feat: implement e2e test for CompanyResolver (#944)

* feat: wip e2e server test

* feat: use github action postgres & use infra for local

* feat: company e2e test

* feat: add company e2e test for permissions

* Simplify server e2e test run

* Fix lint

---------

Co-authored-by: Charles Bochet <charles@twenty.com>

server/src/ability/ability.module.ts

@@ -26,7 +26,7 @@ import {
 } from './handlers/workspace-member.ability-handler';
 import {
   ManageCompanyAbilityHandler,
-  ReadCompanyAbilityHandler,
+  ReadOneCompanyAbilityHandler,
   CreateCompanyAbilityHandler,
   UpdateCompanyAbilityHandler,
   DeleteCompanyAbilityHandler,
@@ -124,7 +124,7 @@ import {
     DeleteWorkspaceMemberAbilityHandler,
     // Company
     ManageCompanyAbilityHandler,
-    ReadCompanyAbilityHandler,
+    ReadOneCompanyAbilityHandler,
     CreateCompanyAbilityHandler,
     UpdateCompanyAbilityHandler,
     DeleteCompanyAbilityHandler,
@@ -208,7 +208,7 @@ import {
     DeleteWorkspaceMemberAbilityHandler,
     // Company
     ManageCompanyAbilityHandler,
-    ReadCompanyAbilityHandler,
+    ReadOneCompanyAbilityHandler,
     CreateCompanyAbilityHandler,
     UpdateCompanyAbilityHandler,
     DeleteCompanyAbilityHandler,

server/src/ability/ability.util.ts

@@ -205,3 +205,42 @@ export async function relationAbilityChecker(
 
   return true;
 }
+
+const isWhereInput = (input: any): boolean => {
+  return Object.values(input).some((value) => typeof value === 'object');
+};
+
+type ExcludeUnique<T> = T extends infer U
+  ? 'AND' extends keyof U
+    ? U
+    : never
+  : never;
+
+/**
+ * Convert a where unique input to a where input prisma
+ * @param args Can be a where unique input or a where input
+ * @returns whare input
+ */
+export const convertToWhereInput = <T>(
+  where: T | undefined,
+): ExcludeUnique<T> | undefined => {
+  const input = where as any;
+
+  if (!input) {
+    return input;
+  }
+
+  // If it's already a WhereInput, return it directly
+  if (isWhereInput(input)) {
+    return input;
+  }
+
+  // If not convert it to a WhereInput
+  const whereInput = {};
+
+  for (const key in input) {
+    whereInput[key] = { equals: input[key] };
+  }
+
+  return whereInput as ExcludeUnique<T>;
+};

server/src/ability/handlers/company.ability-handler.ts

@@ -13,11 +13,15 @@ import { PrismaService } from 'src/database/prisma.service';
 import { AbilityAction } from 'src/ability/ability.action';
 import { AppAbility } from 'src/ability/ability.factory';
 import { CompanyWhereInput } from 'src/core/@generated/company/company-where.input';
-import { relationAbilityChecker } from 'src/ability/ability.util';
+import { CompanyWhereUniqueInput } from 'src/core/@generated/company/company-where-unique.input';
+import {
+  convertToWhereInput,
+  relationAbilityChecker,
+} from 'src/ability/ability.util';
 import { assert } from 'src/utils/assert';
 
 class CompanyArgs {
-  where?: CompanyWhereInput;
+  where?: CompanyWhereUniqueInput | CompanyWhereInput;
   [key: string]: any;
 }
 
@@ -29,9 +33,18 @@ export class ManageCompanyAbilityHandler implements IAbilityHandler {
 }
 
 @Injectable()
-export class ReadCompanyAbilityHandler implements IAbilityHandler {
-  handle(ability: AppAbility) {
-    return ability.can(AbilityAction.Read, 'Company');
+export class ReadOneCompanyAbilityHandler implements IAbilityHandler {
+  constructor(private readonly prismaService: PrismaService) {}
+
+  async handle(ability: AppAbility, context: ExecutionContext) {
+    const gqlContext = GqlExecutionContext.create(context);
+    const args = gqlContext.getArgs<CompanyArgs>();
+    const company = await this.prismaService.client.company.findFirst({
+      where: args.where,
+    });
+    assert(company, '', NotFoundException);
+
+    return ability.can(AbilityAction.Read, subject('Company', company));
   }
 }
 
@@ -65,10 +78,11 @@ export class UpdateCompanyAbilityHandler implements IAbilityHandler {
   async handle(ability: AppAbility, context: ExecutionContext) {
     const gqlContext = GqlExecutionContext.create(context);
     const args = gqlContext.getArgs<CompanyArgs>();
-    const company = await this.prismaService.client.company.findFirst({
-      where: args.where,
+    const where = convertToWhereInput(args.where);
+    const companies = await this.prismaService.client.company.findMany({
+      where,
     });
-    assert(company, '', NotFoundException);
+    assert(companies.length, '', NotFoundException);
 
     const allowed = await relationAbilityChecker(
       'Company',
@@ -81,7 +95,18 @@ export class UpdateCompanyAbilityHandler implements IAbilityHandler {
       return false;
     }
 
-    return ability.can(AbilityAction.Update, subject('Company', company));
+    for (const company of companies) {
+      const allowed = ability.can(
+        AbilityAction.Delete,
+        subject('Company', company),
+      );
+
+      if (!allowed) {
+        return false;
+      }
+    }
+
+    return true;
   }
 }
 
@@ -92,11 +117,23 @@ export class DeleteCompanyAbilityHandler implements IAbilityHandler {
   async handle(ability: AppAbility, context: ExecutionContext) {
     const gqlContext = GqlExecutionContext.create(context);
     const args = gqlContext.getArgs<CompanyArgs>();
-    const company = await this.prismaService.client.company.findFirst({
-      where: args.where,
+    const where = convertToWhereInput(args.where);
+    const companies = await this.prismaService.client.company.findMany({
+      where,
     });
-    assert(company, '', NotFoundException);
+    assert(companies.length, '', NotFoundException);
 
-    return ability.can(AbilityAction.Delete, subject('Company', company));
+    for (const company of companies) {
+      const allowed = ability.can(
+        AbilityAction.Delete,
+        subject('Company', company),
+      );
+
+      if (!allowed) {
+        return false;
+      }
+    }
+
+    return true;
   }
 }