josh/automatisch
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #2422 from automatisch/aut-1515

Browse Source 
feat(migrations): introduce manage permissions instead of create, update, delete, publish
This commit is contained in:
Ali BARIN
2025-04-15 11:15:27 +02:00
committed by GitHub
parent 11bf8f38aa 01c7e0f4a9
commit 90acfb7a24
60 changed files with 581 additions and 556 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
packages/backend/src/controllers/api/v1/admin/roles/update-role.ee.test.js
View File

@@ -74,7 +74,7 @@ describe('PATCH /api/v1/admin/roles/:roleId', () => {
it('should return the updated role with sanitized permissions', async () => {
const validPermission = {
action: 'create',
action: 'manage',
subject: 'Connection',
conditions: ['isCreator'],
};

2
packages/backend/src/controllers/api/v1/apps/create-connection.test.js
View File

@@ -22,7 +22,7 @@ describe('POST /api/v1/apps/:appKey/connections', () => {
});
await createPermission({
action: 'create',
action: 'manage',
subject: 'Connection',
roleId: role.id,
});

9
packages/backend/src/controllers/api/v1/connections/delete-connection.test.js
View File

@@ -15,14 +15,7 @@ describe('DELETE /api/v1/connections/:connectionId', () => {
currentUserRole = await currentUser.$relatedQuery('role');
await createPermission({
action: 'delete',
subject: 'Connection',
roleId: currentUserRole.id,
conditions: ['isCreator'],
});
await createPermission({
action: 'update',
action: 'manage',
subject: 'Connection',
roleId: currentUserRole.id,
conditions: ['isCreator'],

2
packages/backend/src/controllers/api/v1/connections/generate-auth-url.test.js
View File

@@ -14,7 +14,7 @@ describe('POST /api/v1/connections/:connectionId/auth-url', () => {
currentUser = await createUser();
await createPermission({
action: 'create',
action: 'manage',
subject: 'Connection',
roleId: currentUser.roleId,
conditions: ['isCreator'],

8
packages/backend/src/controllers/api/v1/connections/reset-connection.test.js
View File

@@ -32,7 +32,7 @@ describe('POST /api/v1/connections/:connectionId/reset', () => {
});
await createPermission({
action: 'create',
action: 'manage',
subject: 'Connection',
roleId: currentUserRole.id,
conditions: ['isCreator'],
@@ -68,7 +68,7 @@ describe('POST /api/v1/connections/:connectionId/reset', () => {
});
await createPermission({
action: 'create',
action: 'manage',
subject: 'Connection',
roleId: currentUserRole.id,
conditions: [],
@@ -84,7 +84,7 @@ describe('POST /api/v1/connections/:connectionId/reset', () => {
const notExistingConnectionUUID = Crypto.randomUUID();
await createPermission({
action: 'create',
action: 'manage',
subject: 'Connection',
roleId: currentUserRole.id,
conditions: ['isCreator'],
@@ -98,7 +98,7 @@ describe('POST /api/v1/connections/:connectionId/reset', () => {
it('should return bad request response for invalid UUID', async () => {
await createPermission({
action: 'create',
action: 'manage',
subject: 'Connection',
roleId: currentUserRole.id,
conditions: ['isCreator'],

8
packages/backend/src/controllers/api/v1/connections/test-connection.test.js
View File

@@ -32,7 +32,7 @@ describe('POST /api/v1/connections/:connectionId/test', () => {
});
await createPermission({
action: 'update',
action: 'manage',
subject: 'Connection',
roleId: currentUserRole.id,
conditions: ['isCreator'],
@@ -63,7 +63,7 @@ describe('POST /api/v1/connections/:connectionId/test', () => {
});
await createPermission({
action: 'update',
action: 'manage',
subject: 'Connection',
roleId: currentUserRole.id,
conditions: [],
@@ -88,7 +88,7 @@ describe('POST /api/v1/connections/:connectionId/test', () => {
});
await createPermission({
action: 'update',
action: 'manage',
subject: 'Connection',
roleId: currentUserRole.id,
conditions: ['isCreator'],
@@ -109,7 +109,7 @@ describe('POST /api/v1/connections/:connectionId/test', () => {
});
await createPermission({
action: 'update',
action: 'manage',
subject: 'Connection',
roleId: currentUserRole.id,
conditions: ['isCreator'],

8
packages/backend/src/controllers/api/v1/connections/update-connection.test.js
View File

