomingData = req.body;
-            if (!incomingData.name || incomingData.name.length < 3) {
-                throw new _1.ResponseHelper.ResponseError(`Credentials name must be at least 3 characters long.`, undefined, 400);
-            }
-            for (const nodeAccess of incomingData.nodesAccess) {
-                nodeAccess.date = this.getCurrentDate();
-            }
-            const encryptionKey = await n8n_core_1.UserSettings.getEncryptionKey();
-            if (encryptionKey === undefined) {
-                throw new Error('No encryption key got found to encrypt the credentials!');
-            }
-            if (incomingData.name === '') {
-                throw new Error('Credentials have to have a name set!');
-            }
-            const credentials = new n8n_core_1.Credentials({ id: null, name: incomingData.name }, incomingData.type, incomingData.nodesAccess);
-            credentials.setData(incomingData.data, encryptionKey);
-            const newCredentialsData = credentials.getDataToSave();
-            await this.externalHooks.run('credentials.create', [newCredentialsData]);
-            const result = await _1.Db.collections.Credentials.save(newCredentialsData);
-            result.data = incomingData.data;
-            result.id = result.id.toString();
-            return result;
-        }));
-        this.app.post(`/${this.restEndpoint}/credentials-test`, _1.ResponseHelper.send(async (req, res) => {
-            const incomingData = req.body;
-            const encryptionKey = await n8n_core_1.UserSettings.getEncryptionKey();
-            if (encryptionKey === undefined) {
-                return {
-                    status: 'Error',
-                    message: 'No encryption key got found to decrypt the credentials!',
-                };
-            }
-            const credentialsHelper = new _1.CredentialsHelper(encryptionKey);
-            const credentialType = incomingData.credentials.type;
-            return credentialsHelper.testCredentials(credentialType, incomingData.credentials, incomingData.nodeToTestWith);
-        }));
-        this.app.patch(`/${this.restEndpoint}/credentials/:id`, _1.ResponseHelper.send(async (req, res) => {
-            const incomingData = req.body;
-            const { id } = req.params;
-            if (incomingData.name === '') {
-                throw new Error('Credentials have to have a name set!');
-            }
-            for (const nodeAccess of incomingData.nodesAccess) {
-                if (!nodeAccess.date) {
-                    nodeAccess.date = this.getCurrentDate();
-                }
-            }
-            const encryptionKey = await n8n_core_1.UserSettings.getEncryptionKey();
-            if (encryptionKey === undefined) {
-                throw new Error('No encryption key got found to encrypt the credentials!');
-            }
-            const result = await _1.Db.collections.Credentials.findOne(id);
-            if (result === undefined) {
-                throw new _1.ResponseHelper.ResponseError(`Credentials with the id "${id}" do not exist.`, undefined, 400);
-            }
-            const currentlySavedCredentials = new n8n_core_1.Credentials(result, result.type, result.nodesAccess, result.data);
-            const decryptedData = currentlySavedCredentials.getData(encryptionKey);
-            if (decryptedData.oauthTokenData) {
-                incomingData.data.oauthTokenData = decryptedData.oauthTokenData;
-            }
-            const credentials = new n8n_core_1.Credentials({ id, name: incomingData.name }, incomingData.type, incomingData.nodesAccess);
-            credentials.setData(incomingData.data, encryptionKey);
-            const newCredentialsData = credentials.getDataToSave();
-            newCredentialsData.updatedAt = this.getCurrentDate();
-            await this.externalHooks.run('credentials.update', [newCredentialsData]);
-            await _1.Db.collections.Credentials.update(id, newCredentialsData);
-            const responseData = await _1.Db.collections.Credentials.findOne(id);
-            if (responseData === undefined) {
-                throw new _1.ResponseHelper.ResponseError(`Credentials with id "${id}" could not be found to be updated.`, undefined, 400);
-            }
-            responseData.data = '';
-            responseData.id = responseData.id.toString();
-            return responseData;
-        }));
-        this.app.get(`/${this.restEndpoint}/credentials/:id`, _1.ResponseHelper.send(async (req, res) => {
-            const findQuery = {};
-            const includeData = ['true', true].includes(req.query.includeData);
-            if (!includeData) {
-                findQuery.select = ['id', 'name', 'type', 'nodesAccess', 'createdAt', 'updatedAt'];
-            }
-            const result = await _1.Db.collections.Credentials.findOne(req.params.id);
-            if (result === undefined) {
-                return result;
-            }
-            let encryptionKey;
-            if (includeData) {
-                encryptionKey = await n8n_core_1.UserSettings.getEncryptionKey();
-                if (encryptionKey === undefined) {
-                    throw new Error('No encryption key got found to decrypt the credentials!');
-                }
-                const credentials = new n8n_core_1.Credentials(result, result.type, result.nodesAccess, result.data);
-                result.data = credentials.getData(encryptionKey);
-            }
-            result.id = result.id.toString();
-            return result;
+        this.app.get(`/${this.restEndpoint}/active`, _1.ResponseHelper.send(async (req) => {
+            const activeWorkflows = await this.activeWorkflowRunner.getActiveWorkflows(req.user);
+            return activeWorkflows.map(({ id }) => id.toString());
         }));
-        this.app.get(`/${this.restEndpoint}/credentials`, _1.ResponseHelper.send(async (req, res) => {
-            const findQuery = {};
-            if (req.query.filter) {
-                findQuery.where = JSON.parse(req.query.filter);
-                if (findQuery.where.id !== undefined) {
-                    findQuery.where = { id: findQuery.where.id };
-                }
-            }
-            findQuery.select = ['id', 'name', 'type', 'nodesAccess', 'createdAt', 'updatedAt'];
-            const results = (await _1.Db.collections.Credentials.find(findQuery));
-            let encryptionKey;
-            const includeData = ['true', true].includes(req.query.includeData);
-            if (includeData) {
-                encryptionKey = await n8n_core_1.UserSettings.getEncryptionKey();
-                if (encryptionKey === undefined) {
-                    throw new Error('No encryption key got found to decrypt the credentials!');
-                }
-            }
