groot/automatisch
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: let permitted users delete others' flows (#1417)

Browse Source
This commit is contained in:
Ali BARIN
2023-11-08 16:55:30 +01:00
committed by GitHub
parent e1fac78aba
commit 2d52cab693
1 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
packages/backend/src/graphql/mutations/delete-flow.ts
View File

@@ -1,4 +1,5 @@
import Context from '../../types/express/context'; import Context from '../../types/express/context';
import Flow from '../../models/flow';
import Execution from '../../models/execution'; import Execution from '../../models/execution';
import ExecutionStep from '../../models/execution-step'; import ExecutionStep from '../../models/execution-step';
import globalVariable from '../../helpers/global-variable'; import globalVariable from '../../helpers/global-variable';
@@ -15,10 +16,13 @@ const deleteFlow = async (
params: Params, params: Params,
context: Context context: Context
) => { ) => {
context.currentUser.can('delete', 'Flow'); const conditions = context.currentUser.can('delete', 'Flow');
const isCreator = conditions.isCreator;
const allFlows = Flow.query();
const userFlows = context.currentUser.$relatedQuery('flows');
const baseQuery = isCreator ? userFlows : allFlows;
const flow = await context.currentUser const flow = await baseQuery
.$relatedQuery('flows')
.findOne({ .findOne({
id: params.input.id, id: params.input.id,
}) })