feat: Add initial scope checks via decorators #7737
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
netroy
reviewed
Nov 16, 2023
n8n-assistant
bot
added
core
Do you mean adding the |
|
valya
force-pushed
the
pay-983-replace-all-authorized-decorator-owner-checks
branch
from
3557203
to
9a01807
Compare
…-authorized-decorator-owner-checks
…-authorized-decorator-owner-checks
ivov
reviewed
Nov 22, 2023
packages/cli/src/ExternalSecrets/ExternalSecrets.controller.ee.ts
Outdated
Show resolved
Hide resolved
packages/cli/src/environments/variables/variables.controller.ee.ts
Outdated
Show resolved
Hide resolved
netroy
reviewed
Nov 22, 2023
netroy
reviewed
Nov 22, 2023
| @RestController('/external-secrets') | ||
| export class ExternalSecretsController { | ||
| constructor(private readonly secretsService: ExternalSecretsService) {} | ||
|
|
||
| @Get('/providers') | ||
| @RequireGlobalScope('externalSecretsStore:list') |
There was a problem hiding this comment.
should we consider moving auth scopes to existing decorators?
I'm wondering is there is an advantage of having a separate decorator.
There was a problem hiding this comment.
We could do it as part of the routing decorators but I personally think separate function decorators look neater.
ivov
previously approved these changes
Nov 27, 2023
netroy
reviewed
Nov 27, 2023
…-authorized-decorator-owner-checks
ivov
previously approved these changes
Nov 27, 2023
ivov
previously approved these changes
Nov 27, 2023
|
|
Passing run #3067 ↗︎
Details:
Review all test suite changes for PR #7737 ↗︎ |
|||||||||||||||
|
|
netroy
reviewed
Nov 27, 2023
| import type { ScopeMetadata } from './types'; | ||
| import { CONTROLLER_REQUIRED_SCOPES } from './constants'; | ||
|
|
||
| export const RequireGlobalScope = (scope: Scope | Scope[], scopeOptions?: ScopeOptions) => { |
There was a problem hiding this comment.
There seems to be quite an overlap between Authorized and RequireGlobalScope. If we update all the remaining controllers that still have @Authorized on them, we could combine the two decorators, as well as the middlewares that use the metadata from these decorators.
We don't need to do that now, but we should do it soon, so that we don't end up maintaining a 3rd authorization mechanism, while we are still trying to get rid of middlewares/auth.ts
…-authorized-decorator-owner-checks
valya
force-pushed
the
pay-983-replace-all-authorized-decorator-owner-checks
branch
from
2966685
to
7d491b2
Compare
ivov
previously approved these changes
Nov 28, 2023
|
|
|
✅ All Cypress E2E specs passed |
…-authorized-decorator-owner-checks
ivov
approved these changes
Nov 28, 2023
|
✅ All Cypress E2E specs passed |
valya
deleted the
pay-983-replace-all-authorized-decorator-owner-checks
branch
rishikeshjoshi
pushed a commit
to rishikeshjoshi/n8n
that referenced
this pull request
Nov 28, 2023
MiloradFilipovic
added a commit
that referenced
this pull request
Nov 29, 2023
* master: fix(editor): Add telemetry to workflow history (#7811) fix(editor): Fix mouse position in workflow previews (#7853) fix(editor): Fix icon for unknown node type (#7842) ci: Fix editor tests when coverage is enabled (no-changelog) (#7827) fix(editor): Suppress dev server websocket messages in workflow view (#7808) feat(core): Update LLM applications building support (no-changelog) (#7710) fix(editor): Fix push connection on WorkerList and CommunityNodes pages (no-changelog) (#7851) fix(editor): Remove ability for users to select admin role in the UI (no-changelog) (#7850) feat(core): Set up endpoint for all existing roles with license flag (#7834) fix(editor): Fix credential icon for old node type version (#7843) feat: Add initial scope checks via decorators (#7737) refactor(editor): Delete some barrel files and reduce circular dependencies (no-changelog) (#7838) fix(editor): Allow owners and admins to share workflows and credentials they don't own (#7833) refactor(core): Reorganize error hierarchy in `cli` package (no-changelog) (#7839) fix(Google Calendar Trigger Node): Fix issue preventing birthday and holiday calendars from working (#7832) fix(Google Sheets Node): Read operation execute for each item (#7800) fix(core): Node version in the user added node to workflow canvas event (no-changelog) (#7814)