-            let result;
-            for (result of results) {
-                result.id = result.id.toString();
+        this.app.get(`/${this.restEndpoint}/active/error/:id`, _1.ResponseHelper.send(async (req) => {
+            const { id: workflowId } = req.params;
+            const shared = await _1.Db.collections.SharedWorkflow.findOne({
+                relations: ['workflow'],
+                where: WorkflowHelpers_1.whereClause({
+                    user: req.user,
+                    entityType: 'workflow',
+                    entityId: workflowId,
+                }),
+            });
+            if (!shared) {
+                n8n_workflow_1.LoggerProxy.info('User attempted to access workflow errors without permissions', {
+                    workflowId,
+                    userId: req.user.id,
+                });
+                throw new _1.ResponseHelper.ResponseError(`Workflow with ID "${workflowId}" could not be found.`, undefined, 400);
             }
-            return results;
+            return this.activeWorkflowRunner.getActivationError(workflowId);
         }));
         this.app.get(`/${this.restEndpoint}/credential-types`, _1.ResponseHelper.send(async (req, res) => {
             const returnData = [];
@@ -895,26 +915,25 @@ class App {
                 return _1.ResponseHelper.sendErrorResponse(res, error);
             }
         });
-        this.app.get(`/${this.restEndpoint}/oauth1-credential/auth`, _1.ResponseHelper.send(async (req, res) => {
-            if (req.query.id === undefined) {
-                res.status(500).send('Required credential id is missing!');
-                return '';
+        this.app.get(`/${this.restEndpoint}/oauth1-credential/auth`, _1.ResponseHelper.send(async (req) => {
+            const { id: credentialId } = req.query;
+            if (!credentialId) {
+                n8n_workflow_1.LoggerProxy.error('OAuth1 credential authorization failed due to missing credential ID');
+                throw new _1.ResponseHelper.ResponseError('Required credential ID is missing', undefined, 400);
             }
-            const result = await _1.Db.collections.Credentials.findOne(req.query.id);
-            if (result === undefined) {
-                res.status(404).send('The credential is not known.');
-                return '';
+            const credential = await _1.getCredentialForUser(credentialId, req.user);
+            if (!credential) {
+                n8n_workflow_1.LoggerProxy.error('OAuth1 credential authorization failed because the current user does not have the correct permissions', { userId: req.user.id });
+                throw new _1.ResponseHelper.ResponseError(constants_1.RESPONSE_ERROR_MESSAGES.NO_CREDENTIAL, undefined, 404);
             }
-            let encryptionKey;
-            encryptionKey = await n8n_core_1.UserSettings.getEncryptionKey();
-            if (encryptionKey === undefined) {
-                res.status(500).send('No encryption key got found to decrypt the credentials!');
-                return '';
+            const encryptionKey = await n8n_core_1.UserSettings.getEncryptionKey();
+            if (!encryptionKey) {
+                throw new _1.ResponseHelper.ResponseError(constants_1.RESPONSE_ERROR_MESSAGES.NO_ENCRYPTION_KEY, undefined, 500);
             }
             const mode = 'internal';
             const credentialsHelper = new _1.CredentialsHelper(encryptionKey);
-            const decryptedDataOriginal = await credentialsHelper.getDecrypted(result, result.type, mode, true);
-            const oauthCredentials = credentialsHelper.applyDefaultsAndOverwrites(decryptedDataOriginal, result.type, mode);
+            const decryptedDataOriginal = await credentialsHelper.getDecrypted(credential, credential.type, mode, true);
+            const oauthCredentials = credentialsHelper.applyDefaultsAndOverwrites(decryptedDataOriginal, credential.type, mode);
             const signatureMethod = _.get(oauthCredentials, 'signatureMethod');
             const oAuthOptions = {
                 consumer: {
@@ -928,7 +947,7 @@ class App {
                 },
             };
             const oauthRequestData = {
-                oauth_callback: `${_1.WebhookHelpers.getWebhookBaseUrl()}${this.restEndpoint}/oauth1-credential/callback?cid=${req.query.id}`,
+                oauth_callback: `${_1.WebhookHelpers.getWebhookBaseUrl()}${this.restEndpoint}/oauth1-credential/callback?cid=${credentialId}`,
             };
             await this.externalHooks.run('oauth1.authenticate', [oAuthOptions, oauthRequestData]);
             const oauth = new clientOAuth1(oAuthOptions);
@@ -942,35 +961,46 @@ class App {
             const response = await requestPromise(options);
             const responseJson = querystring.parse(response);
             const returnUri = `${_.get(oauthCredentials, 'authUrl')}?oauth_token=${responseJson.oauth_token}`;
-            const credentials = new n8n_core_1.Credentials(result, result.type, result.nodesAccess);
+            const credentials = new n8n_core_1.Credentials(credential, credential.type, credential.nodesAccess);
             credentials.setData(decryptedDataOriginal, encryptionKey);
             const newCredentialsData = credentials.getDataToSave();
             newCredentialsData.updatedAt = this.getCurrentDate();
-            await _1.Db.collections.Credentials.update(req.query.id, newCredentialsData);
+            await _1.Db.collections.Credentials.update(credentialId, newCredentialsData);
+            n8n_workflow_1.LoggerProxy.verbose('OAuth1 authorization successful for new credential', {
+                userId: req.user.id,
+                credentialId,
+            });
             return returnUri;
         }));
         this.app.get(`/${this.restEndpoint}/oauth1-credential/callback`, async (req, res) => {
             try {
-                const { oauth_verifier, oauth_token, cid } = req.query;
-                if (oauth_verifier === undefined || oauth_token === undefined) {
+                const { oauth_verifier, oauth_token, cid: credentialId } = req.query;
+                if (!oauth_verifier || !oauth_token) {
                     const errorResponse = new _1.ResponseHelper.ResponseError(`Insufficient parameters for OAuth1 callback. Received following query parameters: ${JSON.stringify(req.query)}`, undefined, 503);
+                    n8n_workflow_1.LoggerProxy.error('OAuth1 callback failed because of insufficient parameters received', {
+                        userId: req.user.id,
+                        credentialId,
+                    });
                     return _1.ResponseHelper.sendErrorResponse(res, errorResponse);
                 }
-                const result = await _1.Db.collections.Credentials.findOne(cid);
