n8n 1.42.1 → 1.43.1

package/dist/services/ownership.service.js

@@ -14,36 +14,66 @@ const typedi_1 = require("typedi");
 const cache_service_1 = require("../services/cache/cache.service");
 const sharedWorkflow_repository_1 = require("../databases/repositories/sharedWorkflow.repository");
 const user_repository_1 = require("../databases/repositories/user.repository");
+const project_repository_1 = require("../databases/repositories/project.repository");
+const projectRelation_repository_1 = require("../databases/repositories/projectRelation.repository");
 let OwnershipService = class OwnershipService {
-    constructor(cacheService, userRepository, sharedWorkflowRepository) {
+    constructor(cacheService, userRepository, projectRepository, projectRelationRepository, sharedWorkflowRepository) {
         this.cacheService = cacheService;
         this.userRepository = userRepository;
+        this.projectRepository = projectRepository;
+        this.projectRelationRepository = projectRelationRepository;
         this.sharedWorkflowRepository = sharedWorkflowRepository;
     }
-    async getWorkflowOwnerCached(workflowId) {
-        const cachedValue = await this.cacheService.getHashValue('workflow-ownership', workflowId);
+    async getWorkflowProjectCached(workflowId) {
+        const cachedValue = await this.cacheService.getHashValue('workflow-project', workflowId);
         if (cachedValue)
-            return this.userRepository.create(cachedValue);
+            return this.projectRepository.create(cachedValue);
         const sharedWorkflow = await this.sharedWorkflowRepository.findOneOrFail({
             where: { workflowId, role: 'workflow:owner' },
-            relations: ['user'],
+            relations: ['project'],
         });
-        void this.cacheService.setHash('workflow-ownership', { [workflowId]: sharedWorkflow.user });
-        return sharedWorkflow.user;
+        void this.cacheService.setHash('workflow-project', { [workflowId]: sharedWorkflow.project });
+        return sharedWorkflow.project;
+    }
+    async getProjectOwnerCached(projectId) {
+        var _a, _b;
+        const cachedValue = await this.cacheService.getHashValue('project-owner', projectId);
+        if (cachedValue)
+            this.userRepository.create(cachedValue);
+        if (cachedValue === null)
+            return null;
+        const ownerRel = await this.projectRelationRepository.getPersonalProjectOwners([projectId]);
+        const owner = (_b = (_a = ownerRel[0]) === null || _a === void 0 ? void 0 : _a.user) !== null && _b !== void 0 ? _b : null;
+        void this.cacheService.setHash('project-owner', { [projectId]: owner });
+        return owner;
     }
     addOwnedByAndSharedWith(rawEntity) {
-        const { shared, ...rest } = rawEntity;
-        const entity = rest;
-        Object.assign(entity, { ownedBy: null, sharedWith: [] });
-        shared === null || shared === void 0 ? void 0 : shared.forEach(({ user, role }) => {
-            const { id, email, firstName, lastName } = user;
+        const shared = rawEntity.shared;
+        const entity = rawEntity;
+        Object.assign(entity, {
+            homeProject: null,
+            sharedWithProjects: [],
+        });
+        if (shared === undefined) {
+            return entity;
+        }
+        for (const sharedEntity of shared) {
+            const { project, role } = sharedEntity;
             if (role === 'credential:owner' || role === 'workflow:owner') {
-                entity.ownedBy = { id, email, firstName, lastName };
+                entity.homeProject = {
+                    id: project.id,
+                    type: project.type,
+                    name: project.name,
+                };
             }
             else {
-                entity.sharedWith.push({ id, email, firstName, lastName });
+                entity.sharedWithProjects.push({
+                    id: project.id,
+                    type: project.type,
+                    name: project.name,
+                });
             }
-        });
+        }
         return entity;
     }
     async getInstanceOwner() {
@@ -57,6 +87,8 @@ exports.OwnershipService = OwnershipService = __decorate([
     (0, typedi_1.Service)(),
     __metadata("design:paramtypes", [cache_service_1.CacheService,
         user_repository_1.UserRepository,
+        project_repository_1.ProjectRepository,
+        projectRelation_repository_1.ProjectRelationRepository,
         sharedWorkflow_repository_1.SharedWorkflowRepository])
 ], OwnershipService);
 //# sourceMappingURL=ownership.service.js.map

package/dist/services/ownership.service.js.map

@@ -1 +1 @@
-{"version":3,"file":"ownership.service.js","sourceRoot":"","sources":["../../src/services/ownership.service.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,mCAAiC;AACjC,kEAA8D;AAC9D,0FAAsF;AAEtF,sEAAkE;AAI3D,IAAM,gBAAgB,GAAtB,MAAM,gBAAgB;IAC5B,YACS,YAA0B,EAC1B,cAA8B,EAC9B,wBAAkD;QAFlD,iBAAY,GAAZ,YAAY,CAAc;QAC1B,mBAAc,GAAd,cAAc,CAAgB;QAC9B,6BAAwB,GAAxB,wBAAwB,CAA0B;IACxD,CAAC;IAKJ,KAAK,CAAC,sBAAsB,CAAC,UAAkB;QAC9C,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,YAAY,CACvD,oBAAoB,EACpB,UAAU,CACV,CAAC;QAEF,IAAI,WAAW;YAAE,OAAO,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;QAEhE,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAAC,aAAa,CAAC;YACxE,KAAK,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE,gBAAgB,EAAE;YAC7C,SAAS,EAAE,CAAC,MAAM,CAAC;SACnB,CAAC,CAAC;QAEH,KAAK,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,oBAAoB,EAAE,EAAE,CAAC,UAAU,CAAC,EAAE,cAAc,CAAC,IAAI,EAAE,CAAC,CAAC;QAE5F,OAAO,cAAc,CAAC,IAAI,CAAC;IAC5B,CAAC;IAQD,uBAAuB,CACtB,SAA6E;QAE7E,MAAM,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,GAAG,SAAS,CAAC;QAEtC,MAAM,MAAM,GAAG,IAEkC,CAAC;QAElD,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC,CAAC;QAEzD,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,OAAO,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,EAAE;YAClC,MAAM,EAAE,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAC;YAEhD,IAAI,IAAI,KAAK,kBAAkB,IAAI,IAAI,KAAK,gBAAgB,EAAE,CAAC;gBAC9D,MAAM,CAAC,OAAO,GAAG,EAAE,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC;YACrD,CAAC;iBAAM,CAAC;gBACP,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,QAAQ,EAAE,CAAC,CAAC;YAC5D,CAAC;QACF,CAAC,CAAC,CAAC;QAEH,OAAO,MAAM,CAAC;IACf,CAAC;IAED,KAAK,CAAC,gBAAgB;QACrB,OAAO,MAAM,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC;YAC9C,KAAK,EAAE,EAAE,IAAI,EAAE,cAAc,EAAE;SAC/B,CAAC,CAAC;IACJ,CAAC;CACD,CAAA;AA/DY,4CAAgB;2BAAhB,gBAAgB;IAD5B,IAAA,gBAAO,GAAE;qCAGc,4BAAY;QACV,gCAAc;QACJ,oDAAwB;GAJ/C,gBAAgB,CA+D5B"}
+{"version":3,"file":"ownership.service.js","sourceRoot":"","sources":["../../src/services/ownership.service.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,mCAAiC;AACjC,kEAA8D;AAC9D,0FAAsF;AACtF,sEAAkE;AAGlE,oFAAgF;AAEhF,oGAAgG;AAGzF,IAAM,gBAAgB,GAAtB,MAAM,gBAAgB;IAC5B,YACS,YAA0B,EAC1B,cAA8B,EAC9B,iBAAoC,EACpC,yBAAoD,EACpD,wBAAkD;QAJlD,iBAAY,GAAZ,YAAY,CAAc;QAC1B,mBAAc,GAAd,cAAc,CAAgB;QAC9B,sBAAiB,GAAjB,iBAAiB,CAAmB;QACpC,8BAAyB,GAAzB,yBAAyB,CAA2B;QACpD,6BAAwB,GAAxB,wBAAwB,CAA0B;IACxD,CAAC;IAKJ,KAAK,CAAC,wBAAwB,CAAC,UAAkB;QAChD,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,YAAY,CACvD,kBAAkB,EAClB,UAAU,CACV,CAAC;QAEF,IAAI,WAAW;YAAE,OAAO,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;QAEnE,MAAM,cAAc,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAAC,aAAa,CAAC;YACxE,KAAK,EAAE,EAAE,UAAU,EAAE,IAAI,EAAE,gBAAgB,EAAE;YAC7C,SAAS,EAAE,CAAC,SAAS,CAAC;SACtB,CAAC,CAAC;QAEH,KAAK,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,kBAAkB,EAAE,EAAE,CAAC,UAAU,CAAC,EAAE,cAAc,CAAC,OAAO,EAAE,CAAC,CAAC;QAE7F,OAAO,cAAc,CAAC,OAAO,CAAC;IAC/B,CAAC;IAKD,KAAK,CAAC,qBAAqB,CAAC,SAAiB;;QAC5C,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,YAAY,CACvD,eAAe,EACf,SAAS,CACT,CAAC;QAEF,IAAI,WAAW;YAAE,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;QACzD,IAAI,WAAW,KAAK,IAAI;YAAE,OAAO,IAAI,CAAC;QAEtC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,yBAAyB,CAAC,wBAAwB,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC;QAC5F,MAAM,KAAK,GAAG,MAAA,MAAA,QAAQ,CAAC,CAAC,CAAC,0CAAE,IAAI,mCAAI,IAAI,CAAC;QACxC,KAAK,IAAI,CAAC,YAAY,CAAC,OAAO,CAAC,eAAe,EAAE,EAAE,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;QAExE,OAAO,KAAK,CAAC;IACd,CAAC;IAQD,uBAAuB,CACtB,SAA6E;QAE7E,MAAM,MAAM,GAAG,SAAS,CAAC,MAAM,CAAC;QAChC,MAAM,MAAM,GAAG,SAEkC,CAAC;QAElD,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE;YACrB,WAAW,EAAE,IAAI;YACjB,kBAAkB,EAAE,EAAE;SACtB,CAAC,CAAC;QAEH,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YAC1B,OAAO,MAAM,CAAC;QACf,CAAC;QAED,KAAK,MAAM,YAAY,IAAI,MAAM,EAAE,CAAC;YACnC,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,YAAY,CAAC;YAEvC,IAAI,IAAI,KAAK,kBAAkB,IAAI,IAAI,KAAK,gBAAgB,EAAE,CAAC;gBAC9D,MAAM,CAAC,WAAW,GAAG;oBACpB,EAAE,EAAE,OAAO,CAAC,EAAE;oBACd,IAAI,EAAE,OAAO,CAAC,IAAI;oBAClB,IAAI,EAAE,OAAO,CAAC,IAAI;iBAClB,CAAC;YACH,CAAC;iBAAM,CAAC;gBACP,MAAM,CAAC,kBAAkB,CAAC,IAAI,CAAC;oBAC9B,EAAE,EAAE,OAAO,CAAC,EAAE;oBACd,IAAI,EAAE,OAAO,CAAC,IAAI;oBAClB,IAAI,EAAE,OAAO,CAAC,IAAI;iBAClB,CAAC,CAAC;YACJ,CAAC;QACF,CAAC;QAED,OAAO,MAAM,CAAC;IACf,CAAC;IAED,KAAK,CAAC,gBAAgB;QACrB,OAAO,MAAM,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC;YAC9C,KAAK,EAAE,EAAE,IAAI,EAAE,cAAc,EAAE;SAC/B,CAAC,CAAC;IACJ,CAAC;CACD,CAAA;AAlGY,4CAAgB;2BAAhB,gBAAgB;IAD5B,IAAA,gBAAO,GAAE;qCAGc,4BAAY;QACV,gCAAc;QACX,sCAAiB;QACT,sDAAyB;QAC1B,oDAAwB;GAN/C,gBAAgB,CAkG5B"}

package/dist/services/project.service.d.ts

@@ -0,0 +1,61 @@
+import { Project, type ProjectType } from '../databases/entities/Project';
+import { ProjectRelation } from '../databases/entities/ProjectRelation';
+import type { ProjectRole } from '../databases/entities/ProjectRelation';
+import type { User } from '../databases/entities/User';
+import { ProjectRepository } from '../databases/repositories/project.repository';
+import { ProjectRelationRepository } from '../databases/repositories/projectRelation.repository';
+import type { EntityManager } from '@n8n/typeorm';
+import { type Scope } from '@n8n/permissions';
+import { RoleService } from './role.service';
+import { SharedWorkflowRepository } from '../databases/repositories/sharedWorkflow.repository';
+import { SharedCredentialsRepository } from '../databases/repositories/sharedCredentials.repository';
+import { CacheService } from './cache/cache.service';
+import { License } from '../License';
+export declare class TeamProjectOverQuotaError extends Error {
+    constructor(limit: number);
+}
+export declare class UnlicensedProjectRoleError extends Error {
+    constructor(role: ProjectRole);
+}
+export declare class ProjectService {
+    private readonly sharedWorkflowRepository;
+    private readonly projectRepository;
+    private readonly projectRelationRepository;
+    private readonly roleService;
+    private readonly sharedCredentialsRepository;
+    private readonly cacheService;
+    private readonly license;
+    constructor(sharedWorkflowRepository: SharedWorkflowRepository, projectRepository: ProjectRepository, projectRelationRepository: ProjectRelationRepository, roleService: RoleService, sharedCredentialsRepository: SharedCredentialsRepository, cacheService: CacheService, license: License);
+    private get workflowService();