@@ -34,7 +34,7 @@ describe('PATCH /api/v1/connections/:connectionId', () => {
const currentUserConnection = await createConnection(connectionData);
await createPermission({
action: 'update',
action: 'manage',
subject: 'Connection',
roleId: currentUserRole.id,
conditions: ['isCreator'],
@@ -72,7 +72,7 @@ describe('PATCH /api/v1/connections/:connectionId', () => {
});
await createPermission({
action: 'update',
action: 'manage',
subject: 'Connection',
roleId: currentUserRole.id,
conditions: [],
@@ -88,7 +88,7 @@ describe('PATCH /api/v1/connections/:connectionId', () => {
const notExistingConnectionUUID = Crypto.randomUUID();
await createPermission({
action: 'update',
action: 'manage',
subject: 'Connection',
roleId: currentUserRole.id,
conditions: ['isCreator'],
@@ -102,7 +102,7 @@ describe('PATCH /api/v1/connections/:connectionId', () => {
it('should return bad request response for invalid UUID', async () => {
await createPermission({
action: 'update',
action: 'manage',
subject: 'Connection',
roleId: currentUserRole.id,
conditions: ['isCreator'],

6
packages/backend/src/controllers/api/v1/connections/verify-connection.test.js
View File

@@ -26,7 +26,7 @@ describe('POST /api/v1/connections/:connectionId/verify', () => {
});
await createPermission({
action: 'create',
action: 'manage',
subject: 'Connection',
roleId: currentUserRole.id,
conditions: ['isCreator'],
@@ -54,7 +54,7 @@ describe('POST /api/v1/connections/:connectionId/verify', () => {
const notExistingConnectionUUID = Crypto.randomUUID();
await createPermission({
action: 'create',
action: 'manage',
subject: 'Connection',
roleId: currentUserRole.id,
conditions: ['isCreator'],
@@ -68,7 +68,7 @@ describe('POST /api/v1/connections/:connectionId/verify', () => {
it('should return bad request response for invalid UUID', async () => {
await createPermission({
action: 'create',
action: 'manage',
subject: 'Connection',
roleId: currentUserRole.id,
conditions: ['isCreator'],

4
packages/backend/src/controllers/api/v1/flows/create-flow.test.js
View File

@@ -20,7 +20,7 @@ describe('POST /api/v1/flows', () => {
it('should create an empty flow when no templateId is provided', async () => {
await createPermission({
action: 'create',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: ['isCreator'],
@@ -42,7 +42,7 @@ describe('POST /api/v1/flows', () => {
it('should create a flow from template when templateId is provided', async () => {
await createPermission({
action: 'create',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: ['isCreator'],

10
packages/backend/src/controllers/api/v1/flows/create-step.test.js
View File

@@ -36,7 +36,7 @@ describe('POST /api/v1/flows/:flowId/steps', () => {
await createPermission({
roleId: currentUser.roleId,
subject: 'Flow',
action: 'update',
action: 'manage',
conditions: ['isCreator'],
});
@@ -78,7 +78,7 @@ describe('POST /api/v1/flows/:flowId/steps', () => {
await createPermission({
roleId: currentUser.roleId,
subject: 'Flow',
action: 'update',
action: 'manage',
conditions: [],
});
@@ -109,7 +109,7 @@ describe('POST /api/v1/flows/:flowId/steps', () => {
await createPermission({
roleId: currentUser.roleId,
subject: 'Flow',
action: 'update',
action: 'manage',
conditions: ['isCreator'],
});
@@ -133,7 +133,7 @@ describe('POST /api/v1/flows/:flowId/steps', () => {
await createPermission({
roleId: currentUser.roleId,
subject: 'Flow',
action: 'update',
action: 'manage',
conditions: ['isCreator'],
});
@@ -159,7 +159,7 @@ describe('POST /api/v1/flows/:flowId/steps', () => {
await createPermission({
roleId: currentUser.roleId,
subject: 'Flow',
action: 'update',
action: 'manage',
conditions: ['isCreator'],
});