-                if (result === undefined) {
-                    const errorResponse = new _1.ResponseHelper.ResponseError('The credential is not known.', undefined, 404);
+                const credential = await _1.getCredentialForUser(credentialId, req.user);
+                if (!credential) {
+                    n8n_workflow_1.LoggerProxy.error('OAuth1 callback failed because of insufficient user permissions', {
+                        userId: req.user.id,
+                        credentialId,
+                    });
+                    const errorResponse = new _1.ResponseHelper.ResponseError(constants_1.RESPONSE_ERROR_MESSAGES.NO_CREDENTIAL, undefined, 404);
                     return _1.ResponseHelper.sendErrorResponse(res, errorResponse);
                 }
-                let encryptionKey;
-                encryptionKey = await n8n_core_1.UserSettings.getEncryptionKey();
-                if (encryptionKey === undefined) {
-                    const errorResponse = new _1.ResponseHelper.ResponseError('No encryption key got found to decrypt the credentials!', undefined, 503);
+                const encryptionKey = await n8n_core_1.UserSettings.getEncryptionKey();
+                if (!encryptionKey) {
+                    const errorResponse = new _1.ResponseHelper.ResponseError(constants_1.RESPONSE_ERROR_MESSAGES.NO_ENCRYPTION_KEY, undefined, 503);
                     return _1.ResponseHelper.sendErrorResponse(res, errorResponse);
                 }
                 const mode = 'internal';
                 const credentialsHelper = new _1.CredentialsHelper(encryptionKey);
-                const decryptedDataOriginal = await credentialsHelper.getDecrypted(result, result.type, mode, true);
-                const oauthCredentials = credentialsHelper.applyDefaultsAndOverwrites(decryptedDataOriginal, result.type, mode);
+                const decryptedDataOriginal = await credentialsHelper.getDecrypted(credential, credential.type, mode, true);
+                const oauthCredentials = credentialsHelper.applyDefaultsAndOverwrites(decryptedDataOriginal, credential.type, mode);
                 const options = {
                     method: 'POST',
                     url: _.get(oauthCredentials, 'accessTokenUrl'),
@@ -984,42 +1014,55 @@ class App {
                     oauthToken = await requestPromise(options);
                 }
                 catch (error) {
+                    n8n_workflow_1.LoggerProxy.error('Unable to fetch tokens for OAuth1 callback', {
+                        userId: req.user.id,
+                        credentialId,
+                    });
                     const errorResponse = new _1.ResponseHelper.ResponseError('Unable to get access tokens!', undefined, 404);
                     return _1.ResponseHelper.sendErrorResponse(res, errorResponse);
                 }
                 const oauthTokenJson = querystring.parse(oauthToken);
                 decryptedDataOriginal.oauthTokenData = oauthTokenJson;
-                const credentials = new n8n_core_1.Credentials(result, result.type, result.nodesAccess);
+                const credentials = new n8n_core_1.Credentials(credential, credential.type, credential.nodesAccess);
                 credentials.setData(decryptedDataOriginal, encryptionKey);
                 const newCredentialsData = credentials.getDataToSave();
                 newCredentialsData.updatedAt = this.getCurrentDate();
-                await _1.Db.collections.Credentials.update(cid, newCredentialsData);
+                await _1.Db.collections.Credentials.update(credentialId, newCredentialsData);
+                n8n_workflow_1.LoggerProxy.verbose('OAuth1 callback successful for new credential', {
+                    userId: req.user.id,
+                    credentialId,
+                });
                 res.sendFile(path_1.resolve(__dirname, '../../templates/oauth-callback.html'));
             }
             catch (error) {
+                n8n_workflow_1.LoggerProxy.error('OAuth1 callback failed because of insufficient user permissions', {
+                    userId: req.user.id,
+                    credentialId: req.query.cid,
+                });
                 return _1.ResponseHelper.sendErrorResponse(res, error);
             }
         });
-        this.app.get(`/${this.restEndpoint}/oauth2-credential/auth`, _1.ResponseHelper.send(async (req, res) => {
-            if (req.query.id === undefined) {
-                res.status(500).send('Required credential id is missing.');
-                return '';
-            }
-            const result = await _1.Db.collections.Credentials.findOne(req.query.id);
-            if (result === undefined) {
-                res.status(404).send('The credential is not known.');
-                return '';
+        this.app.get(`/${this.restEndpoint}/oauth2-credential/auth`, _1.ResponseHelper.send(async (req) => {
+            const { id: credentialId } = req.query;
+            if (!credentialId) {
+                throw new _1.ResponseHelper.ResponseError('Required credential ID is missing', undefined, 400);
+            }
+            const credential = await _1.getCredentialForUser(credentialId, req.user);
+            if (!credential) {
+                n8n_workflow_1.LoggerProxy.error('Failed to authorize OAuth2 due to lack of permissions', {
+                    userId: req.user.id,
+                    credentialId,
+                });
+                throw new _1.ResponseHelper.ResponseError(constants_1.RESPONSE_ERROR_MESSAGES.NO_CREDENTIAL, undefined, 404);
             }
-            let encryptionKey;
-            encryptionKey = await n8n_core_1.UserSettings.getEncryptionKey();
-            if (encryptionKey === undefined) {
-                res.status(500).send('No encryption key got found to decrypt the credentials!');
-                return '';
+            const encryptionKey = await n8n_core_1.UserSettings.getEncryptionKey();
+            if (!encryptionKey) {
+                throw new _1.ResponseHelper.ResponseError(constants_1.RESPONSE_ERROR_MESSAGES.NO_ENCRYPTION_KEY, undefined, 500);
             }
             const mode = 'internal';
             const credentialsHelper = new _1.CredentialsHelper(encryptionKey);
-            const decryptedDataOriginal = await credentialsHelper.getDecrypted(result, result.type, mode, true);
-            const oauthCredentials = credentialsHelper.applyDefaultsAndOverwrites(decryptedDataOriginal, result.type, mode);
+            const decryptedDataOriginal = await credentialsHelper.getDecrypted(credential, credential.type, mode, true);
+            const oauthCredentials = credentialsHelper.applyDefaultsAndOverwrites(decryptedDataOriginal, credential.type, mode);
             const token = new csrf();
             const csrfSecret = token.secretSync();
