From 5d77f64e76b983c99ad0bba56296e06da18837f8 Mon Sep 17 00:00:00 2001
From: Ali BARIN <ali.barin53@gmail.com>
Date: Fri, 23 Jun 2023 20:41:57 +0000
Subject: [PATCH] feat(authorization): add update flow checks

---
 packages/backend/src/graphql/mutations/create-step.ts           | 2 ++
 packages/backend/src/graphql/mutations/delete-step.ts           | 2 ++
 packages/backend/src/graphql/mutations/execute-flow.ts          | 2 ++
 packages/backend/src/graphql/mutations/update-flow.ts           | 2 ++
 packages/backend/src/graphql/mutations/update-step.ts           | 2 ++
 packages/backend/src/graphql/queries/get-dynamic-data.ts        | 2 ++
 packages/backend/src/graphql/queries/get-dynamic-fields.ts      | 2 ++
 .../src/graphql/queries/get-step-with-test-executions.ts        | 2 ++
 8 files changed, 16 insertions(+)

diff --git a/packages/backend/src/graphql/mutations/create-step.ts b/packages/backend/src/graphql/mutations/create-step.ts
index 7ee065d4..e37c0f95 100644
--- a/packages/backend/src/graphql/mutations/create-step.ts
+++ b/packages/backend/src/graphql/mutations/create-step.ts
@@ -22,6 +22,8 @@ const createStep = async (
   params: Params,
   context: Context
 ) => {
+  context.currentUser.can('update', 'Flow');
+
   const { input } = params;
 
   if (input.appKey && input.key) {
diff --git a/packages/backend/src/graphql/mutations/delete-step.ts b/packages/backend/src/graphql/mutations/delete-step.ts
index 5de14ce3..d4b841e7 100644
--- a/packages/backend/src/graphql/mutations/delete-step.ts
+++ b/packages/backend/src/graphql/mutations/delete-step.ts
@@ -11,6 +11,8 @@ const deleteStep = async (
   params: Params,
   context: Context
 ) => {
+  context.currentUser.can('update', 'Flow');
+
   const step = await context.currentUser
     .$relatedQuery('steps')
     .withGraphFetched('flow')
diff --git a/packages/backend/src/graphql/mutations/execute-flow.ts b/packages/backend/src/graphql/mutations/execute-flow.ts
index 6b25960b..0bd09f7d 100644
--- a/packages/backend/src/graphql/mutations/execute-flow.ts
+++ b/packages/backend/src/graphql/mutations/execute-flow.ts
@@ -12,6 +12,8 @@ const executeFlow = async (
   params: Params,
   context: Context
 ) => {
+  context.currentUser.can('update', 'Flow');
+
   const { stepId } = params.input;
 
   const untilStep = await context.currentUser
diff --git a/packages/backend/src/graphql/mutations/update-flow.ts b/packages/backend/src/graphql/mutations/update-flow.ts
index 68866f78..01134c5e 100644
--- a/packages/backend/src/graphql/mutations/update-flow.ts
+++ b/packages/backend/src/graphql/mutations/update-flow.ts
@@ -12,6 +12,8 @@ const updateFlow = async (
   params: Params,
   context: Context
 ) => {
+  context.currentUser.can('update', 'Flow');
+
   let flow = await context.currentUser
     .$relatedQuery('flows')
     .findOne({
diff --git a/packages/backend/src/graphql/mutations/update-step.ts b/packages/backend/src/graphql/mutations/update-step.ts
index 376f60b8..2b8f0022 100644
--- a/packages/backend/src/graphql/mutations/update-step.ts
+++ b/packages/backend/src/graphql/mutations/update-step.ts
@@ -23,6 +23,8 @@ const updateStep = async (
   params: Params,
   context: Context
 ) => {
+  context.currentUser.can('update', 'Flow');
+
   const { input } = params;
 
   let step = await context.currentUser
diff --git a/packages/backend/src/graphql/queries/get-dynamic-data.ts b/packages/backend/src/graphql/queries/get-dynamic-data.ts
index d5a85baf..12b1092c 100644
--- a/packages/backend/src/graphql/queries/get-dynamic-data.ts
+++ b/packages/backend/src/graphql/queries/get-dynamic-data.ts
@@ -16,6 +16,8 @@ const getDynamicData = async (
   params: Params,
   context: Context
 ) => {
+  context.currentUser.can('update', 'Flow');
+
   const step = await context.currentUser
     .$relatedQuery('steps')
     .withGraphFetched({
diff --git a/packages/backend/src/graphql/queries/get-dynamic-fields.ts b/packages/backend/src/graphql/queries/get-dynamic-fields.ts
index cd72ba12..8b6e30fa 100644
--- a/packages/backend/src/graphql/queries/get-dynamic-fields.ts
+++ b/packages/backend/src/graphql/queries/get-dynamic-fields.ts
@@ -14,6 +14,8 @@ const getDynamicFields = async (
   params: Params,
   context: Context
 ) => {
+  context.currentUser.can('update', 'Flow');
+
   const step = await context.currentUser
     .$relatedQuery('steps')
     .withGraphFetched({
diff --git a/packages/backend/src/graphql/queries/get-step-with-test-executions.ts b/packages/backend/src/graphql/queries/get-step-with-test-executions.ts
index 14cb2eaa..ff79ce11 100644
--- a/packages/backend/src/graphql/queries/get-step-with-test-executions.ts
+++ b/packages/backend/src/graphql/queries/get-step-with-test-executions.ts
@@ -11,6 +11,8 @@ const getStepWithTestExecutions = async (
   params: Params,
   context: Context
 ) => {
+  context.currentUser.can('update', 'Flow');
+
   const step = await context.currentUser
     .$relatedQuery('steps')
     .findOne({ 'steps.id': params.stepId })