8
packages/backend/src/controllers/api/v1/flows/delete-flow.test.js
View File

@@ -28,7 +28,7 @@ describe('DELETE /api/v1/flows/:flowId', () => {
});
await createPermission({
action: 'delete',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: ['isCreator'],
@@ -52,7 +52,7 @@ describe('DELETE /api/v1/flows/:flowId', () => {
});
await createPermission({
action: 'delete',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: [],
@@ -73,7 +73,7 @@ describe('DELETE /api/v1/flows/:flowId', () => {
});
await createPermission({
action: 'delete',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: ['isCreator'],
@@ -96,7 +96,7 @@ describe('DELETE /api/v1/flows/:flowId', () => {
});
await createPermission({
action: 'delete',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: ['isCreator'],

10
packages/backend/src/controllers/api/v1/flows/duplicate-flow.test.js
View File

@@ -48,7 +48,7 @@ describe('POST /api/v1/flows/:flowId/duplicate', () => {
});
await createPermission({
action: 'create',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: ['isCreator'],
@@ -106,7 +106,7 @@ describe('POST /api/v1/flows/:flowId/duplicate', () => {
});
await createPermission({
action: 'create',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: [],
@@ -143,7 +143,7 @@ describe('POST /api/v1/flows/:flowId/duplicate', () => {
});
await createPermission({
action: 'create',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: ['isCreator'],
@@ -169,7 +169,7 @@ describe('POST /api/v1/flows/:flowId/duplicate', () => {
});
await createPermission({
action: 'create',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: ['isCreator'],
@@ -190,7 +190,7 @@ describe('POST /api/v1/flows/:flowId/duplicate', () => {
});
await createPermission({
action: 'create',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: ['isCreator'],

10
packages/backend/src/controllers/api/v1/flows/export-flow.test.js
View File

@@ -56,7 +56,7 @@ describe('POST /api/v1/flows/:flowId/export', () => {
});
await createPermission({
action: 'update',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: ['isCreator'],
@@ -113,7 +113,7 @@ describe('POST /api/v1/flows/:flowId/export', () => {
});
await createPermission({
action: 'update',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: [],
@@ -141,7 +141,7 @@ describe('POST /api/v1/flows/:flowId/export', () => {
});
await createPermission({
action: 'update',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: ['isCreator'],
@@ -167,7 +167,7 @@ describe('POST /api/v1/flows/:flowId/export', () => {
});
await createPermission({
action: 'update',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: ['isCreator'],
@@ -188,7 +188,7 @@ describe('POST /api/v1/flows/:flowId/export', () => {
});
await createPermission({
action: 'update',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: ['isCreator'],

10
packages/backend/src/controllers/api/v1/flows/import-flow.test.js
View File

@@ -48,7 +48,7 @@ describe('POST /api/v1/flows/import', () => {
});
await createPermission({
action: 'create',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: ['isCreator'],
@@ -124,7 +124,7 @@ describe('POST /api/v1/flows/import', () => {
});
await createPermission({
action: 'create',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: ['isCreator'],
@@ -206,7 +206,7 @@ describe('POST /api/v1/flows/import', () => {
});
await createPermission({
action: 'create',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: ['isCreator'],
@@ -279,7 +279,7 @@ describe('POST /api/v1/flows/import', () => {
});
await createPermission({
action: 'create',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: ['isCreator'],
@@ -330,7 +330,7 @@ describe('POST /api/v1/flows/import', () => {
const currentUserFlow = await createFlow({ userId: currentUser.id });
await createPermission({
action: 'create',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: ['isCreator'],

14
packages/backend/src/controllers/api/v1/flows/update-flow-folder.test.js
View File

@@ -45,7 +45,7 @@ describe('PATCH /api/v1/flows/:flowId/folder', () => {
});
await createPermission({
action: 'update',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: ['isCreator'],
@@ -77,7 +77,7 @@ describe('PATCH /api/v1/flows/:flowId/folder', () => {
const anotherUserFlow = await createFlow({ userId: anotherUser.id });
await createPermission({
action: 'update',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: [],
@@ -96,7 +96,7 @@ describe('PATCH /api/v1/flows/:flowId/folder', () => {
const anotherUserFolder = await createFolder({ userId: anotherUser.id });
await createPermission({
action: 'update',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: [],
@@ -111,7 +111,7 @@ describe('PATCH /api/v1/flows/:flowId/folder', () => {
it('should return not found response for not existing flow UUID', async () => {
await createPermission({
action: 'update',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: ['isCreator'],
@@ -130,7 +130,7 @@ describe('PATCH /api/v1/flows/:flowId/folder', () => {
const flow = await createFlow({ userId: currentUser.id });
await createPermission({
action: 'update',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: ['isCreator'],
@@ -147,7 +147,7 @@ describe('PATCH /api/v1/flows/:flowId/folder', () => {
it('should return bad request response for invalid flow UUID', async () => {
await createPermission({
action: 'update',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
});
@@ -160,7 +160,7 @@ describe('PATCH /api/v1/flows/:flowId/folder', () => {
it('should return bad request response for invalid folder UUID', async () => {
await createPermission({
action: 'update',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
});