             const state = {
@@ -1038,7 +1081,7 @@ class App {
             };
             await this.externalHooks.run('oauth2.authenticate', [oAuthOptions]);
             const oAuthObj = new clientOAuth2(oAuthOptions);
-            const credentials = new n8n_core_1.Credentials(result, result.type, result.nodesAccess);
+            const credentials = new n8n_core_1.Credentials(credential, credential.type, credential.nodesAccess);
             decryptedDataOriginal.csrfSecret = csrfSecret;
             credentials.setData(decryptedDataOriginal, encryptionKey);
             const newCredentialsData = credentials.getDataToSave();
@@ -1054,12 +1097,16 @@ class App {
             if (authQueryParameters) {
                 returnUri += `&${authQueryParameters}`;
             }
+            n8n_workflow_1.LoggerProxy.verbose('OAuth2 authentication successful for new credential', {
+                userId: req.user.id,
+                credentialId,
+            });
             return returnUri;
         }));
         this.app.get(`/${this.restEndpoint}/oauth2-credential/callback`, async (req, res) => {
             try {
                 const { code, state: stateEncoded } = req.query;
-                if (code === undefined || stateEncoded === undefined) {
+                if (!code || !stateEncoded) {
                     const errorResponse = new _1.ResponseHelper.ResponseError(`Insufficient parameters for OAuth2 callback. Received following query parameters: ${JSON.stringify(req.query)}`, undefined, 503);
                     return _1.ResponseHelper.sendErrorResponse(res, errorResponse);
                 }
@@ -1071,24 +1118,31 @@ class App {
                     const errorResponse = new _1.ResponseHelper.ResponseError('Invalid state format returned', undefined, 503);
                     return _1.ResponseHelper.sendErrorResponse(res, errorResponse);
                 }
-                const result = await _1.Db.collections.Credentials.findOne(state.cid);
-                if (result === undefined) {
-                    const errorResponse = new _1.ResponseHelper.ResponseError('The credential is not known.', undefined, 404);
+                const credential = await _1.getCredentialForUser(state.cid, req.user);
+                if (!credential) {
+                    n8n_workflow_1.LoggerProxy.error('OAuth2 callback failed because of insufficient permissions', {
+                        userId: req.user.id,
+                        credentialId: state.cid,
+                    });
+                    const errorResponse = new _1.ResponseHelper.ResponseError(constants_1.RESPONSE_ERROR_MESSAGES.NO_CREDENTIAL, undefined, 404);
                     return _1.ResponseHelper.sendErrorResponse(res, errorResponse);
                 }
-                let encryptionKey;
-                encryptionKey = await n8n_core_1.UserSettings.getEncryptionKey();
-                if (encryptionKey === undefined) {
-                    const errorResponse = new _1.ResponseHelper.ResponseError('No encryption key got found to decrypt the credentials!', undefined, 503);
+                const encryptionKey = await n8n_core_1.UserSettings.getEncryptionKey();
+                if (!encryptionKey) {
+                    const errorResponse = new _1.ResponseHelper.ResponseError(constants_1.RESPONSE_ERROR_MESSAGES.NO_ENCRYPTION_KEY, undefined, 503);
                     return _1.ResponseHelper.sendErrorResponse(res, errorResponse);
                 }
                 const mode = 'internal';
                 const credentialsHelper = new _1.CredentialsHelper(encryptionKey);
-                const decryptedDataOriginal = await credentialsHelper.getDecrypted(result, result.type, mode, true);
-                const oauthCredentials = credentialsHelper.applyDefaultsAndOverwrites(decryptedDataOriginal, result.type, mode);
+                const decryptedDataOriginal = await credentialsHelper.getDecrypted(credential, credential.type, mode, true);
+                const oauthCredentials = credentialsHelper.applyDefaultsAndOverwrites(decryptedDataOriginal, credential.type, mode);
                 const token = new csrf();
                 if (decryptedDataOriginal.csrfSecret === undefined ||
                     !token.verify(decryptedDataOriginal.csrfSecret, state.token)) {
+                    n8n_workflow_1.LoggerProxy.debug('OAuth2 callback state is invalid', {
+                        userId: req.user.id,
+                        credentialId: state.cid,
+                    });
                     const errorResponse = new _1.ResponseHelper.ResponseError('The OAuth2 callback state is invalid!', undefined, 404);
                     return _1.ResponseHelper.sendErrorResponse(res, errorResponse);
                 }
@@ -1118,6 +1172,10 @@ class App {
                     _.set(oauthToken.data, 'callbackQueryString', _.omit(req.query, 'state', 'code'));
                 }
                 if (oauthToken === undefined) {
+                    n8n_workflow_1.LoggerProxy.error('OAuth2 callback failed: unable to get access tokens', {
+                        userId: req.user.id,
+                        credentialId: state.cid,
+                    });
                     const errorResponse = new _1.ResponseHelper.ResponseError('Unable to get access tokens!', undefined, 404);
                     return _1.ResponseHelper.sendErrorResponse(res, errorResponse);
                 }
@@ -1128,124 +1186,152 @@ class App {
                     decryptedDataOriginal.oauthTokenData = oauthToken.data;
                 }
                 _.unset(decryptedDataOriginal, 'csrfSecret');
-                const credentials = new n8n_core_1.Credentials(result, result.type, result.nodesAccess);
+                const credentials = new n8n_core_1.Credentials(credential, credential.type, credential.nodesAccess);
                 credentials.setData(decryptedDataOriginal, encryptionKey);
                 const newCredentialsData = credentials.getDataToSave();
                 newCredentialsData.updatedAt = this.getCurrentDate();
                 await _1.Db.collections.Credentials.update(state.cid, newCredentialsData);
+                n8n_workflow_1.LoggerProxy.verbose('OAuth2 callback successful for new credential', {
+                    userId: req.user.id,
+                    credentialId: state.cid,
+                });
                 res.sendFile(path_1.resolve(__dirname, '../../templates/oauth-callback.html'));
             }
             catch (error) {
                 return _1.ResponseHelper.sendErrorResponse(res, error);
             }
         });
-        this.app.get(`/${this.restEndpoint}/executions`, _1.ResponseHelper.send(async (req, res) => {
-            let filter = {};
-            if (req.query.filter) {
-                filter = JSON.parse(req.query.filter);