+    private get credentialsService();
+    deleteProject(user: User, projectId: string, { migrateToProject }?: {
+        migrateToProject?: string;
+    }): Promise<void>;
+    findProjectsWorkflowIsIn(workflowId: string): Promise<string[]>;
+    getAccessibleProjects(user: User): Promise<Project[]>;
+    getPersonalProjectOwners(projectIds: string[]): Promise<ProjectRelation[]>;
+    createTeamProject(name: string, adminUser: User, id?: string): Promise<Project>;
+    updateProject(name: string, projectId: string): Promise<Project>;
+    getPersonalProject(user: User): Promise<Project | null>;
+    getProjectRelationsForUser(user: User): Promise<ProjectRelation[]>;
+    syncProjectRelations(projectId: string, relations: Array<{
+        userId: string;
+        role: ProjectRole;
+    }>): Promise<void>;
+    clearCredentialCanUseExternalSecretsCache(projectId: string): Promise<void>;
+    pruneRelations(em: EntityManager, project: Project): Promise<void>;
+    addManyRelations(em: EntityManager, project: Project, relations: Array<{
+        userId: string;
+        role: ProjectRole;
+    }>): Promise<void>;
+    getProjectWithScope(user: User, projectId: string, scopes: Scope[], entityManager?: EntityManager): Promise<Project | null>;
+    addUser(projectId: string, userId: string, role: ProjectRole): Promise<{
+        projectId: string;
+        userId: string;
+        role: ProjectRole;
+    } & ProjectRelation>;
+    getProject(projectId: string): Promise<Project>;
+    getProjectRelations(projectId: string): Promise<ProjectRelation[]>;
+    getUserOwnedOrAdminProjects(userId: string): Promise<Project[]>;
+    getProjectCounts(): Promise<Record<ProjectType, number>>;
+}

package/dist/services/project.service.js

@@ -0,0 +1,277 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ProjectService = exports.UnlicensedProjectRoleError = exports.TeamProjectOverQuotaError = void 0;
+const Project_1 = require("../databases/entities/Project");
+const ProjectRelation_1 = require("../databases/entities/ProjectRelation");
+const project_repository_1 = require("../databases/repositories/project.repository");
+const projectRelation_repository_1 = require("../databases/repositories/projectRelation.repository");
+const typedi_1 = __importStar(require("typedi"));
+const typeorm_1 = require("@n8n/typeorm");
+const role_service_1 = require("./role.service");
+const forbidden_error_1 = require("../errors/response-errors/forbidden.error");
+const not_found_error_1 = require("../errors/response-errors/not-found.error");
+const sharedWorkflow_repository_1 = require("../databases/repositories/sharedWorkflow.repository");
+const sharedCredentials_repository_1 = require("../databases/repositories/sharedCredentials.repository");
+const bad_request_error_1 = require("../errors/response-errors/bad-request.error");
+const cache_service_1 = require("./cache/cache.service");
+const License_1 = require("../License");
+const constants_1 = require("../constants");
+class TeamProjectOverQuotaError extends Error {
+    constructor(limit) {
+        super(`Attempted to create a new project but quota is already exhausted. You may have a maximum of ${limit} team projects.`);
+    }
+}
+exports.TeamProjectOverQuotaError = TeamProjectOverQuotaError;
+class UnlicensedProjectRoleError extends Error {
+    constructor(role) {
+        super(`Your instance is not licensed to use role "${role}".`);
+    }
+}
+exports.UnlicensedProjectRoleError = UnlicensedProjectRoleError;
+let ProjectService = class ProjectService {
+    constructor(sharedWorkflowRepository, projectRepository, projectRelationRepository, roleService, sharedCredentialsRepository, cacheService, license) {
+        this.sharedWorkflowRepository = sharedWorkflowRepository;
+        this.projectRepository = projectRepository;
+        this.projectRelationRepository = projectRelationRepository;
+        this.roleService = roleService;
+        this.sharedCredentialsRepository = sharedCredentialsRepository;
+        this.cacheService = cacheService;
+        this.license = license;
+    }
+    get workflowService() {
+        return Promise.resolve().then(() => __importStar(require('../workflows/workflow.service'))).then(({ WorkflowService }) => typedi_1.default.get(WorkflowService));
+    }
+    get credentialsService() {
+        return Promise.resolve().then(() => __importStar(require('../credentials/credentials.service'))).then(({ CredentialsService }) => typedi_1.default.get(CredentialsService));
+    }
+    async deleteProject(user, projectId, { migrateToProject } = {}) {
+        const workflowService = await this.workflowService;
+        const credentialsService = await this.credentialsService;
+        if (projectId === migrateToProject) {
+            throw new bad_request_error_1.BadRequestError('Request to delete a project failed because the project to delete and the project to migrate to are the same project');
+        }
+        const project = await this.getProjectWithScope(user, projectId, ['project:delete']);
+        if (!project) {
+            throw new not_found_error_1.NotFoundError(`Could not find project with ID: ${projectId}`);
+        }
+        let targetProject = null;
+        if (migrateToProject) {
+            targetProject = await this.getProjectWithScope(user, migrateToProject, [
+                'credential:create',
+                'workflow:create',
+            ]);
+            if (!targetProject) {
+                throw new not_found_error_1.NotFoundError(`Could not find project to migrate to. ID: ${targetProject}. You may lack permissions to create workflow and credentials in the target project.`);
