groot/automatisch
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(mutations/execute-flow): correct permission check

Browse Source
This commit is contained in:
Ali BARIN
2023-08-22 14:09:21 +00:00
parent a8edeb2459
commit 525b2baf06
1 changed files with 8 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
packages/backend/src/graphql/mutations/execute-flow.ts
View File

@@ -1,5 +1,6 @@
import Context from '../../types/express/context'; import Context from '../../types/express/context';
import testRun from '../../services/test-run'; import testRun from '../../services/test-run';
import Step from '../../models/step';
type Params = { type Params = {
input: { input: {
@@ -12,12 +13,16 @@ const executeFlow = async (
params: Params, params: Params,
context: Context context: Context
) => { ) => {
context.currentUser.can('update', 'Flow'); const conditions = context.currentUser.can('update', 'Flow');
const isCreator = conditions.isCreator;
const allSteps = Step.query();
const userSteps = context.currentUser.$relatedQuery('steps');
const baseQuery = isCreator ? userSteps : allSteps;
const { stepId } = params.input; const { stepId } = params.input;
const untilStep = await context.currentUser const untilStep = await baseQuery
.$relatedQuery('steps') .clone()
.findById(stepId) .findById(stepId)
.throwIfNotFound(); .throwIfNotFound();