feat(API): Allow user to be added to and removed from projects

packages/cli/src/controllers/project.controller.ts

@@ -196,14 +196,7 @@ export class ProjectController {
 			await this.projectsService.updateProject(req.body.name, req.params.projectId);
 		}
 		if (req.body.relations) {
-			try {
-				await this.projectsService.syncProjectRelations(req.params.projectId, req.body.relations);
-			} catch (e) {
-				if (e instanceof UnlicensedProjectRoleError) {
-					throw new BadRequestError(e.message);
-				}
-				throw e;
-			}
+			await this.syncProjectRelations(req.params.projectId, req.body.relations);
 
 			this.eventService.emit('team-project-updated', {
 				userId: req.user.id,
@@ -214,6 +207,20 @@ export class ProjectController {
 		}
 	}
 
+	async syncProjectRelations(
+		projectId: string,
+		relations: ProjectRequest.ProjectRelationPayload[],
+	) {
+		try {
+			await this.projectsService.syncProjectRelations(projectId, relations);
+		} catch (e) {
+			if (e instanceof UnlicensedProjectRoleError) {
+				throw new BadRequestError(e.message);
+			}
+			throw e;
+		}
+	}
+
 	@Delete('/:projectId')
 	@ProjectScope('project:delete')
 	async deleteProject(req: ProjectRequest.Delete) {

packages/cli/src/public-api/v1/handlers/projects/projects.handler.ts

@@ -12,6 +12,7 @@ import { encodeNextCursor } from '../../shared/services/pagination.service';
 type Create = ProjectRequest.Create;
 type Update = ProjectRequest.Update;
 type Delete = ProjectRequest.Delete;
+type DeleteUser = ProjectRequest.DeleteUser;
 type GetAll = PaginatedRequest;
 
 export = {
@@ -64,4 +65,26 @@ export = {
 			});
 		},
 	],
+	deleteUserFromProject: [
+		isLicensed('feat:projectRole:admin'),
+		globalScope('project:update'),
+		async (req: DeleteUser, res: Response) => {
+			const { projectId, id: userId } = req.params;
+
+			const project = await Container.get(ProjectRepository).findOne({
+				where: { id: projectId },
+				relations: { projectRelations: true },
+			});
+
+			if (!project) {
+				return res.status(404).send({ message: 'Not found' });
+			}
+
+			const relations = project.projectRelations.filter((relation) => relation.userId !== userId);
+
+			await Container.get(ProjectController).syncProjectRelations(projectId, relations);
+
+			return res.status(204).send();
+		},
+	],
 };

packages/cli/src/public-api/v1/handlers/projects/spec/paths/projects.projectId.users.id.yml

@@ -0,0 +1,24 @@
+delete:
+  x-eov-operation-id: deleteUserFromProject
+  x-eov-operation-handler: v1/handlers/projects/projects.handler
+  tags:
+    - Projects
+  summary: Delete a user from a project
+  description: Delete a user from a project from your instance.
+  parameters:
+    - name: projectId
+      in: path
+      description: The ID of the project.
+      required: true
+      schema:
+        type: string
+    - $ref: '../../../users/spec/schemas/parameters/userIdentifier.yml'
+  responses:
+    '204':
+      description: Operation successful.
+    '401':
+      $ref: '../../../../shared/spec/responses/unauthorized.yml'
+    '403':
+      $ref: '../../../../shared/spec/responses/forbidden.yml'
+    '404':
+      $ref: '../../../../shared/spec/responses/notFound.yml'

packages/cli/src/public-api/v1/handlers/projects/spec/paths/projects.projectId.yml

@@ -6,7 +6,12 @@ delete:
   summary: Delete a project
   description: Delete a project from your instance.
   parameters:
-    - $ref: '../schemas/parameters/projectId.yml'
+    - in: path
+      name: projectId
+      description: The ID of the project.
+      required: true
+      schema:
+        type: string
   responses:
     '204':
       description: Operation successful.
@@ -23,6 +28,13 @@ put:
     - Project
   summary: Update a project
   description: Update a project.
+  parameters:
+    - in: path
+      name: projectId
+      description: The ID of the project.
+      required: true
+      schema:
+        type: string
   requestBody:
     description: Updated project object.
     content:

packages/cli/src/public-api/v1/openapi.yml

@@ -82,6 +82,8 @@ paths:
     $ref: './handlers/projects/spec/paths/projects.yml'
   /projects/{projectId}:
     $ref: './handlers/projects/spec/paths/projects.projectId.yml'
+  /projects/{projectId}/users/{id}:
+    $ref: './handlers/projects/spec/paths/projects.projectId.users.id.yml'
 components:
   schemas:
     $ref: './shared/spec/schemas/_index.yml'

packages/cli/src/requests.ts

@@ -563,6 +563,7 @@ export declare namespace ProjectRequest {
 		{ name?: string; relations?: ProjectRelationPayload[] }
 	>;
 	type Delete = AuthenticatedRequest<{ projectId: string }, {}, {}, { transferId?: string }>;
+	type DeleteUser = AuthenticatedRequest<{ projectId: string; id: string }, {}, {}, {}>;
 }
 