+            }
+        }
+        if (project.type !== 'team') {
+            throw new forbidden_error_1.ForbiddenError(`Can't delete project. Project with ID "${projectId}" is not a team project.`);
+        }
+        const ownedSharedWorkflows = await this.sharedWorkflowRepository.find({
+            where: { projectId: project.id, role: 'workflow:owner' },
+        });
+        if (targetProject) {
+            await this.sharedWorkflowRepository.makeOwner(ownedSharedWorkflows.map((sw) => sw.workflowId), targetProject.id);
+        }
+        else {
+            for (const sharedWorkflow of ownedSharedWorkflows) {
+                await workflowService.delete(user, sharedWorkflow.workflowId);
+            }
+        }
+        const ownedCredentials = await this.sharedCredentialsRepository.find({
+            where: { projectId: project.id, role: 'credential:owner' },
+            relations: { credentials: true },
+        });
+        if (targetProject) {
+            await this.sharedCredentialsRepository.makeOwner(ownedCredentials.map((sc) => sc.credentialsId), targetProject.id);
+        }
+        else {
+            for (const sharedCredential of ownedCredentials) {
+                await credentialsService.delete(sharedCredential.credentials);
+            }
+        }
+        await this.projectRepository.remove(project);
+    }
+    async findProjectsWorkflowIsIn(workflowId) {
+        return await this.sharedWorkflowRepository.findProjectIds(workflowId);
+    }
+    async getAccessibleProjects(user) {
+        if (user.hasGlobalScope('project:read')) {
+            return await this.projectRepository.find();
+        }
+        return await this.projectRepository.getAccessibleProjects(user.id);
+    }
+    async getPersonalProjectOwners(projectIds) {
+        return await this.projectRelationRepository.getPersonalProjectOwners(projectIds);
+    }
+    async createTeamProject(name, adminUser, id) {
+        const limit = this.license.getTeamProjectLimit();
+        if (limit !== constants_1.UNLIMITED_LICENSE_QUOTA &&
+            limit <= (await this.projectRepository.count({ where: { type: 'team' } }))) {
+            throw new TeamProjectOverQuotaError(limit);
+        }
+        const project = await this.projectRepository.save(this.projectRepository.create({
+            id,
+            name,
+            type: 'team',
+        }));
+        await this.addUser(project.id, adminUser.id, 'project:admin');
+        return project;
+    }
+    async updateProject(name, projectId) {
+        const result = await this.projectRepository.update({
+            id: projectId,
+            type: 'team',
+        }, {
+            name,
+        });
+        if (!result.affected) {
+            throw new forbidden_error_1.ForbiddenError('Project not found');
+        }
+        return await this.projectRepository.findOneByOrFail({ id: projectId });
+    }
+    async getPersonalProject(user) {
+        return await this.projectRepository.getPersonalProjectForUser(user.id);
+    }
+    async getProjectRelationsForUser(user) {
+        return await this.projectRelationRepository.find({
+            where: { userId: user.id },
+            relations: ['project'],
+        });
+    }
+    async syncProjectRelations(projectId, relations) {
+        const project = await this.projectRepository.findOneOrFail({
+            where: { id: projectId, type: (0, typeorm_1.Not)('personal') },
+            relations: { projectRelations: true },
+        });
+        for (const r of relations) {
+            const existing = project.projectRelations.find((pr) => pr.userId === r.userId);
+            if ((existing === null || existing === void 0 ? void 0 : existing.role) !== r.role && !this.roleService.isRoleLicensed(r.role)) {
+                throw new UnlicensedProjectRoleError(r.role);
+            }
+        }
+        await this.projectRelationRepository.manager.transaction(async (em) => {
+            await this.pruneRelations(em, project);
+            await this.addManyRelations(em, project, relations);
+        });
+        await this.clearCredentialCanUseExternalSecretsCache(projectId);
+    }
+    async clearCredentialCanUseExternalSecretsCache(projectId) {
+        const shares = await this.sharedCredentialsRepository.find({
+            where: {
+                projectId,
+                role: 'credential:owner',
+            },
+            select: ['credentialsId'],
+        });
+        if (shares.length) {
+            await this.cacheService.deleteMany(shares.map((share) => `credential-can-use-secrets:${share.credentialsId}`));
+        }
+    }
+    async pruneRelations(em, project) {
+        await em.delete(ProjectRelation_1.ProjectRelation, { projectId: project.id });
+    }
+    async addManyRelations(em, project, relations) {
+        await em.insert(ProjectRelation_1.ProjectRelation, relations.map((v) => this.projectRelationRepository.create({
+            projectId: project.id,
+            userId: v.userId,
+            role: v.role,
+        })));
+    }
+    async getProjectWithScope(user, projectId, scopes, entityManager) {
+        const em = entityManager !== null && entityManager !== void 0 ? entityManager : this.projectRepository.manager;
+        let where = {
+            id: projectId,
+        };
+        if (!user.hasGlobalScope(scopes, { mode: 'allOf' })) {
+            const projectRoles = this.roleService.rolesWithScope('project', scopes);
+            where = {
+                ...where,
+                projectRelations: {
+                    role: (0, typeorm_1.In)(projectRoles),