10
packages/backend/src/controllers/api/v1/flows/update-flow-status.test.js
View File

@@ -51,7 +51,7 @@ describe('PATCH /api/v1/flows/:flowId/status', () => {
});
await createPermission({
action: 'publish',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: ['isCreator'],
@@ -114,7 +114,7 @@ describe('PATCH /api/v1/flows/:flowId/status', () => {
});
await createPermission({
action: 'publish',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: [],
@@ -152,7 +152,7 @@ describe('PATCH /api/v1/flows/:flowId/status', () => {
});
await createPermission({
action: 'publish',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: ['isCreator'],
@@ -178,7 +178,7 @@ describe('PATCH /api/v1/flows/:flowId/status', () => {
});
await createPermission({
action: 'publish',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: ['isCreator'],
@@ -199,7 +199,7 @@ describe('PATCH /api/v1/flows/:flowId/status', () => {
});
await createPermission({
action: 'publish',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: ['isCreator'],

10
packages/backend/src/controllers/api/v1/flows/update-flow.test.js
View File

@@ -29,7 +29,7 @@ describe('PATCH /api/v1/flows/:flowId', () => {
});
await createPermission({
action: 'update',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: ['isCreator'],
@@ -65,7 +65,7 @@ describe('PATCH /api/v1/flows/:flowId', () => {
});
await createPermission({
action: 'update',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: [],
@@ -98,7 +98,7 @@ describe('PATCH /api/v1/flows/:flowId', () => {
});
await createPermission({
action: 'update',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: ['isCreator'],
@@ -121,7 +121,7 @@ describe('PATCH /api/v1/flows/:flowId', () => {
});
await createPermission({
action: 'update',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: ['isCreator'],
@@ -144,7 +144,7 @@ describe('PATCH /api/v1/flows/:flowId', () => {
});
await createPermission({
action: 'update',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: ['isCreator'],

2
packages/backend/src/controllers/api/v1/folders/create-folder.test.js
View File

@@ -18,7 +18,7 @@ describe('POST /api/v1/folders', () => {
it('should return created flow', async () => {
await createPermission({
action: 'create',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: ['isCreator'],

6
packages/backend/src/controllers/api/v1/folders/delete-folder.test.js
View File

@@ -21,7 +21,7 @@ describe('DELETE /api/v1/folders/:folderId', () => {
const currentUserFolder = await createFolder({ userId: currentUser.id });
await createPermission({
action: 'create',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
});
@@ -34,7 +34,7 @@ describe('DELETE /api/v1/folders/:folderId', () => {
it('should return not found response for not existing folder UUID', async () => {
await createPermission({
action: 'create',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
});
@@ -49,7 +49,7 @@ describe('DELETE /api/v1/folders/:folderId', () => {
it('should return bad request response for invalid UUID', async () => {
await createPermission({
action: 'create',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
});

8
packages/backend/src/controllers/api/v1/folders/update-folder.test.js
View File

@@ -22,7 +22,7 @@ describe('PATCH /api/v1/folders/:folderId', () => {
const currentUserFolder = await createFolder({ userId: currentUser.id });
await createPermission({
action: 'create',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
});
@@ -47,7 +47,7 @@ describe('PATCH /api/v1/folders/:folderId', () => {
it('should return not found response for not existing folder UUID', async () => {
await createPermission({
action: 'create',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
});
@@ -62,7 +62,7 @@ describe('PATCH /api/v1/folders/:folderId', () => {
it('should return bad request response for invalid UUID', async () => {
await createPermission({
action: 'create',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
});
@@ -77,7 +77,7 @@ describe('PATCH /api/v1/folders/:folderId', () => {
const currentUserFolder = await createFolder({ userId: currentUser.id });
await createPermission({
action: 'create',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
});

12
packages/backend/src/controllers/api/v1/steps/create-dynamic-data.test.js
View File

