refactor: User permission and limits to run flows

packages/backend/src/controllers/webhooks/handler.ts

@@ -6,17 +6,24 @@ import Flow from '../../models/flow';
 import { processTrigger } from '../../services/trigger';
 import actionQueue from '../../queues/action';
 import globalVariable from '../../helpers/global-variable';
-import { REMOVE_AFTER_30_DAYS_OR_150_JOBS, REMOVE_AFTER_7_DAYS_OR_50_JOBS } from '../../helpers/remove-job-configuration';
+import QuotaExceededError from '../../errors/quote-exceeded';
+import {
+  REMOVE_AFTER_30_DAYS_OR_150_JOBS,
+  REMOVE_AFTER_7_DAYS_OR_50_JOBS,
+} from '../../helpers/remove-job-configuration';
 
 export default async (request: IRequest, response: Response) => {
   const flow = await Flow.query()
     .findById(request.params.flowId)
     .throwIfNotFound();
 
-  const testRun = !flow.active;
+  const user = await flow.$relatedQuery('user');
 
-  if (!testRun) {
-    await flow.throwIfQuotaExceeded();
+  const testRun = !flow.active;
+  const quotaExceeded = !testRun && !(await user.isAllowedToRunFlows());
+
+  if (quotaExceeded) {
+    throw new QuotaExceededError();
   }
 
   const triggerStep = await flow.getTriggerStep();
@@ -58,7 +65,7 @@ export default async (request: IRequest, response: Response) => {
       headers: request.headers,
       body: request.body,
       query: request.query,
-    }
+    };
 
     rawInternalId = JSON.stringify(payload);
   }
@@ -74,7 +81,7 @@ export default async (request: IRequest, response: Response) => {
     flowId: flow.id,
     stepId: triggerStep.id,
     triggerItem,
-    testRun
+    testRun,
   });
 
   if (testRun) {
@@ -93,7 +100,7 @@ export default async (request: IRequest, response: Response) => {
   const jobOptions = {
     removeOnComplete: REMOVE_AFTER_7_DAYS_OR_50_JOBS,
     removeOnFail: REMOVE_AFTER_30_DAYS_OR_150_JOBS,
-  }
+  };
 
   await actionQueue.add(jobName, jobPayload, jobOptions);