04dd0e50bb
In this PR - Determine object record permissions on workflows objects (workflow, workflowVersion, workflowRun) base on settings permissions @Weiko - Add Workflow permission guards on workflow resolvers @thomtrp . **Any method within a resolver that has the SettingsPermission Guard is only callable by a apiKey or a user that has the permission** (so not by external parties). - Add checks bypass in workflow services since 1) for actions gated by settings permissions, the gate should be done at resolver level, so it will have been done before the call to the service 2) some service methods may be called by workflowTriggerController which is callable by external parties without permissions (ex: workflowCommonWorkspaceService.getWorkflowVersionOrFail). This is something we may want to change in the future (still to discuss), by removing the guard at resolver-level and relying on shouldBypassPermissionChecks at getRepository and made in a way that we only bypass for external parties. - Add checks bypass for actions performed by workflows since they should not be restricted in our current vision - Add tests
16 lines
221 B
TypeScript
16 lines
221 B
TypeScript
export const WORKFLOW_GQL_FIELDS = `
|
|
id
|
|
name
|
|
lastPublishedVersionId
|
|
statuses
|
|
position
|
|
createdBy {
|
|
source
|
|
workspaceMemberId
|
|
name
|
|
}
|
|
createdAt
|
|
updatedAt
|
|
deletedAt
|
|
`;
|