-            }
-            let limit = 20;
-            if (req.query.limit) {
-                limit = parseInt(req.query.limit, 10);
-            }
+        this.app.get(`/${this.restEndpoint}/executions`, _1.ResponseHelper.send(async (req) => {
+            const filter = req.query.filter ? JSON.parse(req.query.filter) : {};
+            const limit = req.query.limit
+                ? parseInt(req.query.limit, 10)
+                : GenericHelpers_1.DEFAULT_EXECUTIONS_GET_ALL_LIMIT;
             const executingWorkflowIds = [];
             if (config.get('executions.mode') === 'queue') {
                 const currentJobs = await Queue.getInstance().getJobs(['active', 'waiting']);
-                executingWorkflowIds.push(...currentJobs.map((job) => job.data.executionId));
-            }
-            executingWorkflowIds.push(...this.activeExecutionsInstance
-                .getActiveExecutions()
-                .map((execution) => execution.id.toString()));
-            const countFilter = JSON.parse(JSON.stringify(filter));
-            if (countFilter.waitTill !== undefined) {
-                countFilter.waitTill = typeorm_1.Not(typeorm_1.IsNull());
+                executingWorkflowIds.push(...currentJobs.map(({ data }) => data.executionId));
             }
+            executingWorkflowIds.push(...this.activeExecutionsInstance.getActiveExecutions().map(({ id }) => id));
+            const countFilter = lodash_1.cloneDeep(filter);
+            countFilter.waitTill && (countFilter.waitTill = typeorm_1.Not(typeorm_1.IsNull()));
             countFilter.id = typeorm_1.Not(typeorm_1.In(executingWorkflowIds));
-            const resultsQuery = await _1.Db.collections
-                .Execution.createQueryBuilder('execution')
-                .select([
-                'execution.id',
-                'execution.finished',
-                'execution.mode',
-                'execution.retryOf',
-                'execution.retrySuccessId',
-                'execution.waitTill',
-                'execution.startedAt',
-                'execution.stoppedAt',
-                'execution.workflowData',
-            ])
-                .orderBy('execution.id', 'DESC')
-                .take(limit);
-            Object.keys(filter).forEach((filterField) => {
-                if (filterField === 'waitTill') {
-                    resultsQuery.andWhere(`execution.${filterField} is not null`);
-                }
-                else if (filterField === 'finished' && filter[filterField] === false) {
-                    resultsQuery.andWhere(`execution.${filterField} = :${filterField}`, {
-                        [filterField]: filter[filterField],
-                    });
-                    resultsQuery.andWhere(`execution.waitTill is null`);
+            const sharedWorkflowIds = await WorkflowHelpers_1.getSharedWorkflowIds(req.user);
+            const findOptions = {
+                select: [
+                    'id',
+                    'finished',
+                    'mode',
+                    'retryOf',
+                    'retrySuccessId',
+                    'waitTill',
+                    'startedAt',
+                    'stoppedAt',
+                    'workflowData',
+                ],
+                where: { workflowId: typeorm_1.In(sharedWorkflowIds) },
+                order: { id: 'DESC' },
+                take: limit,
+            };
+            Object.entries(filter).forEach(([key, value]) => {
+                let filterToAdd = {};
+                if (key === 'waitTill') {
+                    filterToAdd = { waitTill: !typeorm_1.IsNull() };
+                }
+                else if (key === 'finished' && value === false) {
+                    filterToAdd = { finished: false, waitTill: typeorm_1.IsNull() };
                 }
                 else {
-                    resultsQuery.andWhere(`execution.${filterField} = :${filterField}`, {
-                        [filterField]: filter[filterField],
-                    });
+                    filterToAdd = { [key]: value };
                 }
+                Object.assign(findOptions.where, filterToAdd);
             });
+            const rangeQuery = [];
+            const rangeQueryParams = {};
             if (req.query.lastId) {
-                resultsQuery.andWhere(`execution.id < :lastId`, { lastId: req.query.lastId });
+                rangeQuery.push('id < :lastId');
+                rangeQueryParams.lastId = req.query.lastId;
             }
             if (req.query.firstId) {
-                resultsQuery.andWhere(`execution.id > :firstId`, { firstId: req.query.firstId });
+                rangeQuery.push('id > :firstId');
+                rangeQueryParams.firstId = req.query.firstId;
             }
             if (executingWorkflowIds.length > 0) {
-                resultsQuery.andWhere(`execution.id NOT IN (:...ids)`, { ids: executingWorkflowIds });
-            }
-            const resultsPromise = resultsQuery.getMany();
-            const countPromise = getExecutionsCount(countFilter);
-            const results = await resultsPromise;
-            const countedObjects = await countPromise;
-            const returnResults = [];
-            for (const result of results) {
-                returnResults.push({
-                    id: result.id.toString(),
-                    finished: result.finished,
-                    mode: result.mode,
-                    retryOf: result.retryOf ? result.retryOf.toString() : undefined,
-                    retrySuccessId: result.retrySuccessId ? result.retrySuccessId.toString() : undefined,
-                    waitTill: result.waitTill,
-                    startedAt: result.startedAt,
-                    stoppedAt: result.stoppedAt,
-                    workflowId: result.workflowData.id ? result.workflowData.id.toString() : '',
-                    workflowName: result.workflowData.name,
+                rangeQuery.push(`id NOT IN (:...executingWorkflowIds)`);
+                rangeQueryParams.executingWorkflowIds = executingWorkflowIds;
+            }
+            if (rangeQuery.length) {
+                Object.assign(findOptions.where, {
+                    id: typeorm_1.Raw(() => rangeQuery.join(' and '), rangeQueryParams),
                 });
             }
+            const executions = await _1.Db.collections.Execution.find(findOptions);
+            const { count, estimated } = await getExecutionsCount(countFilter, req.user);
+            const formattedExecutions = executions.map((execution) => {
+                var _a, _b, _c, _d, _e;
+                return {
+                    id: execution.id.toString(),
+                    finished: execution.finished,
+                    mode: execution.mode,
