feat: implement e2e test for CompanyResolver (#944)

* feat: wip e2e server test

* feat: use github action postgres & use infra for local

* feat: company e2e test

* feat: add company e2e test for permissions

* Simplify server e2e test run

* Fix lint

---------

Co-authored-by: Charles Bochet <charles@twenty.com>

server/src/ability/handlers/company.ability-handler.ts

@@ -13,11 +13,15 @@ import { PrismaService } from 'src/database/prisma.service';
 import { AbilityAction } from 'src/ability/ability.action';
 import { AppAbility } from 'src/ability/ability.factory';
 import { CompanyWhereInput } from 'src/core/@generated/company/company-where.input';
-import { relationAbilityChecker } from 'src/ability/ability.util';
+import { CompanyWhereUniqueInput } from 'src/core/@generated/company/company-where-unique.input';
+import {
+  convertToWhereInput,
+  relationAbilityChecker,
+} from 'src/ability/ability.util';
 import { assert } from 'src/utils/assert';
 
 class CompanyArgs {
-  where?: CompanyWhereInput;
+  where?: CompanyWhereUniqueInput | CompanyWhereInput;
   [key: string]: any;
 }
 
@@ -29,9 +33,18 @@ export class ManageCompanyAbilityHandler implements IAbilityHandler {
 }
 
 @Injectable()
-export class ReadCompanyAbilityHandler implements IAbilityHandler {
-  handle(ability: AppAbility) {
-    return ability.can(AbilityAction.Read, 'Company');
+export class ReadOneCompanyAbilityHandler implements IAbilityHandler {
+  constructor(private readonly prismaService: PrismaService) {}
+
+  async handle(ability: AppAbility, context: ExecutionContext) {
+    const gqlContext = GqlExecutionContext.create(context);
+    const args = gqlContext.getArgs<CompanyArgs>();
+    const company = await this.prismaService.client.company.findFirst({
+      where: args.where,
+    });
+    assert(company, '', NotFoundException);
+
+    return ability.can(AbilityAction.Read, subject('Company', company));
   }
 }
 
@@ -65,10 +78,11 @@ export class UpdateCompanyAbilityHandler implements IAbilityHandler {
   async handle(ability: AppAbility, context: ExecutionContext) {
     const gqlContext = GqlExecutionContext.create(context);
     const args = gqlContext.getArgs<CompanyArgs>();
-    const company = await this.prismaService.client.company.findFirst({
-      where: args.where,
+    const where = convertToWhereInput(args.where);
+    const companies = await this.prismaService.client.company.findMany({
+      where,
     });
-    assert(company, '', NotFoundException);
+    assert(companies.length, '', NotFoundException);
 
     const allowed = await relationAbilityChecker(
       'Company',
@@ -81,7 +95,18 @@ export class UpdateCompanyAbilityHandler implements IAbilityHandler {
       return false;
     }
 
-    return ability.can(AbilityAction.Update, subject('Company', company));
+    for (const company of companies) {
+      const allowed = ability.can(
+        AbilityAction.Delete,
+        subject('Company', company),
+      );
+
+      if (!allowed) {
+        return false;
+      }
+    }
+
+    return true;
   }
 }
 
@@ -92,11 +117,23 @@ export class DeleteCompanyAbilityHandler implements IAbilityHandler {
   async handle(ability: AppAbility, context: ExecutionContext) {
     const gqlContext = GqlExecutionContext.create(context);
     const args = gqlContext.getArgs<CompanyArgs>();
-    const company = await this.prismaService.client.company.findFirst({
-      where: args.where,
+    const where = convertToWhereInput(args.where);
+    const companies = await this.prismaService.client.company.findMany({
+      where,
     });
-    assert(company, '', NotFoundException);
+    assert(companies.length, '', NotFoundException);
 
-    return ability.can(AbilityAction.Delete, subject('Company', company));
+    for (const company of companies) {
+      const allowed = ability.can(
+        AbilityAction.Delete,
+        subject('Company', company),
+      );
+
+      if (!allowed) {
+        return false;
+      }
+    }
+
+    return true;
   }
 }