From 9a5021869f6aa7227542c13f14e8feecf1ffd22c Mon Sep 17 00:00:00 2001 From: Md Asif Raza Date: Wed, 8 Oct 2025 15:14:31 +0530 Subject: [PATCH] feat: add permission check to get a testflow --- .../controllers/testflow.controller.ts | 19 +++++++----- .../workspace/services/testflow.service.ts | 29 +++++-------------- 2 files changed, 18 insertions(+), 30 deletions(-) diff --git a/src/modules/workspace/controllers/testflow.controller.ts b/src/modules/workspace/controllers/testflow.controller.ts index a79f8a896..5f4c75aa0 100644 --- a/src/modules/workspace/controllers/testflow.controller.ts +++ b/src/modules/workspace/controllers/testflow.controller.ts @@ -109,7 +109,7 @@ export class TestflowController { * @description This will retrieve a specific Testflow using its ID, * returning the Testflow object if found. */ - @Get("testflow/:testflowId") + @Get(":workspaceId/testflow/:testflowId") @ApiOperation({ summary: "Get Individual Testflow", description: "This will get individual testflow of a workspace", @@ -121,10 +121,13 @@ export class TestflowController { }) @ApiResponse({ status: 400, description: "Fetch Testflow Request Failed" }) async getTestflow( + @Param("workspaceId") workspaceId: string, @Param("testflowId") testflowId: string, @Res() res: FastifyReply, + @Req() request: ExtendedFastifyRequest, ) { - const testflow = await this.testflowService.getTestflow(testflowId); + const user = request.user; + const testflow = await this.testflowService.getTestflow(workspaceId, testflowId, user._id); const responseData = new ApiResponseService( "Success", HttpStatusCode.OK, @@ -321,8 +324,8 @@ export class TestflowController { const response = await this.testflowService.createTestflowSchedular( createTestflowSchedularDto, user, - ); - const testflow = await this.testflowService.getTestflow(createTestflowSchedularDto.testflowId); + ); + const testflow = await this.testflowService.getTestflow(createTestflowSchedularDto.workspaceId, createTestflowSchedularDto.testflowId, user._id); const result = { testflow, schedule:response @@ -359,7 +362,7 @@ export class TestflowController { workspaceId, user, ); - const testflow = await this.testflowService.getTestflow(testflowId); + const testflow = await this.testflowService.getTestflow(workspaceId, testflowId, user._id); const responseData = new ApiResponseService( "Success", HttpStatusCode.OK, @@ -390,7 +393,7 @@ export class TestflowController { workspaceId, user, ); - const testflow = await this.testflowService.getTestflow(testflowId); + const testflow = await this.testflowService.getTestflow(workspaceId, testflowId, user._id); const responseData = new ApiResponseService( "Success", HttpStatusCode.OK, @@ -421,7 +424,7 @@ export class TestflowController { workspaceId, user, ); - const testflow = await this.testflowService.getTestflow(testflowId); + const testflow = await this.testflowService.getTestflow(workspaceId, testflowId, user._id); const responseData = new ApiResponseService( "Success", HttpStatusCode.OK, @@ -448,7 +451,7 @@ export class TestflowController { ) { const user = request.user; await this.testflowService.deleteScheduleRunHistory(workspaceId, testflowId, scheduleId, runHistoryId, user); - const testflow = await this.testflowService.getTestflow(testflowId); + const testflow = await this.testflowService.getTestflow(workspaceId, testflowId, user._id); const responseData = new ApiResponseService( "Success", HttpStatusCode.OK, diff --git a/src/modules/workspace/services/testflow.service.ts b/src/modules/workspace/services/testflow.service.ts index 4500a6888..4768573d9 100644 --- a/src/modules/workspace/services/testflow.service.ts +++ b/src/modules/workspace/services/testflow.service.ts @@ -330,8 +330,9 @@ export class TestflowService implements OnModuleInit { * Fetches single testflow. * @param id - Testflow id you want to fetch. */ - async getTestflow(id: string): Promise> { - return await this.testflowRepository.get(id); + async getTestflow(workspaceId: string, testflowId: string, userId: ObjectId): Promise> { + await this.checkPermission(workspaceId, userId); + return await this.testflowRepository.get(testflowId); } /** @@ -341,6 +342,9 @@ export class TestflowService implements OnModuleInit { */ async checkPermission(workspaceId: string, userid: ObjectId): Promise { const workspace = await this.workspaceService.get(workspaceId); + if(workspace.workspaceType === WorkspaceType.PUBLIC){ + return; + } const hasPermission = workspace.users.some((user) => { return user.id.toString() === userid.toString(); }); @@ -502,26 +506,7 @@ export class TestflowService implements OnModuleInit { user: DecodedUserObject, ) { try { - const workspaceUsers = await this.workspaceReposistory.get( - schedularData?.workspaceId, - ); - if (!workspaceUsers) { - throw new NotFoundException("Workspace not found."); - } - const userDetails = workspaceUsers.users.find( - (item) => item.id === user._id.toString(), - ); - if (!userDetails) { - throw new NotFoundException("User not found in workspace."); - } - if ( - userDetails.role !== WorkspaceRole.ADMIN && - userDetails.role !== WorkspaceRole.EDITOR - ) { - throw new ForbiddenException( - "User does not have permission to perform this action.", - ); - } + await this.isWorkspaceAdminorEditor(schedularData?.workspaceId, user._id); // Build cron config const runCycleConfig = this.buildRunCycleConfig( schedularData.runConfiguration,