From ba5c038e3ba05e9a6095c025e3d838768e12a1c0 Mon Sep 17 00:00:00 2001
From: Ali BARIN <ali.barin53@gmail.com>
Date: Fri, 23 Jun 2023 21:25:20 +0000
Subject: [PATCH] feat(authorization): add create flow checks

---
 packages/backend/src/graphql/mutations/create-flow.ts    | 2 ++
 packages/backend/src/graphql/mutations/duplicate-flow.ts | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/packages/backend/src/graphql/mutations/create-flow.ts b/packages/backend/src/graphql/mutations/create-flow.ts
index 7243d8c5..1632e94c 100644
--- a/packages/backend/src/graphql/mutations/create-flow.ts
+++ b/packages/backend/src/graphql/mutations/create-flow.ts
@@ -14,6 +14,8 @@ const createFlow = async (
   params: Params,
   context: Context
 ) => {
+  context.currentUser.can('create', 'Flow');
+
   const connectionId = params?.input?.connectionId;
   const appKey = params?.input?.triggerAppKey;
 
diff --git a/packages/backend/src/graphql/mutations/duplicate-flow.ts b/packages/backend/src/graphql/mutations/duplicate-flow.ts
index b0120790..057e7d0c 100644
--- a/packages/backend/src/graphql/mutations/duplicate-flow.ts
+++ b/packages/backend/src/graphql/mutations/duplicate-flow.ts
@@ -53,6 +53,8 @@ const duplicateFlow = async (
   params: Params,
   context: Context
 ) => {
+  context.currentUser.can('create', 'Flow');
+
   const flow = await context.currentUser
     .$relatedQuery('flows')
     .withGraphJoined('[steps]')