From b93b465f09e6b74263a79ee80f3148c3a80fa76d Mon Sep 17 00:00:00 2001 From: Faruk AYDIN Date: Mon, 26 Feb 2024 00:52:02 +0100 Subject: [PATCH] feat: Implement get flow API endpoint --- .../src/controllers/api/v1/flows/get-flow.js | 11 +++ .../controllers/api/v1/flows/get-flow.test.js | 71 +++++++++++++++++++ packages/backend/src/helpers/authorization.js | 4 ++ packages/backend/src/models/user.js | 5 ++ packages/backend/src/routes/api/v1/flows.js | 10 +++ packages/backend/src/routes/index.js | 2 + .../test/mocks/rest/api/v1/flows/get-flow.js | 32 +++++++++ 7 files changed, 135 insertions(+) create mode 100644 packages/backend/src/controllers/api/v1/flows/get-flow.js create mode 100644 packages/backend/src/controllers/api/v1/flows/get-flow.test.js create mode 100644 packages/backend/src/routes/api/v1/flows.js create mode 100644 packages/backend/test/mocks/rest/api/v1/flows/get-flow.js diff --git a/packages/backend/src/controllers/api/v1/flows/get-flow.js b/packages/backend/src/controllers/api/v1/flows/get-flow.js new file mode 100644 index 00000000..f7ab107e --- /dev/null +++ b/packages/backend/src/controllers/api/v1/flows/get-flow.js @@ -0,0 +1,11 @@ +import { renderObject } from '../../../../helpers/renderer.js'; + +export default async (request, response) => { + const flow = await request.currentUser.authorizedFlows + .withGraphJoined({ steps: true }) + .orderBy('steps.position', 'asc') + .findOne({ 'flows.id': request.params.flowId }) + .throwIfNotFound(); + + renderObject(response, flow); +}; diff --git a/packages/backend/src/controllers/api/v1/flows/get-flow.test.js b/packages/backend/src/controllers/api/v1/flows/get-flow.test.js new file mode 100644 index 00000000..91bafffb --- /dev/null +++ b/packages/backend/src/controllers/api/v1/flows/get-flow.test.js @@ -0,0 +1,71 @@ +import { describe, it, expect, beforeEach } from 'vitest'; +import request from 'supertest'; +import app from '../../../../app.js'; +import createAuthTokenByUserId from '../../../../helpers/create-auth-token-by-user-id'; +import { createUser } from '../../../../../test/factories/user'; +import { createFlow } from '../../../../../test/factories/flow'; +import { createStep } from '../../../../../test/factories/step'; +import { createPermission } from '../../../../../test/factories/permission'; +import getFlowMock from '../../../../../test/mocks/rest/api/v1/flows/get-flow'; + +describe('GET /api/v1/flows/:flowId', () => { + let currentUser, currentUserRole, token; + + beforeEach(async () => { + currentUser = await createUser(); + currentUserRole = await currentUser.$relatedQuery('role'); + + token = createAuthTokenByUserId(currentUser.id); + }); + + it('should return the flow data of current user', async () => { + const currentUserflow = await createFlow({ userId: currentUser.id }); + const triggerStep = await createStep({ flowId: currentUserflow.id }); + const actionStep = await createStep({ flowId: currentUserflow.id }); + + await createPermission({ + action: 'read', + subject: 'Flow', + roleId: currentUserRole.id, + conditions: ['isCreator'], + }); + + const response = await request(app) + .get(`/api/v1/flows/${currentUserflow.id}`) + .set('Authorization', token) + .expect(200); + + const expectedPayload = await getFlowMock(currentUserflow, [ + triggerStep, + actionStep, + ]); + + expect(response.body).toEqual(expectedPayload); + }); + + it('should return the flow data of another user', async () => { + const anotherUser = await createUser(); + const anotherUserFlow = await createFlow({ userId: anotherUser.id }); + const triggerStep = await createStep({ flowId: anotherUserFlow.id }); + const actionStep = await createStep({ flowId: anotherUserFlow.id }); + + await createPermission({ + action: 'read', + subject: 'Flow', + roleId: currentUserRole.id, + conditions: [], + }); + + const response = await request(app) + .get(`/api/v1/flows/${anotherUserFlow.id}`) + .set('Authorization', token) + .expect(200); + + const expectedPayload = await getFlowMock(anotherUserFlow, [ + triggerStep, + actionStep, + ]); + + expect(response.body).toEqual(expectedPayload); + }); +}); diff --git a/packages/backend/src/helpers/authorization.js b/packages/backend/src/helpers/authorization.js index 8c20c4f4..63ce286c 100644 --- a/packages/backend/src/helpers/authorization.js +++ b/packages/backend/src/helpers/authorization.js @@ -7,6 +7,10 @@ const authorizationList = { action: 'read', subject: 'User', }, + 'GET /api/v1/flows/:flowId': { + action: 'read', + subject: 'Flow', + }, }; export const authorizeUser = async (request, response, next) => { diff --git a/packages/backend/src/models/user.js b/packages/backend/src/models/user.js index 8a0d5a69..0724185e 100644 --- a/packages/backend/src/models/user.js +++ b/packages/backend/src/models/user.js @@ -144,6 +144,11 @@ class User extends Base { }, }); + get authorizedFlows() { + const conditions = this.can('read', 'Flow'); + return conditions.isCreator ? this.$relatedQuery('flows') : Flow.query(); + } + login(password) { return bcrypt.compare(password, this.password); } diff --git a/packages/backend/src/routes/api/v1/flows.js b/packages/backend/src/routes/api/v1/flows.js new file mode 100644 index 00000000..8e51ad44 --- /dev/null +++ b/packages/backend/src/routes/api/v1/flows.js @@ -0,0 +1,10 @@ +import { Router } from 'express'; +import { authenticateUser } from '../../../helpers/authentication.js'; +import { authorizeUser } from '../../../helpers/authorization.js'; +import getFlowAction from '../../../controllers/api/v1/flows/get-flow.js'; + +const router = Router(); + +router.get('/:flowId', authenticateUser, authorizeUser, getFlowAction); + +export default router; diff --git a/packages/backend/src/routes/index.js b/packages/backend/src/routes/index.js index 910ef7ec..996dfc99 100644 --- a/packages/backend/src/routes/index.js +++ b/packages/backend/src/routes/index.js @@ -7,6 +7,7 @@ import automatischRouter from './api/v1/automatisch.js'; import usersRouter from './api/v1/users.js'; import paymentRouter from './api/v1/payment.ee.js'; import appAuthClientsRouter from './api/v1/app-auth-clients.js'; +import flowsRouter from './api/v1/flows.js'; import samlAuthProvidersRouter from './api/v1/admin/saml-auth-providers.ee.js'; import rolesRouter from './api/v1/admin/roles.ee.js'; import permissionsRouter from './api/v1/admin/permissions.ee.js'; @@ -23,6 +24,7 @@ router.use('/api/v1/automatisch', automatischRouter); router.use('/api/v1/users', usersRouter); router.use('/api/v1/payment', paymentRouter); router.use('/api/v1/app-auth-clients', appAuthClientsRouter); +router.use('/api/v1/flows', flowsRouter); router.use('/api/v1/admin/saml-auth-providers', samlAuthProvidersRouter); router.use('/api/v1/admin/roles', rolesRouter); router.use('/api/v1/admin/permissions', permissionsRouter); diff --git a/packages/backend/test/mocks/rest/api/v1/flows/get-flow.js b/packages/backend/test/mocks/rest/api/v1/flows/get-flow.js new file mode 100644 index 00000000..193855ac --- /dev/null +++ b/packages/backend/test/mocks/rest/api/v1/flows/get-flow.js @@ -0,0 +1,32 @@ +const getFlowMock = async (flow, steps) => { + const data = { + active: flow.active, + id: flow.id, + name: flow.name, + status: flow.active ? 'published' : 'draft', + steps: steps.map((step) => ({ + appKey: step.appKey, + iconUrl: step.iconUrl, + id: step.id, + key: step.key, + parameters: step.parameters, + position: step.position, + status: step.status, + type: step.type, + webhookUrl: step.webhookUrl, + })), + }; + + return { + data: data, + meta: { + count: 1, + currentPage: null, + isArray: false, + totalPages: null, + type: 'Flow', + }, + }; +}; + +export default getFlowMock;