diff --git a/packages/cli/src/UserManagement/PermissionChecker.ts b/packages/cli/src/UserManagement/PermissionChecker.ts index 7b6261c4d6d18..b15d9ee6ddbaa 100644 --- a/packages/cli/src/UserManagement/PermissionChecker.ts +++ b/packages/cli/src/UserManagement/PermissionChecker.ts @@ -39,12 +39,14 @@ export class PermissionChecker { if (user.hasGlobalScope('workflow:execute')) return; + const isSharingEnabled = this.license.isSharingEnabled(); + // allow if all creds used in this workflow are a subset of // all creds accessible to users who have access to this workflow let workflowUserIds = [userId]; - if (workflow.id && this.license.isSharingEnabled()) { + if (workflow.id && isSharingEnabled) { const workflowSharings = await this.sharedWorkflowRepository.find({ relations: ['workflow'], where: { workflowId: workflow.id }, @@ -54,7 +56,9 @@ export class PermissionChecker { } const credentialSharings = - await this.sharedCredentialsRepository.findOwnedSharings(workflowUserIds); + await this.sharedCredentialsRepository[ + isSharingEnabled ? 'findAccessibleSharings' : 'findOwnedSharings' + ](workflowUserIds); const accessibleCredIds = credentialSharings.map((s) => s.credentialsId); diff --git a/packages/cli/src/databases/repositories/sharedCredentials.repository.ts b/packages/cli/src/databases/repositories/sharedCredentials.repository.ts index 0a52f521538d5..a83aef45a5d07 100644 --- a/packages/cli/src/databases/repositories/sharedCredentials.repository.ts +++ b/packages/cli/src/databases/repositories/sharedCredentials.repository.ts @@ -50,12 +50,16 @@ export class SharedCredentialsRepository extends Repository { return sharings.map((s) => s.credentialsId); } + async findAccessibleSharings(userIds: string[]) { + return await this.findBy({ + userId: In(userIds), + }); + } + async findOwnedSharings(userIds: string[]) { - return await this.find({ - where: { - userId: In(userIds), - role: 'credential:owner', - }, + return await this.findBy({ + userId: In(userIds), + role: 'credential:owner', }); }