feat(editor): Expose workflow:execute scope checkbox in custom role UI

[afitzek]

Summary

Adds workflow:execute as an explicit, toggleable checkbox in the custom role editor under the Workflows section.

Previously, workflow:execute was a hidden scope that was silently auto-toggled whenever workflow:update was toggled — creating confusing, unexpected dependency behaviour. This PR promotes it to a first-class permission in the UI.

Dependency rule enforced in the UI:

• Checking workflow:execute automatically checks workflow:read if it isn't already selected (execute requires read)
• Unchecking workflow:read automatically unchecks workflow:execute (read is a prerequisite for execute)
• The reverse is not enforced: selecting workflow:read does not require workflow:execute

Changes:

• projectRoleScopes.ts: Added 'execute' to the workflow operations list, placed between read and update
• ProjectRoleView.vue: Replaced the workflow:update → workflow:execute auto-coupling with explicit workflow:read ↔ workflow:execute dependency logic in toggleScope
• en.json: Added projectRoles.workflow:execute.tooltip and updated workflow:update.tooltip to remove the now-stale "and execute workflows" phrasing
• ProjectRoleView.test.ts: Added 6 tests covering all dependency scenarios and confirming the old auto-coupling is removed

Related Linear tickets, Github issues, and Community forum posts

closes https://linear.app/n8n/issue/IAM-118/fe-show-workflowexecute-scope-checkbox-in-custom-role-ui

Review / Merge checklist

• PR title and summary are descriptive. (conventions)
• Docs updated or follow-up ticket created.
• Tests included.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

[codecov]

Bundle Report

Changes will increase total bundle size by 333 bytes (0.0%) ⬆️. This is within the configured threshold ✅

Detailed changes

Bundle name	Size	Change
editor-ui-esm	42.53MB	333 bytes (0.0%) ⬆️

Affected Assets, Files, and Routes:

view changes for bundle: editor-ui-esm

Assets Changed:

Asset Name	Size Change	Total Size	Change (%)
assets/_MapCache-*.js	60 bytes	577.61kB	0.01%
assets/ProjectRoleView-*.js	260 bytes	31.21kB	0.84%
assets/projectRoleScopes-*.js	13 bytes	1.23kB	1.07%

Files in assets/ProjectRoleView-*.js:

• ./src/features/project-roles/ProjectRoleView.vue → Total Size: 340 bytes

Files in assets/projectRoleScopes-*.js:

• ./src/features/project-roles/projectRoleScopes.ts → Total Size: 1.54kB

[cubic-dev-ai]

cubic analysis

No issues found across 5 files

Linked issue analysis

Linked issue: IAM-118: [FE] Show workflow:execute scope checkbox in Custom role UI

Status	Acceptance criteria	Notes
✅	Workflow:execute scope should be added to the custom roles UI to toggle on/off	Added execute in scopes, UI, i18n and tests
✅	Decouple workflow:execute from workflow:update and enforce read prerequisite (checking workflow:execute auto-checks workflow:read; unchecking workflow:read auto-unchecks workflow:execute)	toggleScope updated and tests cover dependency scenarios
❌	When a user has workflow:edit and workflow:execute, UI should show execute workflow button	No editor execution button visibility changes in diffs
❌	When a user only has workflow:view and workflow:execute, UI should allow user to execute workflow but editing anything else on the canvas should stay in read only state	No editor UI changes to allow execute-only behavior
❌	When a user has workflow:read and workflow:edit but not workflow:execute, test execution button should be greyed out and show you do not have permissions on hover	No code to disable/tooltip execution button in editor
❌	A user with workflow:execute can only execute workflows that already exist & the user has access to (including rerunning prev executions)	No backend or execution permission enforcement changes found
❌	Handle the above scenarios when viewing executions too (able to re-run failed executions if you have the execute permission)	No changes to executions view or rerun permission logic

Architecture diagram

sequenceDiagram
    participant User
    participant UI as ProjectRoleView (Vue)
    participant State as form.scopes (Local State)
    participant Config as projectRoleScopes.ts
    participant I18n as en.json

    Note over UI,Config: UI Initialization
    UI->>Config: Get list of UI_OPERATIONS
    Config-->>UI: NEW: Return workflow operations including 'execute'
    UI->>I18n: Fetch labels and tooltips
    I18n-->>UI: NEW: 'workflow:execute' tooltip added

    Note over User,State: Scenario A: User enables 'workflow:execute'
    User->>UI: Click 'workflow:execute' checkbox
    UI->>UI: toggleScope('workflow:execute')
    
    alt NEW: Scope added AND 'workflow:read' is missing
        UI->>UI: Internal: toggleScope('workflow:read')
        UI->>State: Add 'workflow:read' to array
    end
    UI->>State: Add 'workflow:execute' to array

    Note over User,State: Scenario B: User disables 'workflow:read'
    User->>UI: Uncheck 'workflow:read' checkbox
    UI->>UI: toggleScope('workflow:read')
    
    alt NEW: Scope removed AND 'workflow:execute' is present
        UI->>UI: Internal: toggleScope('workflow:execute')
        UI->>State: Remove 'workflow:execute' from array
    end
    UI->>State: Remove 'workflow:read' from array

    Note over User,State: Scenario C: CHANGED interaction for 'workflow:update'
    User->>UI: Toggle 'workflow:update' checkbox
    UI->>UI: toggleScope('workflow:update')
    UI->>State: Add/Remove 'workflow:update'
    Note right of UI: CHANGED: No longer triggers workflow:execute

Loading

[guillaumejacquart]

🚀

[n8n-assistant]

Got released with n8n@2.11.0