+                    retryOf: (_a = execution.retryOf) === null || _a === void 0 ? void 0 : _a.toString(),
+                    retrySuccessId: (_b = execution === null || execution === void 0 ? void 0 : execution.retrySuccessId) === null || _b === void 0 ? void 0 : _b.toString(),
+                    waitTill: execution.waitTill,
+                    startedAt: execution.startedAt,
+                    stoppedAt: execution.stoppedAt,
+                    workflowId: (_e = (_d = (_c = execution.workflowData) === null || _c === void 0 ? void 0 : _c.id) === null || _d === void 0 ? void 0 : _d.toString()) !== null && _e !== void 0 ? _e : '',
+                    workflowName: execution.workflowData.name,
+                };
+            });
             return {
-                count: countedObjects.count,
-                results: returnResults,
-                estimated: countedObjects.estimate,
+                count,
+                results: formattedExecutions,
+                estimated,
             };
         }));
-        this.app.get(`/${this.restEndpoint}/executions/:id`, _1.ResponseHelper.send(async (req, res) => {
-            const result = await _1.Db.collections.Execution.findOne(req.params.id);
-            if (result === undefined) {
+        this.app.get(`/${this.restEndpoint}/executions/:id`, _1.ResponseHelper.send(async (req) => {
+            const { id: executionId } = req.params;
+            const sharedWorkflowIds = await WorkflowHelpers_1.getSharedWorkflowIds(req.user);
+            if (!sharedWorkflowIds.length)
+                return undefined;
+            const execution = await _1.Db.collections.Execution.findOne({
+                where: {
+                    id: executionId,
+                    workflowId: typeorm_1.In(sharedWorkflowIds),
+                },
+            });
+            if (!execution) {
+                n8n_workflow_1.LoggerProxy.info('Attempt to read execution was blocked due to insufficient permissions', {
+                    userId: req.user.id,
+                    executionId,
+                });
                 return undefined;
             }
             if (req.query.unflattedResponse === 'true') {
-                const fullExecutionData = _1.ResponseHelper.unflattenExecutionData(result);
-                return fullExecutionData;
+                return _1.ResponseHelper.unflattenExecutionData(execution);
             }
-            result.id = result.id.toString();
-            return result;
+            const { id } = execution, rest = __rest(execution, ["id"]);
+            return Object.assign({ id: id.toString() }, rest);
         }));
-        this.app.post(`/${this.restEndpoint}/executions/:id/retry`, _1.ResponseHelper.send(async (req, res) => {
-            const fullExecutionDataFlatted = await _1.Db.collections.Execution.findOne(req.params.id);
-            if (fullExecutionDataFlatted === undefined) {
-                throw new _1.ResponseHelper.ResponseError(`The execution with the id "${req.params.id}" does not exist.`, 404, 404);
+        this.app.post(`/${this.restEndpoint}/executions/:id/retry`, _1.ResponseHelper.send(async (req) => {
+            const { id: executionId } = req.params;
+            const sharedWorkflowIds = await WorkflowHelpers_1.getSharedWorkflowIds(req.user);
+            if (!sharedWorkflowIds.length)
+                return false;
+            const execution = await _1.Db.collections.Execution.findOne({
+                where: {
+                    id: executionId,
+                    workflowId: typeorm_1.In(sharedWorkflowIds),
+                },
+            });
+            if (!execution) {
+                n8n_workflow_1.LoggerProxy.info('Attempt to retry an execution was blocked due to insufficient permissions', {
+                    userId: req.user.id,
+                    executionId,
+                });
+                throw new _1.ResponseHelper.ResponseError(`The execution with the ID "${executionId}" does not exist.`, 404, 404);
             }
-            const fullExecutionData = _1.ResponseHelper.unflattenExecutionData(fullExecutionDataFlatted);
+            const fullExecutionData = _1.ResponseHelper.unflattenExecutionData(execution);
             if (fullExecutionData.finished) {
-                throw new Error('The execution did succeed and can so not be retried.');
+                throw new Error('The execution succeeded, so it cannot be retried.');
             }
             const executionMode = 'retry';
             fullExecutionData.workflowData.active = false;
@@ -1254,6 +1340,7 @@ class App {
                 executionData: fullExecutionData.data,
                 retryOf: req.params.id,
                 workflowData: fullExecutionData.workflowData,
+                userId: req.user.id,
             };
             const { lastNodeExecuted } = data.executionData.resultData;
             if (lastNodeExecuted) {
@@ -1264,7 +1351,7 @@ class App {
                     data.executionData.resultData.runData[lastNodeExecuted].pop();
                 }
             }
-            if (req.body.loadWorkflow === true) {
+            if (req.body.loadWorkflow) {
                 const workflowId = fullExecutionData.workflowData.id;
                 const workflowData = (await _1.Db.collections.Workflow.findOne(workflowId));
                 if (workflowData === undefined) {
@@ -1285,88 +1372,115 @@ class App {
                 for (const stack of data.executionData.executionData.nodeExecutionStack) {
                     const node = workflowInstance.getNode(stack.node.name);
                     if (node === null) {
+                        n8n_workflow_1.LoggerProxy.error('Failed to retry an execution because a node could not be found', {
+                            userId: req.user.id,
+                            executionId,
+                            nodeName: stack.node.name,
+                        });
                         throw new Error(`Could not find the node "${stack.node.name}" in workflow. It probably got deleted or renamed. Without it the workflow can sadly not be retried.`);
                     }
                     stack.node = node;
                 }
             }
             const workflowRunner = new _1.WorkflowRunner();
-            const executionId = await workflowRunner.run(data);
-            const executionData = await this.activeExecutionsInstance.getPostExecutePromise(executionId);
-            if (executionData === undefined) {
+            const retriedExecutionId = await workflowRunner.run(data);
+            const executionData = await this.activeExecutionsInstance.getPostExecutePromise(retriedExecutionId);
+            if (!executionData) {
                 throw new Error('The retry did not start for an unknown reason.');
             }