+                    userId: user.id,
+                },
+            };
+        }
+        return await em.findOne(Project_1.Project, {
+            where,
+        });
+    }
+    async addUser(projectId, userId, role) {
+        return await this.projectRelationRepository.save({
+            projectId,
+            userId,
+            role,
+        });
+    }
+    async getProject(projectId) {
+        return await this.projectRepository.findOneOrFail({
+            where: {
+                id: projectId,
+            },
+        });
+    }
+    async getProjectRelations(projectId) {
+        return await this.projectRelationRepository.find({
+            where: { projectId },
+            relations: { user: true },
+        });
+    }
+    async getUserOwnedOrAdminProjects(userId) {
+        return await this.projectRepository.find({
+            where: {
+                projectRelations: {
+                    userId,
+                    role: (0, typeorm_1.In)(['project:personalOwner', 'project:admin']),
+                },
+            },
+        });
+    }
+    async getProjectCounts() {
+        return await this.projectRepository.getProjectCounts();
+    }
+};
+exports.ProjectService = ProjectService;
+exports.ProjectService = ProjectService = __decorate([
+    (0, typedi_1.Service)(),
+    __metadata("design:paramtypes", [sharedWorkflow_repository_1.SharedWorkflowRepository,
+        project_repository_1.ProjectRepository,
+        projectRelation_repository_1.ProjectRelationRepository,
+        role_service_1.RoleService,
+        sharedCredentials_repository_1.SharedCredentialsRepository,
+        cache_service_1.CacheService,
+        License_1.License])
+], ProjectService);
+//# sourceMappingURL=project.service.js.map

package/dist/services/project.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"project.service.js","sourceRoot":"","sources":["../../src/services/project.service.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,0DAAyE;AACzE,0EAAuE;AAGvE,oFAAgF;AAChF,oGAAgG;AAEhG,iDAA4C;AAE5C,0CAAuC;AACvC,iDAA6C;AAC7C,8EAA0E;AAC1E,8EAAyE;AACzE,kGAA8F;AAC9F,wGAAoG;AACpG,kFAA6E;AAC7E,yDAAqD;AACrD,uCAAoC;AACpC,2CAAsD;AAEtD,MAAa,yBAA0B,SAAQ,KAAK;IACnD,YAAY,KAAa;QACxB,KAAK,CACJ,+FAA+F,KAAK,iBAAiB,CACrH,CAAC;IACH,CAAC;CACD;AAND,8DAMC;AAED,MAAa,0BAA2B,SAAQ,KAAK;IACpD,YAAY,IAAiB;QAC5B,KAAK,CAAC,8CAA8C,IAAI,IAAI,CAAC,CAAC;IAC/D,CAAC;CACD;AAJD,gEAIC;AAGM,IAAM,cAAc,GAApB,MAAM,cAAc;IAC1B,YACkB,wBAAkD,EAClD,iBAAoC,EACpC,yBAAoD,EACpD,WAAwB,EACxB,2BAAwD,EACxD,YAA0B,EAC1B,OAAgB;QANhB,6BAAwB,GAAxB,wBAAwB,CAA0B;QAClD,sBAAiB,GAAjB,iBAAiB,CAAmB;QACpC,8BAAyB,GAAzB,yBAAyB,CAA2B;QACpD,gBAAW,GAAX,WAAW,CAAa;QACxB,gCAA2B,GAA3B,2BAA2B,CAA6B;QACxD,iBAAY,GAAZ,YAAY,CAAc;QAC1B,YAAO,GAAP,OAAO,CAAS;IAC/B,CAAC;IAEJ,IAAY,eAAe;QAC1B,OAAO,kDAAO,8BAA8B,IAAE,IAAI,CAAC,CAAC,EAAE,eAAe,EAAE,EAAE,EAAE,CAC1E,gBAAS,CAAC,GAAG,CAAC,eAAe,CAAC,CAC9B,CAAC;IACH,CAAC;IAED,IAAY,kBAAkB;QAC7B,OAAO,kDAAO,mCAAmC,IAAE,IAAI,CAAC,CAAC,EAAE,kBAAkB,EAAE,EAAE,EAAE,CAClF,gBAAS,CAAC,GAAG,CAAC,kBAAkB,CAAC,CACjC,CAAC;IACH,CAAC;IAED,KAAK,CAAC,aAAa,CAClB,IAAU,EACV,SAAiB,EACjB,EAAE,gBAAgB,KAAoC,EAAE;QAExD,MAAM,eAAe,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC;QACnD,MAAM,kBAAkB,GAAG,MAAM,IAAI,CAAC,kBAAkB,CAAC;QAEzD,IAAI,SAAS,KAAK,gBAAgB,EAAE,CAAC;YACpC,MAAM,IAAI,mCAAe,CACxB,qHAAqH,CACrH,CAAC;QACH,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,IAAI,EAAE,SAAS,EAAE,CAAC,gBAAgB,CAAC,CAAC,CAAC;QACpF,IAAI,CAAC,OAAO,EAAE,CAAC;YACd,MAAM,IAAI,+BAAa,CAAC,mCAAmC,SAAS,EAAE,CAAC,CAAC;QACzE,CAAC;QAED,IAAI,aAAa,GAAmB,IAAI,CAAC;QACzC,IAAI,gBAAgB,EAAE,CAAC;YACtB,aAAa,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,IAAI,EAAE,gBAAgB,EAAE;gBACtE,mBAAmB;gBACnB,iBAAiB;aACjB,CAAC,CAAC;YAEH,IAAI,CAAC,aAAa,EAAE,CAAC;gBACpB,MAAM,IAAI,+BAAa,CACtB,6CAA6C,aAAa,sFAAsF,CAChJ,CAAC;YACH,CAAC;QACF,CAAC;QAGD,IAAI,OAAO,CAAC,IAAI,KAAK,MAAM,EAAE,CAAC;YAC7B,MAAM,IAAI,gCAAc,CACvB,0CAA0C,SAAS,0BAA0B,CAC7E,CAAC;QACH,CAAC;QAGD,MAAM,oBAAoB,GAAG,MAAM,IAAI,CAAC,wBAAwB,CAAC,IAAI,CAAC;YACrE,KAAK,EAAE,EAAE,SAAS,EAAE,OAAO,CAAC,EAAE,EAAE,IAAI,EAAE,gBAAgB,EAAE;SACxD,CAAC,CAAC;QAEH,IAAI,aAAa,EAAE,CAAC;YACnB,MAAM,IAAI,CAAC,wBAAwB,CAAC,SAAS,CAC5C,oBAAoB,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,UAAU,CAAC,EAC/C,aAAa,CAAC,EAAE,CAChB,CAAC;QACH,CAAC;aAAM,CAAC;YACP,KAAK,MAAM,cAAc,IAAI,oBAAoB,EAAE,CAAC;gBACnD,MAAM,eAAe,CAAC,MAAM,CAAC,IAAI,EAAE,cAAc,CAAC,UAAU,CAAC,CAAC;YAC/D,CAAC;QACF,CAAC;QAGD,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,IAAI,CAAC;YACpE,KAAK,EAAE,EAAE,SAAS,EAAE,OAAO,CAAC,EAAE,EAAE,IAAI,EAAE,kBAAkB,EAAE;YAC1D,SAAS,EAAE,EAAE,WAAW,EAAE,IAAI,EAAE;SAChC,CAAC,CAAC;QAEH,IAAI,aAAa,EAAE,CAAC;YACnB,MAAM,IAAI,CAAC,2BAA2B,CAAC,SAAS,CAC/C,gBAAgB,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,aAAa,CAAC,EAC9C,aAAa,CAAC,EAAE,CAChB,CAAC;QACH,CAAC;aAAM,CAAC;YACP,KAAK,MAAM,gBAAgB,IAAI,gBAAgB,EAAE,CAAC;gBACjD,MAAM,kBAAkB,CAAC,MAAM,CAAC,gBAAgB,CAAC,WAAW,CAAC,CAAC;YAC/D,CAAC;QACF,CAAC;QASD,MAAM,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAI9C,CAAC;IAMD,KAAK,CAAC,wBAAwB,CAAC,UAAkB;QAChD,OAAO,MAAM,IAAI,CAAC,wBAAwB,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;IACvE,CAAC;IAED,KAAK,CAAC,qBAAqB,CAAC,IAAU;QAErC,IAAI,IAAI,CAAC,cAAc,CAAC,cAAc,CAAC,EAAE,CAAC;YACzC,OAAO,MAAM,IAAI,CAAC,iBAAiB,CAAC,IAAI,EAAE,CAAC;QAC5C,CAAC;QACD,OAAO,MAAM,IAAI,CAAC,iBAAiB,CAAC,qBAAqB,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACpE,CAAC;IAED,KAAK,CAAC,wBAAwB,CAAC,UAAoB;QAClD,OAAO,MAAM,IAAI,CAAC,yBAAyB,CAAC,wBAAwB,CAAC,UAAU,CAAC,CAAC;IAClF,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,IAAY,EAAE,SAAe,EAAE,EAAW;QACjE,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAC,mBAAmB,EAAE,CAAC;QACjD,IACC,KAAK,KAAK,mCAAuB;YACjC,KAAK,IAAI,CAAC,MAAM,IAAI,CAAC,iBAAiB,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC,EACzE,CAAC;YACF,MAAM,IAAI,yBAAyB,CAAC,KAAK,CAAC,CAAC;QAC5C,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAChD,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC;YAC7B,EAAE;YACF,IAAI;YACJ,IAAI,EAAE,MAAM;SACZ,CAAC,CACF,CAAC;QAGF,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,EAAE,SAAS,CAAC,EAAE,EAAE,eAAe,CAAC,CAAC;QAE9D,OAAO,OAAO,CAAC;IAChB,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,IAAY,EAAE,SAAiB;QAClD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,MAAM,CACjD;YACC,EAAE,EAAE,SAAS;YACb,IAAI,EAAE,MAAM;SACZ,EACD;YACC,IAAI;SACJ,CACD,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;YACtB,MAAM,IAAI,gCAAc,CAAC,mBAAmB,CAAC,CAAC;QAC/C,CAAC;QACD,OAAO,MAAM,IAAI,CAAC,iBAAiB,CAAC,eAAe,CAAC,EAAE,EAAE,EAAE,SAAS,EAAE,CAAC,CAAC;IACxE,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,IAAU;QAClC,OAAO,MAAM,IAAI,CAAC,iBAAiB,CAAC,yBAAyB,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACxE,CAAC;IAED,KAAK,CAAC,0BAA0B,CAAC,IAAU;QAC1C,OAAO,MAAM,IAAI,CAAC,yBAAyB,CAAC,IAAI,CAAC;YAChD,KAAK,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE;YAC1B,SAAS,EAAE,CAAC,SAAS,CAAC;SACtB,CAAC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,oBAAoB,CACzB,SAAiB,EACjB,SAAuD;QAEvD,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,aAAa,CAAC;YAC1D,KAAK,EAAE,EAAE,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAA,aAAG,EAAC,UAAU,CAAC,EAAE;YAC/C,SAAS,EAAE,EAAE,gBAAgB,EAAE,IAAI,EAAE;SACrC,CAAC,CAAC;QAGH,KAAK,MAAM,CAAC,IAAI,SAAS,EAAE,CAAC;YAC3B,MAAM,QAAQ,GAAG,OAAO,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM,CAAC,CAAC;YAG/E,IAAI,CAAA,QAAQ,aAAR,QAAQ,uBAAR,QAAQ,CAAE,IAAI,MAAK,CAAC,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC3E,MAAM,IAAI,0BAA0B,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;YAC9C,CAAC;QACF,CAAC;QAED,MAAM,IAAI,CAAC,yBAAyB,CAAC,OAAO,CAAC,WAAW,CAAC,KAAK,EAAE,EAAE,EAAE,EAAE;YACrE,MAAM,IAAI,CAAC,cAAc,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;YACvC,MAAM,IAAI,CAAC,gBAAgB,CAAC,EAAE,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC;QACrD,CAAC,CAAC,CAAC;QACH,MAAM,IAAI,CAAC,yCAAyC,CAAC,SAAS,CAAC,CAAC;IACjE,CAAC;IAED,KAAK,CAAC,yCAAyC,CAAC,SAAiB;QAChE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,2BAA2B,CAAC,IAAI,CAAC;YAC1D,KAAK,EAAE;gBACN,SAAS;gBACT,IAAI,EAAE,kBAAkB;aACxB;YACD,MAAM,EAAE,CAAC,eAAe,CAAC;SACzB,CAAC,CAAC;QACH,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;YACnB,MAAM,IAAI,CAAC,YAAY,CAAC,UAAU,CACjC,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,8BAA8B,KAAK,CAAC,aAAa,EAAE,CAAC,CAC1E,CAAC;QACH,CAAC;IACF,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,EAAiB,EAAE,OAAgB;QACvD,MAAM,EAAE,CAAC,MAAM,CAAC,iCAAe,EAAE,EAAE,SAAS,EAAE,OAAO,CAAC,EAAE,EAAE,CAAC,CAAC;IAC7D,CAAC;IAED,KAAK,CAAC,gBAAgB,CACrB,EAAiB,EACjB,OAAgB,EAChB,SAAuD;QAEvD,MAAM,EAAE,CAAC,MAAM,CACd,iCAAe,EACf,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CACnB,IAAI,CAAC,yBAAyB,CAAC,MAAM,CAAC;YACrC,SAAS,EAAE,OAAO,CAAC,EAAE;YACrB,MAAM,EAAE,CAAC,CAAC,MAAM;YAChB,IAAI,EAAE,CAAC,CAAC,IAAI;SACZ,CAAC,CACF,CACD,CAAC;IACH,CAAC;IAED,KAAK,CAAC,mBAAmB,CACxB,IAAU,EACV,SAAiB,EACjB,MAAe,EACf,aAA6B;QAE7B,MAAM,EAAE,GAAG,aAAa,aAAb,aAAa,cAAb,aAAa,GAAI,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC;QAC3D,IAAI,KAAK,GAA8B;YACtC,EAAE,EAAE,SAAS;SACb,CAAC;QAEF,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC;YACrD,MAAM,YAAY,GAAG,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;YAExE,KAAK,GAAG;gBACP,GAAG,KAAK;gBACR,gBAAgB,EAAE;oBACjB,IAAI,EAAE,IAAA,YAAE,EAAC,YAAY,CAAC;oBACtB,MAAM,EAAE,IAAI,CAAC,EAAE;iBACf;aACD,CAAC;QACH,CAAC;QAED,OAAO,MAAM,EAAE,CAAC,OAAO,CAAC,iBAAO,EAAE;YAChC,KAAK;SACL,CAAC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,SAAiB,EAAE,MAAc,EAAE,IAAiB;QACjE,OAAO,MAAM,IAAI,CAAC,yBAAyB,CAAC,IAAI,CAAC;YAChD,SAAS;YACT,MAAM;YACN,IAAI;SACJ,CAAC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,SAAiB;QACjC,OAAO,MAAM,IAAI,CAAC,iBAAiB,CAAC,aAAa,CAAC;YACjD,KAAK,EAAE;gBACN,EAAE,EAAE,SAAS;aACb;SACD,CAAC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,mBAAmB,CAAC,SAAiB;QAC1C,OAAO,MAAM,IAAI,CAAC,yBAAyB,CAAC,IAAI,CAAC;YAChD,KAAK,EAAE,EAAE,SAAS,EAAE;YACpB,SAAS,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE;SACzB,CAAC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,2BAA2B,CAAC,MAAc;QAC/C,OAAO,MAAM,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC;YACxC,KAAK,EAAE;gBACN,gBAAgB,EAAE;oBACjB,MAAM;oBACN,IAAI,EAAE,IAAA,YAAE,EAAC,CAAC,uBAAuB,EAAE,eAAe,CAAC,CAAC;iBACpD;aACD;SACD,CAAC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,gBAAgB;QACrB,OAAO,MAAM,IAAI,CAAC,iBAAiB,CAAC,gBAAgB,EAAE,CAAC;IACxD,CAAC;CACD,CAAA;AAnTY,wCAAc;yBAAd,cAAc;IAD1B,IAAA,gBAAO,GAAE;qCAGmC,oDAAwB;QAC/B,sCAAiB;QACT,sDAAyB;QACvC,0BAAW;QACK,0DAA2B;QAC1C,4BAAY;QACjB,iBAAO;GARtB,cAAc,CAmT1B"}

package/dist/services/role.service.d.ts

@@ -0,0 +1,31 @@
+import type { ProjectRelation, ProjectRole } from '../databases/entities/ProjectRelation';
+import type { CredentialSharingRole, SharedCredentials } from '../databases/entities/SharedCredentials';
+import type { SharedWorkflow, WorkflowSharingRole } from '../databases/entities/SharedWorkflow';
+import type { GlobalRole, User } from '../databases/entities/User';
+import type { ListQuery } from '../requests';
+import { type Resource, type Scope } from '@n8n/permissions';
+import { License } from '../License';
+export type RoleNamespace = 'global' | 'project' | 'credential' | 'workflow';
+export interface RoleMap {
+    global: GlobalRole[];
+    project: ProjectRole[];
+    credential: CredentialSharingRole[];