@@ -63,7 +63,7 @@ describe('POST /api/v1/steps/:stepId/dynamic-data', () => {
});
await createPermission({
action: 'update',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: ['isCreator'],
@@ -102,7 +102,7 @@ describe('POST /api/v1/steps/:stepId/dynamic-data', () => {
});
await createPermission({
action: 'update',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: [],
@@ -156,7 +156,7 @@ describe('POST /api/v1/steps/:stepId/dynamic-data', () => {
});
await createPermission({
action: 'update',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: ['isCreator'],
@@ -177,7 +177,7 @@ describe('POST /api/v1/steps/:stepId/dynamic-data', () => {
it('should return not found response for not existing step UUID', async () => {
await createPermission({
action: 'update',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: [],
@@ -200,7 +200,7 @@ describe('POST /api/v1/steps/:stepId/dynamic-data', () => {
it('should return not found response for existing step UUID without app key', async () => {
await createPermission({
action: 'update',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: [],
@@ -223,7 +223,7 @@ describe('POST /api/v1/steps/:stepId/dynamic-data', () => {
it('should return bad request response for invalid UUID', async () => {
await createPermission({
action: 'update',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: [],

10
packages/backend/src/controllers/api/v1/steps/create-dynamic-fields.test.js
View File

@@ -37,7 +37,7 @@ describe('POST /api/v1/steps/:stepId/dynamic-fields', () => {
});
await createPermission({
action: 'update',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: ['isCreator'],
@@ -78,7 +78,7 @@ describe('POST /api/v1/steps/:stepId/dynamic-fields', () => {
});
await createPermission({
action: 'update',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: [],
@@ -102,7 +102,7 @@ describe('POST /api/v1/steps/:stepId/dynamic-fields', () => {
it('should return not found response for not existing step UUID', async () => {
await createPermission({
action: 'update',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: [],
@@ -125,7 +125,7 @@ describe('POST /api/v1/steps/:stepId/dynamic-fields', () => {
it('should return not found response for existing step UUID without app key', async () => {
await createPermission({
action: 'update',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: [],
@@ -149,7 +149,7 @@ describe('POST /api/v1/steps/:stepId/dynamic-fields', () => {
it('should return bad request response for invalid UUID', async () => {
await createPermission({
action: 'update',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: [],

8
packages/backend/src/controllers/api/v1/steps/delete-step.test.js
View File

@@ -41,7 +41,7 @@ describe('DELETE /api/v1/steps/:stepId', () => {
});
await createPermission({
action: 'update',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: ['isCreator'],
@@ -76,7 +76,7 @@ describe('DELETE /api/v1/steps/:stepId', () => {
});
await createPermission({
action: 'update',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: [],
@@ -90,7 +90,7 @@ describe('DELETE /api/v1/steps/:stepId', () => {
it('should return not found response for not existing step UUID', async () => {
await createPermission({
action: 'update',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: [],
@@ -113,7 +113,7 @@ describe('DELETE /api/v1/steps/:stepId', () => {
it('should return bad request response for invalid step UUID', async () => {
await createPermission({
action: 'update',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: [],

8
packages/backend/src/controllers/api/v1/steps/get-previous-steps.test.js
View File

@@ -54,7 +54,7 @@ describe('GET /api/v1/steps/:stepId/previous-steps', () => {
});
await createPermission({
action: 'update',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: ['isCreator'],
@@ -108,7 +108,7 @@ describe('GET /api/v1/steps/:stepId/previous-steps', () => {
});
await createPermission({
action: 'update',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: [],
@@ -129,7 +129,7 @@ describe('GET /api/v1/steps/:stepId/previous-steps', () => {
it('should return not found response for not existing step UUID', async () => {
await createPermission({
action: 'update',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: [],
@@ -152,7 +152,7 @@ describe('GET /api/v1/steps/:stepId/previous-steps', () => {
it('should return bad request response for invalid UUID', async () => {
await createPermission({
action: 'update',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: [],

8
packages/backend/src/controllers/api/v1/steps/test-step.test.js
View File

@@ -69,7 +69,7 @@ describe('POST /api/v1/steps/:stepId/test', () => {
});
await createPermission({
action: 'update',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: ['isCreator'],
@@ -140,7 +140,7 @@ describe('POST /api/v1/steps/:stepId/test', () => {
});
await createPermission({
action: 'update',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: [],
@@ -165,7 +165,7 @@ describe('POST /api/v1/steps/:stepId/test', () => {
it('should return not found response for not existing step UUID', async () => {
await createPermission({
action: 'update',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: [],
@@ -188,7 +188,7 @@ describe('POST /api/v1/steps/:stepId/test', () => {
it('should return bad request response for invalid step UUID', async () => {
await createPermission({
action: 'update',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: [],

