feat: Implement get flow API endpoint

packages/backend/src/controllers/api/v1/flows/get-flow.js

@@ -0,0 +1,11 @@
+import { renderObject } from '../../../../helpers/renderer.js';
+
+export default async (request, response) => {
+  const flow = await request.currentUser.authorizedFlows
+    .withGraphJoined({ steps: true })
+    .orderBy('steps.position', 'asc')
+    .findOne({ 'flows.id': request.params.flowId })
+    .throwIfNotFound();
+
+  renderObject(response, flow);
+};

packages/backend/src/controllers/api/v1/flows/get-flow.test.js

@@ -0,0 +1,71 @@
+import { describe, it, expect, beforeEach } from 'vitest';
+import request from 'supertest';
+import app from '../../../../app.js';
+import createAuthTokenByUserId from '../../../../helpers/create-auth-token-by-user-id';
+import { createUser } from '../../../../../test/factories/user';
+import { createFlow } from '../../../../../test/factories/flow';
+import { createStep } from '../../../../../test/factories/step';
+import { createPermission } from '../../../../../test/factories/permission';
+import getFlowMock from '../../../../../test/mocks/rest/api/v1/flows/get-flow';
+
+describe('GET /api/v1/flows/:flowId', () => {
+  let currentUser, currentUserRole, token;
+
+  beforeEach(async () => {
+    currentUser = await createUser();
+    currentUserRole = await currentUser.$relatedQuery('role');
+
+    token = createAuthTokenByUserId(currentUser.id);
+  });
+
+  it('should return the flow data of current user', async () => {
+    const currentUserflow = await createFlow({ userId: currentUser.id });
+    const triggerStep = await createStep({ flowId: currentUserflow.id });
+    const actionStep = await createStep({ flowId: currentUserflow.id });
+
+    await createPermission({
+      action: 'read',
+      subject: 'Flow',
+      roleId: currentUserRole.id,
+      conditions: ['isCreator'],
+    });
+
+    const response = await request(app)
+      .get(`/api/v1/flows/${currentUserflow.id}`)
+      .set('Authorization', token)
+      .expect(200);
+
+    const expectedPayload = await getFlowMock(currentUserflow, [
+      triggerStep,
+      actionStep,
+    ]);
+
+    expect(response.body).toEqual(expectedPayload);
+  });
+
+  it('should return the flow data of another user', async () => {
+    const anotherUser = await createUser();
+    const anotherUserFlow = await createFlow({ userId: anotherUser.id });
+    const triggerStep = await createStep({ flowId: anotherUserFlow.id });
+    const actionStep = await createStep({ flowId: anotherUserFlow.id });
+
+    await createPermission({
+      action: 'read',
+      subject: 'Flow',
+      roleId: currentUserRole.id,
+      conditions: [],
+    });
+
+    const response = await request(app)
+      .get(`/api/v1/flows/${anotherUserFlow.id}`)
+      .set('Authorization', token)
+      .expect(200);
+
+    const expectedPayload = await getFlowMock(anotherUserFlow, [
+      triggerStep,
+      actionStep,
+    ]);
+
+    expect(response.body).toEqual(expectedPayload);
+  });
+});

packages/backend/src/helpers/authorization.js

@@ -7,6 +7,10 @@ const authorizationList = {
     action: 'read',
     subject: 'User',
   },
+  'GET /api/v1/flows/:flowId': {
+    action: 'read',
+    subject: 'Flow',
+  },
 };
 
 export const authorizeUser = async (request, response, next) => {

packages/backend/src/models/user.js

@@ -144,6 +144,11 @@ class User extends Base {
     },
   });
 
+  get authorizedFlows() {
+    const conditions = this.can('read', 'Flow');
+    return conditions.isCreator ? this.$relatedQuery('flows') : Flow.query();
+  }
+
   login(password) {
     return bcrypt.compare(password, this.password);
   }

packages/backend/src/routes/api/v1/flows.js

@@ -0,0 +1,10 @@
+import { Router } from 'express';
+import { authenticateUser } from '../../../helpers/authentication.js';
+import { authorizeUser } from '../../../helpers/authorization.js';
+import getFlowAction from '../../../controllers/api/v1/flows/get-flow.js';
+
+const router = Router();
+
+router.get('/:flowId', authenticateUser, authorizeUser, getFlowAction);
+
+export default router;

packages/backend/src/routes/index.js

@@ -7,6 +7,7 @@ import automatischRouter from './api/v1/automatisch.js';
 import usersRouter from './api/v1/users.js';
 import paymentRouter from './api/v1/payment.ee.js';
 import appAuthClientsRouter from './api/v1/app-auth-clients.js';
+import flowsRouter from './api/v1/flows.js';
 import samlAuthProvidersRouter from './api/v1/admin/saml-auth-providers.ee.js';
 import rolesRouter from './api/v1/admin/roles.ee.js';
 import permissionsRouter from './api/v1/admin/permissions.ee.js';
@@ -23,6 +24,7 @@ router.use('/api/v1/automatisch', automatischRouter);
 router.use('/api/v1/users', usersRouter);
 router.use('/api/v1/payment', paymentRouter);
 router.use('/api/v1/app-auth-clients', appAuthClientsRouter);
+router.use('/api/v1/flows', flowsRouter);
 router.use('/api/v1/admin/saml-auth-providers', samlAuthProvidersRouter);
 router.use('/api/v1/admin/roles', rolesRouter);
 router.use('/api/v1/admin/permissions', permissionsRouter);

packages/backend/test/mocks/rest/api/v1/flows/get-flow.js

@@ -0,0 +1,32 @@
+const getFlowMock = async (flow, steps) => {
+  const data = {
+    active: flow.active,
+    id: flow.id,
+    name: flow.name,
+    status: flow.active ? 'published' : 'draft',
+    steps: steps.map((step) => ({
+      appKey: step.appKey,
+      iconUrl: step.iconUrl,
+      id: step.id,
+      key: step.key,
+      parameters: step.parameters,
+      position: step.position,
+      status: step.status,
+      type: step.type,
+      webhookUrl: step.webhookUrl,
+    })),
+  };
+
+  return {
+    data: data,
+    meta: {
+      count: 1,
+      currentPage: null,
+      isArray: false,
+      totalPages: null,
+      type: 'Flow',
+    },
+  };
+};
+
+export default getFlowMock;