+    workflow: WorkflowSharingRole[];
+}
+export type AllRoleTypes = GlobalRole | ProjectRole | WorkflowSharingRole | CredentialSharingRole;
+export declare class RoleService {
+    private readonly license;
+    constructor(license: License);
+    rolesWithScope(namespace: 'global', scopes: Scope | Scope[]): GlobalRole[];
+    rolesWithScope(namespace: 'project', scopes: Scope | Scope[]): ProjectRole[];
+    rolesWithScope(namespace: 'credential', scopes: Scope | Scope[]): CredentialSharingRole[];
+    rolesWithScope(namespace: 'workflow', scopes: Scope | Scope[]): WorkflowSharingRole[];
+    getRoles(): RoleMap;
+    getRoleName(role: AllRoleTypes): string;
+    getRoleScopes(role: GlobalRole | ProjectRole | WorkflowSharingRole | CredentialSharingRole, filters?: Resource[]): Scope[];
+    getScopesBy(projectRoles: Set<ProjectRole>): Set<Scope>;
+    addScopes(rawWorkflow: ListQuery.Workflow.WithSharing | ListQuery.Workflow.WithOwnedByAndSharedWith, user: User, userProjectRelations: ProjectRelation[]): ListQuery.Workflow.WithScopes;
+    addScopes(rawCredential: ListQuery.Credentials.WithSharing | ListQuery.Credentials.WithOwnedByAndSharedWith, user: User, userProjectRelations: ProjectRelation[]): ListQuery.Credentials.WithScopes;
+    combineResourceScopes(type: 'workflow' | 'credential', user: User, shared: SharedCredentials[] | SharedWorkflow[], userProjectRelations: ProjectRelation[]): Scope[];
+    isRoleLicensed(role: AllRoleTypes): boolean;
+}

package/dist/services/role.service.js

@@ -0,0 +1,142 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RoleService = void 0;
+const global_roles_1 = require("../permissions/global-roles");
+const project_roles_1 = require("../permissions/project-roles");
+const resource_roles_1 = require("../permissions/resource-roles");
+const permissions_1 = require("@n8n/permissions");
+const typedi_1 = require("typedi");
+const n8n_workflow_1 = require("n8n-workflow");
+const License_1 = require("../License");
+const GLOBAL_SCOPE_MAP = {
+    'global:owner': global_roles_1.GLOBAL_OWNER_SCOPES,
+    'global:admin': global_roles_1.GLOBAL_ADMIN_SCOPES,
+    'global:member': global_roles_1.GLOBAL_MEMBER_SCOPES,
+};
+const PROJECT_SCOPE_MAP = {
+    'project:admin': project_roles_1.REGULAR_PROJECT_ADMIN_SCOPES,
+    'project:personalOwner': project_roles_1.PERSONAL_PROJECT_OWNER_SCOPES,
+    'project:editor': project_roles_1.PROJECT_EDITOR_SCOPES,
+};
+const CREDENTIALS_SHARING_SCOPE_MAP = {
+    'credential:owner': resource_roles_1.CREDENTIALS_SHARING_OWNER_SCOPES,
+    'credential:user': resource_roles_1.CREDENTIALS_SHARING_USER_SCOPES,
+};
+const WORKFLOW_SHARING_SCOPE_MAP = {
+    'workflow:owner': resource_roles_1.WORKFLOW_SHARING_OWNER_SCOPES,
+    'workflow:editor': resource_roles_1.WORKFLOW_SHARING_EDITOR_SCOPES,
+};
+const ALL_MAPS = {
+    global: GLOBAL_SCOPE_MAP,
+    project: PROJECT_SCOPE_MAP,
+    credential: CREDENTIALS_SHARING_SCOPE_MAP,
+    workflow: WORKFLOW_SHARING_SCOPE_MAP,
+};
+const COMBINED_MAP = Object.fromEntries(Object.values(ALL_MAPS).flatMap((o) => Object.entries(o)));
+const ROLE_NAMES = {
+    'global:owner': 'Owner',
+    'global:admin': 'Admin',
+    'global:member': 'Member',
+    'project:personalOwner': 'Project Owner',
+    'project:admin': 'Project Admin',
+    'project:editor': 'Project Editor',
+    'credential:user': 'Credential User',
+    'credential:owner': 'Credential Owner',
+    'workflow:owner': 'Workflow Owner',
+    'workflow:editor': 'Workflow Editor',
+};
+let RoleService = class RoleService {
+    constructor(license) {
+        this.license = license;
+    }
+    rolesWithScope(namespace, scopes) {
+        if (!Array.isArray(scopes)) {
+            scopes = [scopes];
+        }
+        return Object.keys(ALL_MAPS[namespace]).filter((k) => {
+            return scopes.every((s) => ALL_MAPS[namespace][k].includes(s));
+        });
+    }
+    getRoles() {
+        return Object.fromEntries(Object.entries(ALL_MAPS).map((e) => [e[0], Object.keys(e[1])]));
+    }
+    getRoleName(role) {
+        return ROLE_NAMES[role];
+    }
+    getRoleScopes(role, filters) {
+        let scopes = COMBINED_MAP[role];
+        if (filters) {
+            scopes = scopes.filter((s) => filters.includes(s.split(':')[0]));
+        }
+        return scopes;
+    }
+    getScopesBy(projectRoles) {
+        return [...projectRoles].reduce((acc, projectRole) => {
+            var _a;
+            for (const scope of (_a = PROJECT_SCOPE_MAP[projectRole]) !== null && _a !== void 0 ? _a : []) {
+                acc.add(scope);
+            }
+            return acc;
+        }, new Set());
+    }
+    addScopes(rawEntity, user, userProjectRelations) {
+        const shared = rawEntity.shared;
+        const entity = rawEntity;
+        Object.assign(entity, {
+            scopes: [],
+        });
+        if (shared === undefined) {
+            return entity;
+        }
+        if (!('active' in entity) && !('type' in entity)) {
+            throw new n8n_workflow_1.ApplicationError('Cannot detect if entity is a workflow or credential.');
+        }
+        entity.scopes = this.combineResourceScopes('active' in entity ? 'workflow' : 'credential', user, shared, userProjectRelations);
+        return entity;
+    }
+    combineResourceScopes(type, user, shared, userProjectRelations) {
+        const globalScopes = this.getRoleScopes(user.role, [type]);
+        const scopesSet = new Set(globalScopes);
+        for (const sharedEntity of shared) {
+            const pr = userProjectRelations.find((p) => { var _a; return p.projectId === ((_a = sharedEntity.projectId) !== null && _a !== void 0 ? _a : sharedEntity.project.id); });