10
packages/backend/src/controllers/api/v1/steps/update-step.test.js
View File

@@ -46,7 +46,7 @@ describe('PATCH /api/v1/steps/:stepId', () => {
});
await createPermission({
action: 'update',
action: 'manage',
subject: 'Flow',
roleId: currentUser.roleId,
conditions: ['isCreator'],
@@ -96,7 +96,7 @@ describe('PATCH /api/v1/steps/:stepId', () => {
});
await createPermission({
action: 'update',
action: 'manage',
subject: 'Flow',
roleId: currentUser.roleId,
conditions: [],
@@ -145,7 +145,7 @@ describe('PATCH /api/v1/steps/:stepId', () => {
});
await createPermission({
action: 'update',
action: 'manage',
subject: 'Flow',
roleId: currentUser.roleId,
conditions: ['isCreator'],
@@ -169,7 +169,7 @@ describe('PATCH /api/v1/steps/:stepId', () => {
it('should return not found response for not existing step UUID', async () => {
await createPermission({
action: 'update',
action: 'manage',
subject: 'Flow',
roleId: currentUser.roleId,
conditions: [],
@@ -192,7 +192,7 @@ describe('PATCH /api/v1/steps/:stepId', () => {
it('should return bad request response for invalid step UUID', async () => {
await createPermission({
action: 'update',
action: 'manage',
subject: 'Flow',
roleId: currentUser.roleId,
conditions: [],

4
packages/backend/src/controllers/api/v1/templates/get-templates.ee.test.js
View File

@@ -24,7 +24,7 @@ describe('GET /api/v1/templates', () => {
it('should return templates when templates are enabled and user has create flow permission', async () => {
await createPermission({
action: 'create',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: [],
@@ -45,7 +45,7 @@ describe('GET /api/v1/templates', () => {
it('should return 403 when templates are disabled', async () => {
await createPermission({
action: 'create',
action: 'manage',
subject: 'Flow',
roleId: currentUserRole.id,
conditions: [],

110
packages/backend/src/db/migrations/20250331115016_simplify_role_permissions.js Normal file
View File

@@ -0,0 +1,110 @@
export async function up(knex) {
const roles = await knex('roles').select('id', 'name');
// Define the required actions for each subject
const subjectActionMap = {
Connection: ['create', 'delete', 'update'],
Flow: ['create', 'delete', 'publish', 'update'],
User: ['create', 'delete', 'update'],
Role: ['create', 'delete', 'update'],
SamlAuthProvider: ['create', 'delete', 'update'],
Config: ['update'],
App: ['create', 'delete', 'update'],
};
for (const role of roles) {
for (const [subject, actions] of Object.entries(subjectActionMap)) {
const rolePermissions = await knex('permissions')
.where({ role_id: role.id, subject })
.whereIn('action', actions)
.select('id', 'action', 'conditions');
const actionCounts = rolePermissions.reduce((counts, perm) => {
counts[perm.action] = (counts[perm.action] || 0) + 1;
return counts;
}, {});
let allActionsExist = true;
for (const action of actions) {
if (actionCounts[action] !== 1) {
allActionsExist = false;
break;
}
}
// Determine if any of the permissions has the 'isCreator' condition
const hasIsCreatorCondition = rolePermissions.some(
(perm) => perm.conditions && perm.conditions.includes('isCreator')
);
// Delete the existing permissions for the required actions
await knex('permissions')
.where({ role_id: role.id, subject })
.whereIn('action', actions)
.del();
// If all required actions exist, insert a new permission with the 'manage' action
if (allActionsExist) {
await knex('permissions').insert({
role_id: role.id,
subject,
action: 'manage',
conditions: JSON.stringify(
hasIsCreatorCondition ? ['isCreator'] : []
),
});
}
}
}
return;
}
export async function down(knex) {
const roles = await knex('roles').select('id', 'name');
// Define the required actions for each subject
const subjectActionMap = {
Connection: ['create', 'delete', 'update'],
Flow: ['create', 'delete', 'publish', 'update'],
User: ['create', 'delete', 'update'],
Role: ['create', 'delete', 'update'],
SamlAuthProvider: ['create', 'delete', 'update'],
Config: ['update'],
App: ['create', 'delete', 'update'],
};
for (const role of roles) {
for (const [subject, actions] of Object.entries(subjectActionMap)) {
// Find the 'manage' permission for the subject
const managePermission = await knex('permissions')
.where({ role_id: role.id, subject, action: 'manage' })
.first();
if (managePermission) {
// Determine if the 'manage' permission has the 'isCreator' condition
const hasIsCreatorCondition =
managePermission.conditions.includes('isCreator');
// Delete the 'manage' permission
await knex('permissions')
.where({ role_id: role.id, subject, action: 'manage' })
.del();
// Restore the original permissions for the subject
const restoredPermissions = actions.map((action) => ({
role_id: role.id,
subject,
action,
conditions: JSON.stringify(
hasIsCreatorCondition ? ['isCreator'] : []
),
}));
await knex('permissions').insert(restoredPermissions);
}
}
}
return;
}

