fix(core): Allow owner and admin to edit nodes with credentials that haven't been shared with them explicitly #9922
Conversation
n8n-assistant
bot
added
core
packages/cli/test/integration/workflows/workflows.controller.ee.test.ts
Outdated
Show resolved
Hide resolved
| @@ -428,28 +428,38 @@ describe('GET /workflows/:workflowId', () => { | |||
| expect(responseWorkflow.sharedWithProjects).toHaveLength(0); | |||
| }); | |||
|
|
|||
| test('should return workflow with credentials saying owner does not have access when not shared', async () => { | |||
| const savedCredential = await saveCredential(randomCredentialPayload(), { user: member }); | |||
| test.each([ | |||
There was a problem hiding this comment.
This converted the existing test rather than adding to it. I'd expect we'd want to keep a test for the member scenario?
There was a problem hiding this comment.
I think the next test is covering the scenario for members.
n8n/packages/cli/test/integration/workflows/workflows.controller.ee.test.ts
Lines 464 to 499 in 7f312ab
This test was only checking the owner scenario.
| test('should return workflow with credentials saying owner does not have access when not shared', async () => { | ||
| const savedCredential = await saveCredential(randomCredentialPayload(), { user: member }); | ||
| test.each([ | ||
| ['owner', () => owner], |
There was a problem hiding this comment.
For learning, why does this need to be a function? I'd've passed the actor directly.
There was a problem hiding this comment.
It's evaluated before the beforeAll block and thus it would just evaluate to undefined and pass this to each, whereas using a function creates a closure to the original binding and evaluates this only when called from inside the test. At that point beforeAll already ran.
I hope that makes sense.
|
|
2 flaky tests on run #5849 ↗︎
Details:
|
|||||||||||||||||||||||||||
| Test | Artifacts | |
|---|---|---|
| NDV > should not retrieve remote options when required params throw errors |
Screenshots
Video
|
|
24-ndv-paired-item.cy.ts • 1 flaky test
| Test | Artifacts | |
|---|---|---|
| NDV > resolves expression with default item when input node is not parent, while still pairing items |
Test Replay
Screenshots
Video
|
|
Review all test suite changes for PR #9922 ↗︎
|
|
|
|
…haven't been shared with them explicitly
despairblue
force-pushed
the
pay-1296-bug-owner-user-cant-edit-workflow
branch
from
c49bdd9 to
2607805
Compare
|
|
2 similar comments
|
|
|
|
|
✅ All Cypress E2E specs passed |
|
Got released with |
…haven't been shared with them explicitly (#9922)
Summary
Previously, the owners and admins were not allowed to use credentials in workflows that they did not own. They first had to share them with themselves, and then they could use them in workflows.
With #9718 we started showing credentials in the dropdown that they did not own and haven't been shared with them, but when choosing them the node edit view would turn read only.
With this PR the node edit view now stays editable.
Related Linear tickets, Github issues, and Community forum posts
https://linear.app/n8n/issue/PAY-1296/bug-owner-user-cant-edit-workflow
Review / Merge checklist
Docs updated or follow-up ticket created.PR Labeled withrelease/backport(if the PR is an urgent fix that needs to be backported)