fix: When editing nodes only show the credentials in the dropdown that the user is allowed to use in that workflow #9718
Conversation
…t the user is allowed to use in that workflow
despairblue
added
the
release/backport
n8n-assistant
bot
added
core
despairblue
force-pushed
the
filter-by-personal-project
branch
from
a188f9c to
0b4459f
Compare
despairblue
force-pushed
the
filter-by-personal-project
branch
from
0b4459f to
80bf204
Compare
despairblue
force-pushed
the
filter-by-personal-project
branch
from
bc99637 to
71905be
Compare
|
@krynble I had to rebase this. Could you re-approve? 🙏🏾 |
|
|
|
|
|
I'll check the failing test locally. |
| @@ -102,7 +102,7 @@ const switchBetweenEditorAndHistory = () => { | |||
|
|
|||
| const switchBetweenEditorAndWorkflowlist = () => { | |||
| cy.getByTestId('menu-item').first().click(); | |||
| cy.wait(['@getUsers', '@getWorkflows', '@getActiveWorkflows', '@getCredentials']); | |||
There was a problem hiding this comment.
Going to the home page does not actually load the credentials:
Maybe this worked before the new home page, but now the credentials are only loaded if you actually switch to the credentials tab.
On master this only works because the Node View calls GET /rest/credentials. With this PR that's not the case anymore.
I changed this cy.wait to do what I think the author intended, waiting until the workflow tab in the home page was completely loaded.
There was a problem hiding this comment.
makes sense, ty for fixing!
|
@krynble I fixed the test. |
…t the user is allowed to use in that workflow (n8n-io#9718)
…t the user is allowed to use in that workflow (n8n-io#9718)
|
Got released with |
1 similar comment
|
Got released with |
Summary
With the introduction of projects and RBAC we've been having issues with rendering the correct list of credentials for nodes in workflows in personal projects. We've patched
GET /credentialsmultiple times to get it right and each time broke some edge case:#9396
#9615
#9678
This PR introduces a new route that returns all credentials a user can use is a
specific workflow or project.
This route is used by the Node View and Node Credentials drop down.
They are not using the
GET /credentialsendpoint anymore, because they returnBut the credentials that a user can add to nodes in a workflow have further restrictions.
The new endpoint returns all credentials that the workflow can use when executing AND to which the user has access to.
For workflows in team project that's simple: It's only the credentials that exist in that project. Even having global read permissions does not circumvent this.
For workflows in personal projects it becomes more complex due to point to point sharing:
The y axis is the global role of the user, the x axis describes their relation ship to the workflow, either they have no relationship, the workflow was shared with them, or they own the workflow.
The new endpoint first gets all credentials the user has access to, then all the credentials the workflow can use and then returns the intersection of both.
Related Linear tickets, Github issues, and Community forum posts
https://linear.app/n8n/issue/PAY-1661/bug-cant-choose-the-right-credentials-in-a-personal-wf-as-an-owner-or
Review / Merge checklist
release/backport(if the PR is an urgent fix that needs to be backported)