52
packages/backend/src/helpers/authorization.js
View File

@@ -22,19 +22,19 @@ const authorizationList = {
subject: 'Flow',
},
'POST /api/v1/flows/': {
action: 'create',
action: 'manage',
subject: 'Flow',
},
'PATCH /api/v1/flows/:flowId': {
action: 'update',
action: 'manage',
subject: 'Flow',
},
'DELETE /api/v1/flows/:flowId': {
action: 'delete',
action: 'manage',
subject: 'Flow',
},
'GET /api/v1/templates/': {
action: 'create',
action: 'manage',
subject: 'Flow',
},
'GET /api/v1/steps/:stepId/connection': {
@@ -42,23 +42,23 @@ const authorizationList = {
subject: 'Flow',
},
'PATCH /api/v1/steps/:stepId': {
action: 'update',
action: 'manage',
subject: 'Flow',
},
'POST /api/v1/steps/:stepId/test': {
action: 'update',
action: 'manage',
subject: 'Flow',
},
'GET /api/v1/steps/:stepId/previous-steps': {
action: 'update',
action: 'manage',
subject: 'Flow',
},
'POST /api/v1/steps/:stepId/dynamic-fields': {
action: 'update',
action: 'manage',
subject: 'Flow',
},
'POST /api/v1/steps/:stepId/dynamic-data': {
action: 'update',
action: 'manage',
subject: 'Flow',
},
'GET /api/v1/connections/:connectionId/flows': {
@@ -66,11 +66,11 @@ const authorizationList = {
subject: 'Flow',
},
'POST /api/v1/connections/:connectionId/test': {
action: 'update',
action: 'manage',
subject: 'Connection',
},
'POST /api/v1/connections/:connectionId/verify': {
action: 'create',
action: 'manage',
subject: 'Connection',
},
'GET /api/v1/apps/:appKey/flows': {
@@ -94,59 +94,59 @@ const authorizationList = {
subject: 'Execution',
},
'DELETE /api/v1/steps/:stepId': {
action: 'update',
action: 'manage',
subject: 'Flow',
},
'PATCH /api/v1/connections/:connectionId': {
action: 'update',
action: 'manage',
subject: 'Connection',
},
'DELETE /api/v1/connections/:connectionId': {
action: 'delete',
action: 'manage',
subject: 'Connection',
},
'POST /api/v1/connections/:connectionId/reset': {
action: 'create',
action: 'manage',
subject: 'Connection',
},
'PATCH /api/v1/flows/:flowId/status': {
action: 'publish',
action: 'manage',
subject: 'Flow',
},
'POST /api/v1/flows/:flowId/duplicate': {
action: 'create',
action: 'manage',
subject: 'Flow',
},
'POST /api/v1/flows/:flowId/export': {
action: 'update',
action: 'manage',
subject: 'Flow',
},
'POST /api/v1/flows/import': {
action: 'create',
action: 'manage',
subject: 'Flow',
},
'POST /api/v1/flows/:flowId/steps': {
action: 'update',
action: 'manage',
subject: 'Flow',
},
'POST /api/v1/apps/:appKey/connections': {
action: 'create',
action: 'manage',
subject: 'Connection',
},
'POST /api/v1/connections/:connectionId/auth-url': {
action: 'create',
action: 'manage',
subject: 'Connection',
},
'POST /api/v1/folders/': {
action: 'create',
action: 'manage',
subject: 'Flow',
},
'PATCH /api/v1/folders/:folderId': {
action: 'create',
action: 'manage',
subject: 'Flow',
},
'DELETE /api/v1/folders/:folderId': {
action: 'create',
action: 'manage',
subject: 'Flow',
},
'GET /api/v1/folders/': {
@@ -154,7 +154,7 @@ const authorizationList = {
subject: 'Flow',
},
'PATCH /api/v1/flows/:flowId/folder': {
action: 'update',
action: 'manage',
subject: 'Flow',
},
'GET /api/v1/flows/:flowId/folder': {

