groot/automatisch
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #1412 from automatisch/aut-311

Browse Source 
fix: let permitted users create step in not-owned flows
This commit is contained in:
Ömer Faruk Aydın
2023-11-08 17:55:53 +03:00
committed by GitHub
parent e79fc9cae4 0873cfa997
commit e1fac78aba
1 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
packages/backend/src/graphql/mutations/create-step.ts
View File

@@ -1,4 +1,5 @@
import App from '../../models/app'; import App from '../../models/app';
import Flow from '../../models/flow';
import Context from '../../types/express/context'; import Context from '../../types/express/context';
type Params = { type Params = {
@@ -22,7 +23,10 @@ const createStep = async (
params: Params, params: Params,
context: Context context: Context
) => { ) => {
context.currentUser.can('update', 'Flow'); const conditions = context.currentUser.can('update', 'Flow');
const userFlows = context.currentUser.$relatedQuery('flows');
const allFlows = Flow.query();
const flowsQuery = conditions.isCreator ? userFlows : allFlows;
const { input } = params; const { input } = params;
@@ -34,8 +38,7 @@ const createStep = async (
await App.findOneByKey(input.appKey); await App.findOneByKey(input.appKey);
} }
const flow = await context.currentUser const flow = await flowsQuery
.$relatedQuery('flows')
.findOne({ .findOne({
id: input.flow.id, id: input.flow.id,
}) })