             return !!executionData.finished;
         }));
-        this.app.post(`/${this.restEndpoint}/executions/delete`, _1.ResponseHelper.send(async (req, res) => {
-            const deleteData = req.body;
-            if (deleteData.deleteBefore !== undefined) {
+        this.app.post(`/${this.restEndpoint}/executions/delete`, _1.ResponseHelper.send(async (req) => {
+            const { deleteBefore, ids, filters: requestFilters } = req.body;
+            if (!deleteBefore && !ids) {
+                throw new Error('Either "deleteBefore" or "ids" must be present in the request body');
+            }
+            const sharedWorkflowIds = await WorkflowHelpers_1.getSharedWorkflowIds(req.user);
+            const binaryDataManager = n8n_core_1.BinaryDataManager.getInstance();
+            if (deleteBefore) {
                 const filters = {
-                    startedAt: typeorm_1.LessThanOrEqual(deleteData.deleteBefore),
+                    startedAt: typeorm_1.LessThanOrEqual(deleteBefore),
                 };
-                if (deleteData.filters !== undefined) {
-                    Object.assign(filters, deleteData.filters);
+                if (filters) {
+                    Object.assign(filters, requestFilters);
                 }
-                const execs = await _1.Db.collections.Execution.find(Object.assign(Object.assign({}, filters), { select: ['id'] }));
-                await Promise.all(execs.map(async (item) => n8n_core_1.BinaryDataManager.getInstance().deleteBinaryDataByExecutionId(item.id.toString())));
-                await _1.Db.collections.Execution.delete(filters);
-            }
-            else if (deleteData.ids !== undefined) {
-                await Promise.all(deleteData.ids.map(async (id) => n8n_core_1.BinaryDataManager.getInstance().deleteBinaryDataByExecutionId(id)));
-                await _1.Db.collections.Execution.delete(deleteData.ids);
+                const executions = await _1.Db.collections.Execution.find({
+                    where: Object.assign({ workflowId: typeorm_1.In(sharedWorkflowIds) }, filters),
+                });
+                if (!executions.length)
+                    return;
+                const idsToDelete = executions.map(({ id }) => id.toString());
+                await Promise.all(idsToDelete.map(async (id) => binaryDataManager.deleteBinaryDataByExecutionId(id)));
+                await _1.Db.collections.Execution.delete({ id: typeorm_1.In(idsToDelete) });
+                return;
             }
-            else {
-                throw new Error('Required body-data "ids" or "deleteBefore" is missing!');
+            if (ids) {
+                const executions = await _1.Db.collections.Execution.find({
+                    where: {
+                        id: typeorm_1.In(ids),
+                        workflowId: typeorm_1.In(sharedWorkflowIds),
+                    },
+                });
+                if (!executions.length) {
+                    n8n_workflow_1.LoggerProxy.error('Failed to delete an execution due to insufficient permissions', {
+                        userId: req.user.id,
+                        executionIds: ids,
+                    });
+                    return;
+                }
+                const idsToDelete = executions.map(({ id }) => id.toString());
+                await Promise.all(idsToDelete.map(async (id) => binaryDataManager.deleteBinaryDataByExecutionId(id)));
+                await _1.Db.collections.Execution.delete(idsToDelete);
             }
         }));
-        this.app.get(`/${this.restEndpoint}/executions-current`, _1.ResponseHelper.send(async (req, res) => {
+        this.app.get(`/${this.restEndpoint}/executions-current`, _1.ResponseHelper.send(async (req) => {
             if (config.get('executions.mode') === 'queue') {
                 const currentJobs = await Queue.getInstance().getJobs(['active', 'waiting']);
                 const currentlyRunningQueueIds = currentJobs.map((job) => job.data.executionId);
                 const currentlyRunningManualExecutions = this.activeExecutionsInstance.getActiveExecutions();
                 const manualExecutionIds = currentlyRunningManualExecutions.map((execution) => execution.id);
                 const currentlyRunningExecutionIds = currentlyRunningQueueIds.concat(manualExecutionIds);
-                if (currentlyRunningExecutionIds.length === 0) {
+                if (!currentlyRunningExecutionIds.length)
+                    return [];
+                const findOptions = {
+                    select: ['id', 'workflowId', 'mode', 'retryOf', 'startedAt'],
+                    order: { id: 'DESC' },
+                    where: {
+                        id: typeorm_1.In(currentlyRunningExecutionIds),
+                    },
+                };
+                const sharedWorkflowIds = await WorkflowHelpers_1.getSharedWorkflowIds(req.user);
+                if (!sharedWorkflowIds.length)
                     return [];
-                }
-                const resultsQuery = await _1.Db.collections
-                    .Execution.createQueryBuilder('execution')
-                    .select([
-                    'execution.id',
-                    'execution.workflowId',
-                    'execution.mode',
-                    'execution.retryOf',
-                    'execution.startedAt',
-                ])
-                    .orderBy('execution.id', 'DESC')
-                    .andWhere(`execution.id IN (:...ids)`, { ids: currentlyRunningExecutionIds });
                 if (req.query.filter) {
-                    const filter = JSON.parse(req.query.filter);
-                    if (filter.workflowId !== undefined) {
-                        resultsQuery.andWhere('execution.workflowId = :workflowId', {
-                            workflowId: filter.workflowId,
-                        });
+                    const { workflowId } = JSON.parse(req.query.filter);
+                    if (workflowId && sharedWorkflowIds.includes(workflowId)) {
+                        Object.assign(findOptions.where, { workflowId });
                     }
                 }
-                const results = await resultsQuery.getMany();
-                return results.map((result) => {
+                else {
+                    Object.assign(findOptions.where, { workflowId: typeorm_1.In(sharedWorkflowIds) });
+                }
+                const executions = await _1.Db.collections.Execution.find(findOptions);
+                if (!executions.length)
+                    return [];
+                return executions.map((execution) => {
                     return {
-                        id: result.id,
-                        workflowId: result.workflowId,
-                        mode: result.mode,