Merged
ivov
added a commit
that referenced
this pull request
Nov 29, 2023
# [1.19.0](https://github.com/n8n-io/n8n/compare/n8n@1.18.0...n8n@1.19.0) (2023-11-29) ### Bug Fixes * **core:** Ensure member and admin cannot be promoted to owner ([#7830](#7830)) ([9b87a59](9b87a59)), closes [/linear.app/n8n/issue/PAY-985/add-user-role-modification-endpoint#comment-62355f6](https://github.com//linear.app/n8n/issue/PAY-985/add-user-role-modification-endpoint/issues/comment-62355f6) * **core:** Prevent error messages due to statistics about data loading ([#7824](#7824)) ([847f6ac](847f6ac)) * **core:** Tighten checks for multi-main setup usage ([#7788](#7788)) ([fdb2c18](fdb2c18)) * **core:** Use AbortController to notify nodes to abort execution ([#6141](#6141)) ([d2c18c5](d2c18c5)) * **editor:** Add telemetry to workflow history ([#7811](#7811)) ([d497041](d497041)) * **editor:** Allow owners and admins to share workflows and credentials they don't own ([#7833](#7833)) ([3ab3ec9](3ab3ec9)) * **editor:** Disable context menu actions in read-only mode ([#7789](#7789)) ([902beff](902beff)) * **editor:** Fix cloud plan data loading on instance ([#7841](#7841)) ([8b99384](8b99384)) * **editor:** Fix credential icon for old node type version ([#7843](#7843)) ([4074107](4074107)) * **editor:** Fix icon for unknown node type ([#7842](#7842)) ([28ac5a7](28ac5a7)) * **editor:** Fix mouse position in workflow previews ([#7853](#7853)) ([c063398](c063398)) * **editor:** Show nice error when environment is not set up ([#7778](#7778)) ([5835e05](5835e05)) * **editor:** Suppress dev server websocket messages in workflow view ([#7808](#7808)) ([685ffd7](685ffd7)) * **Google Sheets Node:** Read operation execute for each item ([#7800](#7800)) ([d548872](d548872)) * **HTTP Request Node:** Enable expressions for binary input data fields ([#7782](#7782)) ([6208af0](6208af0)) * **Microsoft SQL Node:** Prevent double escaping table name ([#7801](#7801)) ([73ec753](73ec753)) ### Features * Add AI tool building capabilities ([#7336](#7336)) ([87def60](87def60)) * Add initial scope checks via decorators ([#7737](#7737)) ([a37f1cb](a37f1cb)) * Ado 1296 spike credential setup in templates ([#7786](#7786)) ([aae45b0](aae45b0)) * **core:** Add Support for custom CORS origins for webhooks ([#7455](#7455)) ([99a9ea4](99a9ea4)) * **core:** Allow user role modification ([#7797](#7797)) ([7a86d36](7a86d36)) * **core:** Set up endpoint for all existing roles with license flag ([#7834](#7834)) ([2356fb0](2356fb0)) * **editor:** Add node name and version to NDV node settings ([#7731](#7731)) ([da85198](da85198)) * **editor:** Add routing middleware, permission checks, RBAC store, RBAC component ([#7702](#7702)) ([67a8891](67a8891)) * **editor:** Replace middleware for Role checks with Scope checks ([#7847](#7847)) ([72852a6](72852a6)) * **editor:** Show avatars for users currently working on the same workflow ([#7763](#7763)) ([77bc8ec](77bc8ec)) * **Notion Node:** Option to simplify output in getChildBlocks operation ([#7791](#7791)) ([d667bca](d667bca)) * **Slack Node:** Add support for getting the profile of a user ([#7829](#7829)) ([90bb6ba](90bb6ba)) Co-authored-by: ivov <ivov@users.noreply.github.com>
|
Got released with |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This commit also includes a refactor of the variables controller/service and a new Licensed decorator
Github issue / Community forum post (link here to close automatically):