From 93290809173dfea11e961d4a5c28db32196901c2 Mon Sep 17 00:00:00 2001
From: Csaba Tuncsik <csaba@n8n.io>
Date: Wed, 29 Nov 2023 16:36:49 +0100
Subject: [PATCH] fix(editor): Restrict workflow and credential sharing to
 their owners (no-changelog) (#7870)

Removing scope permission checks on workflow and credential sharing and
relying only on resource ownership.
Every user can share only the workflows and credentials they created.
---
 packages/editor-ui/src/permissions.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/packages/editor-ui/src/permissions.ts b/packages/editor-ui/src/permissions.ts
index 995e9ad6f0769..e044078a0d438 100644
--- a/packages/editor-ui/src/permissions.ts
+++ b/packages/editor-ui/src/permissions.ts
@@ -84,7 +84,7 @@ export const getCredentialPermissions = (user: IUser | null, credential: ICreden
 		{ name: 'updateConnection', test: [UserRole.ResourceOwner] },
 		{
 			name: 'updateSharing',
-			test: (permissions) => rbacStore.hasScope('credential:share') || !!permissions.isOwner,
+			test: (permissions) => !!permissions.isOwner,
 		},
 		{ name: 'updateNodeAccess', test: [UserRole.ResourceOwner] },
 		{ name: 'delete', test: [UserRole.ResourceOwner, UserRole.InstanceOwner] },
@@ -109,7 +109,7 @@ export const getWorkflowPermissions = (user: IUser | null, workflow: IWorkflowDb
 		},
 		{
 			name: 'updateSharing',
-			test: (permissions) => rbacStore.hasScope('workflow:share') || !!permissions.isOwner,
+			test: (permissions) => !!permissions.isOwner,
 		},
 		{
 			name: 'delete',