-                        retryOf: result.retryOf !== null ? result.retryOf : undefined,
-                        startedAt: new Date(result.startedAt),
+                        id: execution.id,
+                        workflowId: execution.workflowId,
+                        mode: execution.mode,
+                        retryOf: execution.retryOf !== null ? execution.retryOf : undefined,
+                        startedAt: new Date(execution.startedAt),
                     };
                 });
             }
             const executingWorkflows = this.activeExecutionsInstance.getActiveExecutions();
             const returnData = [];
-            let filter = {};
-            if (req.query.filter) {
-                filter = JSON.parse(req.query.filter);
-            }
+            const filter = req.query.filter ? JSON.parse(req.query.filter) : {};
+            const sharedWorkflowIds = await WorkflowHelpers_1.getSharedWorkflowIds(req.user).then((ids) => ids.map((id) => id.toString()));
             for (const data of executingWorkflows) {
-                if (filter.workflowId !== undefined && filter.workflowId !== data.workflowId) {
+                if ((filter.workflowId !== undefined && filter.workflowId !== data.workflowId) ||
+                    !sharedWorkflowIds.includes(data.workflowId)) {
                     continue;
                 }
                 returnData.push({
@@ -1380,8 +1494,22 @@ class App {
             returnData.sort((a, b) => parseInt(b.id, 10) - parseInt(a.id, 10));
             return returnData;
         }));
-        this.app.post(`/${this.restEndpoint}/executions-current/:id/stop`, _1.ResponseHelper.send(async (req, res) => {
+        this.app.post(`/${this.restEndpoint}/executions-current/:id/stop`, _1.ResponseHelper.send(async (req) => {
             var _a;
+            const { id: executionId } = req.params;
+            const sharedWorkflowIds = await WorkflowHelpers_1.getSharedWorkflowIds(req.user);
+            if (!sharedWorkflowIds.length) {
+                throw new _1.ResponseHelper.ResponseError('Execution not found', undefined, 404);
+            }
+            const execution = await _1.Db.collections.Execution.findOne({
+                where: {
+                    id: executionId,
+                    workflowId: typeorm_1.In(sharedWorkflowIds),
+                },
+            });
+            if (!execution) {
+                throw new _1.ResponseHelper.ResponseError('Execution not found', undefined, 404);
+            }
             if (config.get('executions.mode') === 'queue') {
                 const result = await this.activeExecutionsInstance.stopExecution(req.params.id);
                 if (result === undefined) {
@@ -1419,7 +1547,6 @@ class App {
                 };
                 return returnData;
             }
-            const executionId = req.params.id;
             const result = await this.activeExecutionsInstance.stopExecution(executionId);
             let returnData;
             if (result === undefined) {
@@ -1451,19 +1578,8 @@ class App {
             });
         }));
         this.app.get(`/${this.restEndpoint}/settings`, _1.ResponseHelper.send(async (req, res) => {
-            return this.frontendSettings;
+            return this.getSettingsForFrontend();
         }));
-        this.app.post(`/${this.restEndpoint}/user-survey`, async (req, res) => {
-            if (!this.frontendSettings.personalizationSurvey.shouldShow) {
-                _1.ResponseHelper.sendErrorResponse(res, new _1.ResponseHelper.ResponseError('User survey already submitted', undefined, 400), false);
-            }
-            const answers = req.body;
-            await PersonalizationSurvey.writeSurveyToDisk(answers);
-            this.frontendSettings.personalizationSurvey.shouldShow = false;
-            this.frontendSettings.personalizationSurvey.answers = answers;
-            _1.ResponseHelper.sendSuccessResponse(res, undefined, true, 200);
-            void InternalHooksManager_1.InternalHooksManager.getInstance().onPersonalizationSurveySubmitted(answers);
-        });
         if (config.get('endpoints.disableProductionWebhooksOnMainProcess') !== true) {
             _1.WebhookServer.registerProductionWebhooks.apply(this);
         }
@@ -1602,6 +1718,9 @@ async function start() {
             },
             deploymentType: config.get('deployment.type'),
             binaryDataMode: binarDataConfig.mode,
+            n8n_multi_user_allowed: config.get('userManagement.disabled') === false ||
+                config.get('userManagement.isInstanceOwnerSetUp') === true,
+            smtp_set_up: config.get('userManagement.emails.mode') === 'smtp',
         };
         void _1.Db.collections
             .Workflow.findOne({
@@ -1618,25 +1737,33 @@ async function start() {
     });
 }
 exports.start = start;
-async function getExecutionsCount(countFilter) {
+async function getExecutionsCount(countFilter, user) {
     const dbType = (await _1.GenericHelpers.getConfigValue('database.type'));
     const filteredFields = Object.keys(countFilter).filter((field) => field !== 'id');
-    if (dbType !== 'postgresdb' || filteredFields.length > 0) {
-        const count = await _1.Db.collections.Execution.count(countFilter);
-        return { count, estimate: false };
+    if (dbType !== 'postgresdb' || filteredFields.length > 0 || user.globalRole.name !== 'owner') {
+        const sharedWorkflowIds = await WorkflowHelpers_1.getSharedWorkflowIds(user);
+        const count = await _1.Db.collections.Execution.count({
+            where: Object.assign({ workflowId: typeorm_1.In(sharedWorkflowIds) }, countFilter),
+        });
+        return { count, estimated: false };
     }
     try {
         const estimateRowsNumberSql = "SELECT n_live_tup FROM pg_stat_all_tables WHERE relname = 'execution_entity';";
         const rows = await _1.Db.collections.Execution.query(estimateRowsNumberSql);
         const estimate = parseInt(rows[0].n_live_tup, 10);
         if (estimate > 100000) {
-            return { count: estimate, estimate: true };
+            return { count: estimate, estimated: true };
         }
     }
-    catch (err) {
-        n8n_workflow_1.LoggerProxy.warn(`Unable to get executions count from postgres: ${err}`);
+    catch (error) {
+        n8n_workflow_1.LoggerProxy.warn(`Failed to get executions count from Postgres: ${error}`);
     }
-    const count = await _1.Db.collections.Execution.count(countFilter);
-    return { count, estimate: false };
+    const sharedWorkflowIds = await WorkflowHelpers_1.getSharedWorkflowIds(user);
+    const count = await _1.Db.collections.Execution.count({
+        where: {
+            workflowId: typeorm_1.In(sharedWorkflowIds),
+        },
+    });
+    return { count, estimated: false };
 }
 //# sourceMappingURL=Server.js.map