+            let projectScopes = [];
+            if (pr) {
+                projectScopes = this.getRoleScopes(pr.role);
+            }
+            const resourceMask = this.getRoleScopes(sharedEntity.role);
+            const mergedScopes = (0, permissions_1.combineScopes)({
+                global: globalScopes,
+                project: projectScopes,
+            }, { sharing: resourceMask });
+            mergedScopes.forEach((s) => scopesSet.add(s));
+        }
+        return [...scopesSet].sort();
+    }
+    isRoleLicensed(role) {
+        switch (role) {
+            case 'project:admin':
+                return this.license.isProjectRoleAdminLicensed();
+            case 'project:editor':
+                return this.license.isProjectRoleEditorLicensed();
+            case 'global:admin':
+                return this.license.isAdvancedPermissionsLicensed();
+            default:
+                return true;
+        }
+    }
+};
+exports.RoleService = RoleService;
+exports.RoleService = RoleService = __decorate([
+    (0, typedi_1.Service)(),
+    __metadata("design:paramtypes", [License_1.License])
+], RoleService);
+//# sourceMappingURL=role.service.js.map

package/dist/services/role.service.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"role.service.js","sourceRoot":"","sources":["../../src/services/role.service.ts"],"names":[],"mappings":";;;;;;;;;;;;AAOA,6DAIoC;AACpC,+DAIqC;AACrC,iEAKsC;AAEtC,kDAA4E;AAC5E,mCAAiC;AACjC,+CAAgD;AAChD,uCAAoC;AAIpC,MAAM,gBAAgB,GAAgC;IACrD,cAAc,EAAE,kCAAmB;IACnC,cAAc,EAAE,kCAAmB;IACnC,eAAe,EAAE,mCAAoB;CACrC,CAAC;AAEF,MAAM,iBAAiB,GAAiC;IACvD,eAAe,EAAE,4CAA4B;IAC7C,uBAAuB,EAAE,6CAA6B;IACtD,gBAAgB,EAAE,qCAAqB;CACvC,CAAC;AAEF,MAAM,6BAA6B,GAA2C;IAC7E,kBAAkB,EAAE,iDAAgC;IACpD,iBAAiB,EAAE,gDAA+B;CAClD,CAAC;AAEF,MAAM,0BAA0B,GAAyC;IACxE,gBAAgB,EAAE,8CAA6B;IAC/C,iBAAiB,EAAE,+CAA8B;CACjD,CAAC;AASF,MAAM,QAAQ,GAAY;IACzB,MAAM,EAAE,gBAAgB;IACxB,OAAO,EAAE,iBAAiB;IAC1B,UAAU,EAAE,6BAA6B;IACzC,QAAQ,EAAE,0BAA0B;CAC3B,CAAC;AAEX,MAAM,YAAY,GAAG,MAAM,CAAC,WAAW,CACtC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,CAA0B,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CACS,CAAC;AAU7F,MAAM,UAAU,GAGZ;IACH,cAAc,EAAE,OAAO;IACvB,cAAc,EAAE,OAAO;IACvB,eAAe,EAAE,QAAQ;IACzB,uBAAuB,EAAE,eAAe;IACxC,eAAe,EAAE,eAAe;IAChC,gBAAgB,EAAE,gBAAgB;IAClC,iBAAiB,EAAE,iBAAiB;IACpC,kBAAkB,EAAE,kBAAkB;IACtC,gBAAgB,EAAE,gBAAgB;IAClC,iBAAiB,EAAE,iBAAiB;CACpC,CAAC;AAGK,IAAM,WAAW,GAAjB,MAAM,WAAW;IACvB,YAA6B,OAAgB;QAAhB,YAAO,GAAP,OAAO,CAAS;IAAG,CAAC;IAMjD,cAAc,CAAC,SAAwB,EAAE,MAAuB;QAC/D,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YAC5B,MAAM,GAAG,CAAC,MAAM,CAAC,CAAC;QACnB,CAAC;QAED,OAAO,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;YACpD,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAEvB,QAAQ,CAAC,SAAS,CAAS,CAAC,CAAC,CAAa,CAAC,QAAQ,CAAC,CAAC,CAAC,CACxD,CAAC;QACH,CAAC,CAAC,CAAC;IACJ,CAAC;IAED,QAAQ;QACP,OAAO,MAAM,CAAC,WAAW,CAExB,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CACxC,CAAC;IACzB,CAAC;IAED,WAAW,CAAC,IAAkB;QAC7B,OAAO,UAAU,CAAC,IAAI,CAAC,CAAC;IACzB,CAAC;IAED,aAAa,CACZ,IAA4E,EAC5E,OAAoB;QAEpB,IAAI,MAAM,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;QAChC,IAAI,OAAO,EAAE,CAAC;YACb,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAa,CAAC,CAAC,CAAC;QAC9E,CAAC;QACD,OAAO,MAAM,CAAC;IACf,CAAC;IAKD,WAAW,CAAC,YAA8B;QACzC,OAAO,CAAC,GAAG,YAAY,CAAC,CAAC,MAAM,CAAa,CAAC,GAAG,EAAE,WAAW,EAAE,EAAE;;YAChE,KAAK,MAAM,KAAK,IAAI,MAAA,iBAAiB,CAAC,WAAW,CAAC,mCAAI,EAAE,EAAE,CAAC;gBAC1D,GAAG,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;YAChB,CAAC;YAED,OAAO,GAAG,CAAC;QACZ,CAAC,EAAE,IAAI,GAAG,EAAE,CAAC,CAAC;IACf,CAAC;IAcD,SAAS,CACR,SAI8C,EAC9C,IAAU,EACV,oBAAuC;QAEvC,MAAM,MAAM,GAAG,SAAS,CAAC,MAAM,CAAC;QAChC,MAAM,MAAM,GAAG,SAA6E,CAAC;QAE7F,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE;YACrB,MAAM,EAAE,EAAE;SACV,CAAC,CAAC;QAEH,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YAC1B,OAAO,MAAM,CAAC;QACf,CAAC;QAED,IAAI,CAAC,CAAC,QAAQ,IAAI,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,IAAI,MAAM,CAAC,EAAE,CAAC;YAClD,MAAM,IAAI,+BAAgB,CAAC,sDAAsD,CAAC,CAAC;QACpF,CAAC;QAED,MAAM,CAAC,MAAM,GAAG,IAAI,CAAC,qBAAqB,CACzC,QAAQ,IAAI,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,YAAY,EAC9C,IAAI,EACJ,MAAM,EACN,oBAAoB,CACpB,CAAC;QAEF,OAAO,MAAM,CAAC;IACf,CAAC;IAED,qBAAqB,CACpB,IAA+B,EAC/B,IAAU,EACV,MAA8C,EAC9C,oBAAuC;QAEvC,MAAM,YAAY,GAAG,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC;QAC3D,MAAM,SAAS,GAAe,IAAI,GAAG,CAAC,YAAY,CAAC,CAAC;QACpD,KAAK,MAAM,YAAY,IAAI,MAAM,EAAE,CAAC;YACnC,MAAM,EAAE,GAAG,oBAAoB,CAAC,IAAI,CACnC,CAAC,CAAC,EAAE,EAAE,WAAC,OAAA,CAAC,CAAC,SAAS,KAAK,CAAC,MAAA,YAAY,CAAC,SAAS,mCAAI,YAAY,CAAC,OAAO,CAAC,EAAE,CAAC,CAAA,EAAA,CAC1E,CAAC;YACF,IAAI,aAAa,GAAY,EAAE,CAAC;YAChC,IAAI,EAAE,EAAE,CAAC;gBACR,aAAa,GAAG,IAAI,CAAC,aAAa,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC;YAC7C,CAAC;YACD,MAAM,YAAY,GAAG,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;YAC3D,MAAM,YAAY,GAAG,IAAA,2BAAa,EACjC;gBACC,MAAM,EAAE,YAAY;gBACpB,OAAO,EAAE,aAAa;aACtB,EACD,EAAE,OAAO,EAAE,YAAY,EAAE,CACzB,CAAC;YACF,YAAY,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QAC/C,CAAC;QACD,OAAO,CAAC,GAAG,SAAS,CAAC,CAAC,IAAI,EAAE,CAAC;IAC9B,CAAC;IAED,cAAc,CAAC,IAAkB;QAChC,QAAQ,IAAI,EAAE,CAAC;YACd,KAAK,eAAe;gBACnB,OAAO,IAAI,CAAC,OAAO,CAAC,0BAA0B,EAAE,CAAC;YAClD,KAAK,gBAAgB;gBACpB,OAAO,IAAI,CAAC,OAAO,CAAC,2BAA2B,EAAE,CAAC;YACnD,KAAK,cAAc;gBAClB,OAAO,IAAI,CAAC,OAAO,CAAC,6BAA6B,EAAE,CAAC;YACrD;gBACC,OAAO,IAAI,CAAC;QACd,CAAC;IACF,CAAC;CACD,CAAA;AA9IY,kCAAW;sBAAX,WAAW;IADvB,IAAA,gBAAO,GAAE;qCAE6B,iBAAO;GADjC,WAAW,CA8IvB"}