 // ----------------------------------

packages/cli/test/integration/public-api/projects.test.ts

@@ -1,8 +1,17 @@
 import { FeatureNotLicensedError } from '@/errors/feature-not-licensed.error';
 import { Telemetry } from '@/telemetry';
 import { mockInstance } from '@test/mocking';
-import { createTeamProject, getProjectByNameOrFail } from '@test-integration/db/projects';
-import { createMemberWithApiKey, createOwnerWithApiKey } from '@test-integration/db/users';
+import {
+	createTeamProject,
+	getProjectByNameOrFail,
+	linkUserToProject,
+	getAllProjectRelations,
+} from '@test-integration/db/projects';
+import {
+	createMemberWithApiKey,
+	createOwnerWithApiKey,
+	createMember,
+} from '@test-integration/db/users';
 import { setupTestServer } from '@test-integration/utils';
 
 import * as testDb from '../shared/test-db';
@@ -393,4 +402,117 @@ describe('Projects in Public API', () => {
 			expect(response.body).toHaveProperty('message', 'Forbidden');
 		});
 	});
+
+	describe('DELETE /projects/:id/users/:userId', () => {
+		it('if not authenticated, should reject with 401', async () => {
+			const project = await createTeamProject();
+			const member = await createMember();
+
+			const response = await testServer
+				.publicApiAgentWithoutApiKey()
+				.delete(`/projects/${project.id}/users/${member.id}`);
+
+			expect(response.status).toBe(401);
+			expect(response.body).toHaveProperty('message', "'X-N8N-API-KEY' header required");
+		});
+
+		it('if not licensed, should reject with a 403', async () => {
+			const owner = await createOwnerWithApiKey();
+			const project = await createTeamProject();
+			const member = await createMember();
+
+			const response = await testServer
+				.publicApiAgentFor(owner)
+				.delete(`/projects/${project.id}/users/${member.id}`);
+
+			expect(response.status).toBe(403);
+			expect(response.body).toHaveProperty(
+				'message',
+				new FeatureNotLicensedError('feat:projectRole:admin').message,
+			);
+		});
+
+		it('if missing scope, should reject with 403', async () => {
+			testServer.license.setQuota('quota:maxTeamProjects', -1);
+			testServer.license.enable('feat:projectRole:admin');
+			const member = await createMemberWithApiKey();
+			const project = await createTeamProject();
+
+			const response = await testServer
+				.publicApiAgentFor(member)
+				.delete(`/projects/${project.id}/users/${member.id}`);
+
+			expect(response.status).toBe(403);
+			expect(response.body).toHaveProperty('message', 'Forbidden');
+		});
+
+		describe('when user has correct license', () => {
+			beforeEach(() => {
+				testServer.license.setQuota('quota:maxTeamProjects', -1);
+				testServer.license.enable('feat:projectRole:admin');
+			});
+
+			it('should remove given user from project', async () => {
+				const owner = await createOwnerWithApiKey();
+				const project = await createTeamProject('shared-project', owner);
+				const member = await createMember();
+				await linkUserToProject(member, project, 'project:viewer');
+				const projectBefore = await getAllProjectRelations({
+					projectId: project.id,
+				});
+
+				const response = await testServer
+					.publicApiAgentFor(owner)
+					.delete(`/projects/${project.id}/users/${member.id}`);
+
+				const projectAfter = await getAllProjectRelations({
+					projectId: project.id,
+				});
+
+				expect(response.status).toBe(204);
+				expect(projectBefore.length).toEqual(2);
+				expect(projectBefore[0].userId).toEqual(owner.id);
+				expect(projectBefore[1].userId).toEqual(member.id);
+
+				expect(projectAfter.length).toEqual(1);
+				expect(projectBefore[0].userId).toEqual(owner.id);
+			});
+
+			it('should reject with 404 if no project found', async () => {
+				const owner = await createOwnerWithApiKey();
+				const member = await createMember();
+
+				const response = await testServer
+					.publicApiAgentFor(owner)
+					.delete(`/projects/123456/users/${member.id}`);
+
+				expect(response.status).toBe(404);
+				expect(response.body).toHaveProperty('message', 'Not found');
+			});
+
+			it('should remain unchanged if user if not in project', async () => {
+				const owner = await createOwnerWithApiKey();
+				const project = await createTeamProject('shared-project', owner);
+				const member = await createMember();
+				const projectBefore = await getAllProjectRelations({
+					projectId: project.id,
+				});
+
+				const response = await testServer
+					.publicApiAgentFor(owner)
+					.delete(`/projects/${project.id}/users/${member.id}`);
+
+				const projectAfter = await getAllProjectRelations({
+					projectId: project.id,
+				});
+
+				expect(response.status).toBe(204);
+				expect(projectBefore.length).toEqual(1);
+				expect(projectBefore[0].userId).toEqual(owner.id);
+
+				expect(projectAfter.length).toEqual(1);
+				expect(projectBefore[0].userId).toEqual(owner.id);
+			});
+		});
+	});
 });

packages/cli/test/integration/shared/db/projects.ts

@@ -66,3 +66,11 @@ export const getProjectRelations = async ({
 		where: { projectId, userId, role },
 	});
 };
+
+export const getAllProjectRelations = async ({
+	projectId,
+}: Partial<ProjectRelation>): Promise<ProjectRelation[]> => {
+	return await Container.get(ProjectRelationRepository).find({
+		where: { projectId },
+	});
+};