From ccf0f0076049da51e1113f12867812b7b5f9e00c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Iv=C3=A1n=20Ovejero?= Date: Tue, 13 Aug 2024 14:12:17 +0200 Subject: [PATCH] fix(core): Account for owner when filtering by project ID in `GET /workflows` in Public API --- .../handlers/workflows/workflows.handler.ts | 13 ++++++++++ .../integration/publicApi/workflows.test.ts | 26 +++++++++++++++++-- 2 files changed, 37 insertions(+), 2 deletions(-) diff --git a/packages/cli/src/PublicApi/v1/handlers/workflows/workflows.handler.ts b/packages/cli/src/PublicApi/v1/handlers/workflows/workflows.handler.ts index d5abac95a1787..8515548dea16b 100644 --- a/packages/cli/src/PublicApi/v1/handlers/workflows/workflows.handler.ts +++ b/packages/cli/src/PublicApi/v1/handlers/workflows/workflows.handler.ts @@ -143,6 +143,19 @@ export = { ); where.id = In(workflowIds); } + + if (projectId) { + const workflows = await Container.get(SharedWorkflowRepository).findAllWorkflowsForUser( + req.user, + ['workflow:read'], + ); + + const workflowIds = workflows + .filter((workflow) => workflow.projectId === projectId) + .map((workflow) => workflow.id); + + where.id = In(workflowIds); + } } else { const options: { workflowIds?: string[] } = {}; diff --git a/packages/cli/test/integration/publicApi/workflows.test.ts b/packages/cli/test/integration/publicApi/workflows.test.ts index 1e292af64d92f..5185f3862de89 100644 --- a/packages/cli/test/integration/publicApi/workflows.test.ts +++ b/packages/cli/test/integration/publicApi/workflows.test.ts @@ -267,8 +267,30 @@ describe('GET /workflows', () => { } }); - test('should return all user-accessible workflows filtered by `projectId`', async () => { - license.setQuota('quota:maxTeamProjects', 2); + test('for owner, should return all workflows filtered by `projectId`', async () => { + license.setQuota('quota:maxTeamProjects', -1); + const firstProject = await Container.get(ProjectService).createTeamProject('First', owner); + const secondProject = await Container.get(ProjectService).createTeamProject('Second', member); + + await Promise.all([ + createWorkflow({ name: 'First workflow' }, firstProject), + createWorkflow({ name: 'Second workflow' }, secondProject), + ]); + + const firstResponse = await authOwnerAgent.get(`/workflows?projectId=${firstProject.id}`); + const secondResponse = await authOwnerAgent.get(`/workflows?projectId=${secondProject.id}`); + + expect(firstResponse.statusCode).toBe(200); + expect(firstResponse.body.data.length).toBe(1); + expect(firstResponse.body.data[0].name).toBe('First workflow'); + + expect(secondResponse.statusCode).toBe(200); + expect(secondResponse.body.data.length).toBe(1); + expect(secondResponse.body.data[0].name).toBe('Second workflow'); + }); + + test('for member, should return all member-accessible workflows filtered by `projectId`', async () => { + license.setQuota('quota:maxTeamProjects', -1); const otherProject = await Container.get(ProjectService).createTeamProject( 'Other project', member,