48
packages/backend/src/helpers/permission-catalog.ee.js
View File

@@ -17,56 +17,22 @@ const permissionCatalog = {
conditions: [
{
key: 'isCreator',
label: 'Is creator'
}
label: 'Is creator',
},
],
actions: [
{
label: 'Create',
key: 'create',
subjects: [
Connection.key,
Flow.key,
]
},
{
label: 'Read',
key: 'read',
subjects: [
Connection.key,
Execution.key,
Flow.key,
]
subjects: [Connection.key, Execution.key, Flow.key],
},
{
label: 'Update',
key: 'update',
subjects: [
Connection.key,
Flow.key,
]
label: 'Manage',
key: 'manage',
subjects: [Connection.key, Flow.key],
},
{
label: 'Delete',
key: 'delete',
subjects: [
Connection.key,
Flow.key,
]
},
{
label: 'Publish',
key: 'publish',
subjects: [
Flow.key,
]
}
],
subjects: [
Connection,
Flow,
Execution
]
subjects: [Connection, Flow, Execution],
};
export default permissionCatalog;

20
packages/backend/src/models/permission.test.js
View File

@@ -14,10 +14,10 @@ describe('Permission model', () => {
it('filter should return only valid permissions based on permission catalog', () => {
const permissions = [
{ action: 'read', subject: 'Flow', conditions: ['isCreator'] },
{ action: 'delete', subject: 'Connection', conditions: [] },
{ action: 'publish', subject: 'Flow', conditions: ['isCreator'] },
{ action: 'update', subject: 'Execution', conditions: [] }, // Invalid subject
{ action: 'read', subject: 'Execution', conditions: ['invalid'] }, // Invalid condition
{ action: 'manage', subject: 'Connection', conditions: [] },
{ action: 'manage', subject: 'Flow', conditions: ['isCreator'] },
{ action: 'manage', subject: 'Execution', conditions: [] }, // Invalid subject
{ action: 'manage', subject: 'Execution', conditions: ['invalid'] }, // Invalid condition
{ action: 'invalid', subject: 'Execution', conditions: [] }, // Invalid action
];
@@ -25,15 +25,15 @@ describe('Permission model', () => {
expect(result).toStrictEqual([
{ action: 'read', subject: 'Flow', conditions: ['isCreator'] },
{ action: 'delete', subject: 'Connection', conditions: [] },
{ action: 'publish', subject: 'Flow', conditions: ['isCreator'] },
{ action: 'manage', subject: 'Connection', conditions: [] },
{ action: 'manage', subject: 'Flow', conditions: ['isCreator'] },
]);
});
describe('findAction', () => {
it('should return action from permission catalog', () => {
const action = Permission.findAction('create');
expect(action.key).toStrictEqual('create');
const action = Permission.findAction('manage');
expect(action.key).toStrictEqual('manage');
});
it('should return undefined for invalid actions', () => {
@@ -45,7 +45,7 @@ describe('Permission model', () => {
describe('isSubjectValid', () => {
it('should return true for valid subjects', () => {
const validAction = permissionCatalog.actions.find(
(action) => action.key === 'create'
(action) => action.key === 'manage'
);
const validSubject = Permission.isSubjectValid('Connection', validAction);
@@ -54,7 +54,7 @@ describe('Permission model', () => {
it('should return false for invalid subjects', () => {
const validAction = permissionCatalog.actions.find(
(action) => action.key === 'create'
(action) => action.key === 'manage'
);
const invalidSubject = Permission.isSubjectValid(

2
packages/backend/src/models/role.test.js
View File

@@ -166,7 +166,7 @@ describe('Role model', () => {
description: 'Updated description',
permissions: [
{
action: 'update',
action: 'manage',
subject: 'Flow',
conditions: [],
},