From e8f2802ee0adffe823f98dd8fbdf4cd17b491d91 Mon Sep 17 00:00:00 2001
From: Ali BARIN <ali.barin53@gmail.com>
Date: Fri, 23 Jun 2023 20:20:42 +0000
Subject: [PATCH] feat(authorization): add read connection checks

---
 packages/backend/src/graphql/queries/get-app.ts            | 2 ++
 packages/backend/src/graphql/queries/get-apps.ts           | 2 +-
 packages/backend/src/graphql/queries/get-connected-apps.ts | 4 +++-
 3 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/packages/backend/src/graphql/queries/get-app.ts b/packages/backend/src/graphql/queries/get-app.ts
index 83f116d9..e09a5a10 100644
--- a/packages/backend/src/graphql/queries/get-app.ts
+++ b/packages/backend/src/graphql/queries/get-app.ts
@@ -6,6 +6,8 @@ type Params = {
 };
 
 const getApp = async (_parent: unknown, params: Params, context: Context) => {
+  context.currentUser.can('read', 'Connection');
+
   const app = await App.findOneByKey(params.key);
 
   if (context.currentUser) {
diff --git a/packages/backend/src/graphql/queries/get-apps.ts b/packages/backend/src/graphql/queries/get-apps.ts
index 95de6f0a..5ae1e78b 100644
--- a/packages/backend/src/graphql/queries/get-apps.ts
+++ b/packages/backend/src/graphql/queries/get-apps.ts
@@ -1,5 +1,5 @@
-import App from '../../models/app';
 import { IApp } from '@automatisch/types';
+import App from '../../models/app';
 
 type Params = {
   name: string;
diff --git a/packages/backend/src/graphql/queries/get-connected-apps.ts b/packages/backend/src/graphql/queries/get-connected-apps.ts
index c1ee32b1..fe2f8a17 100644
--- a/packages/backend/src/graphql/queries/get-connected-apps.ts
+++ b/packages/backend/src/graphql/queries/get-connected-apps.ts
@@ -1,6 +1,6 @@
+import { IConnection } from '@automatisch/types';
 import App from '../../models/app';
 import Context from '../../types/express/context';
-import { IApp, IConnection } from '@automatisch/types';
 
 type Params = {
   name: string;
@@ -11,6 +11,8 @@ const getConnectedApps = async (
   params: Params,
   context: Context
 ) => {
+  context.currentUser.can('read', 'Connection');
+
   let apps = await App.findAll(params.name);
 
   const connections = await context.currentUser