diff --git a/packages/backend/src/graphql/mutations/execute-flow.ts b/packages/backend/src/graphql/mutations/execute-flow.ts index 0bd09f7d..a172b0ee 100644 --- a/packages/backend/src/graphql/mutations/execute-flow.ts +++ b/packages/backend/src/graphql/mutations/execute-flow.ts @@ -1,5 +1,6 @@ import Context from '../../types/express/context'; import testRun from '../../services/test-run'; +import Step from '../../models/step'; type Params = { input: { @@ -12,12 +13,16 @@ const executeFlow = async ( params: Params, context: Context ) => { - context.currentUser.can('update', 'Flow'); + const conditions = context.currentUser.can('update', 'Flow'); + const isCreator = conditions.isCreator; + const allSteps = Step.query(); + const userSteps = context.currentUser.$relatedQuery('steps'); + const baseQuery = isCreator ? userSteps : allSteps; const { stepId } = params.input; - const untilStep = await context.currentUser - .$relatedQuery('steps') + const untilStep = await baseQuery + .clone() .findById(stepId) .throwIfNotFound(); diff --git a/packages/backend/src/graphql/mutations/update-flow-status.ts b/packages/backend/src/graphql/mutations/update-flow-status.ts index cc0e4010..0af63517 100644 --- a/packages/backend/src/graphql/mutations/update-flow-status.ts +++ b/packages/backend/src/graphql/mutations/update-flow-status.ts @@ -1,3 +1,4 @@ +import Flow from '../../models/flow'; import Context from '../../types/express/context'; import flowQueue from '../../queues/flow'; import { REMOVE_AFTER_30_DAYS_OR_150_JOBS, REMOVE_AFTER_7_DAYS_OR_50_JOBS } from '../../helpers/remove-job-configuration'; @@ -18,10 +19,14 @@ const updateFlowStatus = async ( params: Params, context: Context ) => { - context.currentUser.can('publish', 'Flow'); + const conditions = context.currentUser.can('publish', 'Flow'); + const isCreator = conditions.isCreator; + const allFlows = Flow.query(); + const userFlows = context.currentUser.$relatedQuery('flows'); + const baseQuery = isCreator ? userFlows : allFlows; - let flow = await context.currentUser - .$relatedQuery('flows') + let flow = await baseQuery + .clone() .findOne({ id: params.input.id, }) diff --git a/packages/backend/src/graphql/mutations/update-step.ts b/packages/backend/src/graphql/mutations/update-step.ts index 2b8f0022..5bc56eea 100644 --- a/packages/backend/src/graphql/mutations/update-step.ts +++ b/packages/backend/src/graphql/mutations/update-step.ts @@ -1,6 +1,7 @@ import { IJSONObject } from '@automatisch/types'; import App from '../../models/app'; import Step from '../../models/step'; +import Connection from '../../models/connection'; import Context from '../../types/express/context'; type Params = { @@ -23,12 +24,14 @@ const updateStep = async ( params: Params, context: Context ) => { - context.currentUser.can('update', 'Flow'); + const { isCreator } = context.currentUser.can('update', 'Flow'); + const userSteps = context.currentUser.$relatedQuery('steps'); + const allSteps = Step.query(); + const baseQuery = isCreator ? userSteps : allSteps; const { input } = params; - let step = await context.currentUser - .$relatedQuery('steps') + let step = await baseQuery .findOne({ 'steps.id': input.id, flow_id: input.flow.id, @@ -36,11 +39,24 @@ const updateStep = async ( .throwIfNotFound(); if (input.connection.id) { - const hasConnection = await context.currentUser - .$relatedQuery('connections') - .findById(input.connection?.id); + let canSeeAllConnections = false; + try { + const conditions = context.currentUser.can('read', 'Connection'); - if (!hasConnection) { + canSeeAllConnections = !conditions.isCreator; + } catch { + // void + } + + const userConnections = context.currentUser.$relatedQuery('connections'); + const allConnections = Connection.query(); + const baseConnectionsQuery = canSeeAllConnections ? allConnections : userConnections; + + const connection = await baseConnectionsQuery + .clone() + .findById(input.connection?.id) + + if (!connection) { throw new Error('The connection does not exist!'); } } diff --git a/packages/backend/src/helpers/compute-parameters.ts b/packages/backend/src/helpers/compute-parameters.ts index 7980682c..93ef9dd3 100644 --- a/packages/backend/src/helpers/compute-parameters.ts +++ b/packages/backend/src/helpers/compute-parameters.ts @@ -2,8 +2,7 @@ import Step from '../models/step'; import ExecutionStep from '../models/execution-step'; import get from 'lodash.get'; -// INFO: don't remove space in allowed character group! -const variableRegExp = /({{step\.[\da-zA-Z-]+(?:\.[\da-zA-Z-_ :]+)+}})/g; +const variableRegExp = /({{step\.[\da-zA-Z-]+(?:\.[^.}{]+)+}})/g; export default function computeParameters( parameters: Step['parameters'],