mudhorn/n8n
1
0
Fork 0
mirror of https://github.com/n8n-io/n8n.git synced 2024-11-10 06:34:05 -08:00
Code Issues Actions Packages Projects Releases Wiki Activity
n8n/packages/cli/test/integration/workflows.controller.ee.test.ts

948 lines
30 KiB
TypeScript
Raw Normal View History

feat: add endpoint for workflow sharing (#4172) (no changelog) * feat: add endpoint for workflow sharing Co-authored-by: Ben Hesseldieck <b.hesseldieck@gmail.com>
2022-10-11 05:55:05 -07:00
import express from 'express';
refactor: Setup typescript project references across workflow, core, and cli (#4519) * refactor: use consistent folder structure across workflow, core, and cli * setup typescript project references across workflow, core, and cli
2022-11-09 06:25:00 -08:00
import { v4 as uuid } from 'uuid';
import { INode } from 'n8n-workflow';
feat: add endpoint for workflow sharing (#4172) (no changelog) * feat: add endpoint for workflow sharing Co-authored-by: Ben Hesseldieck <b.hesseldieck@gmail.com>
2022-10-11 05:55:05 -07:00
import * as utils from './shared/utils';
import * as testDb from './shared/testDb';
import { createWorkflow } from './shared/testDb';
refactor: Setup typescript project references across workflow, core, and cli (#4519) * refactor: use consistent folder structure across workflow, core, and cli * setup typescript project references across workflow, core, and cli
2022-11-09 06:25:00 -08:00
import * as UserManagementHelpers from '@/UserManagement/UserManagementHelper';
import type { Role } from '@db/entities/Role';
import config from '@/config';
feat: add saving new workflow endpoint (#4330) (no-changelog) * feat: add saving new workflow endpoint
2022-10-13 02:55:58 -07:00
import type { AuthAgent, SaveCredentialFunction } from './shared/types';
import { makeWorkflow } from './shared/utils';
import { randomCredentialPayload } from './shared/random';
refactor: Setup typescript project references across workflow, core, and cli (#4519) * refactor: use consistent folder structure across workflow, core, and cli * setup typescript project references across workflow, core, and cli
2022-11-09 06:25:00 -08:00
import { ActiveWorkflowRunner } from '@/ActiveWorkflowRunner';
feat: add endpoint for workflow sharing (#4172) (no changelog) * feat: add endpoint for workflow sharing Co-authored-by: Ben Hesseldieck <b.hesseldieck@gmail.com>
2022-10-11 05:55:05 -07:00
refactor: Setup typescript project references across workflow, core, and cli (#4519) * refactor: use consistent folder structure across workflow, core, and cli * setup typescript project references across workflow, core, and cli
2022-11-09 06:25:00 -08:00
jest.mock('@/telemetry');
feat: add endpoint for workflow sharing (#4172) (no changelog) * feat: add endpoint for workflow sharing Co-authored-by: Ben Hesseldieck <b.hesseldieck@gmail.com>
2022-10-11 05:55:05 -07:00
let app: express.Application;
let testDbName = '';
let globalOwnerRole: Role;
let globalMemberRole: Role;
feat: add saving new workflow endpoint (#4330) (no-changelog) * feat: add saving new workflow endpoint
2022-10-13 02:55:58 -07:00
let credentialOwnerRole: Role;
feat: add endpoint for workflow sharing (#4172) (no changelog) * feat: add endpoint for workflow sharing Co-authored-by: Ben Hesseldieck <b.hesseldieck@gmail.com>
2022-10-11 05:55:05 -07:00
let authAgent: AuthAgent;
feat: add saving new workflow endpoint (#4330) (no-changelog) * feat: add saving new workflow endpoint
2022-10-13 02:55:58 -07:00
let saveCredential: SaveCredentialFunction;
feat(core): Add credential runtime checks and prevent tampering in manual run (#4481) * :sparkles: Create `PermissionChecker` * :zap: Adjust helper * :fire: Remove superseded helpers * :zap: Use `PermissionChecker` * :test_tube: Add test for dynamic router switching * :zap: Simplify checks * :zap: Export utils * :zap: Add missing `init` method * :test_tube: Write tests for `PermissionChecker` * :blue_book: Update types * :test_tube: Fix tests * :sparkles: Set up `runManually()` * :zap: Refactor to reuse methods * :test_tube: Clear shared tables first * :twisted_rightwards_arrows: Adjust merge * :zap: Adjust imports
2022-11-11 02:14:45 -08:00
let isSharingEnabled: jest.SpyInstance<boolean>;
refactor: Setup typescript project references across workflow, core, and cli (#4519) * refactor: use consistent folder structure across workflow, core, and cli * setup typescript project references across workflow, core, and cli
2022-11-09 06:25:00 -08:00
let workflowRunner: ActiveWorkflowRunner;
feat(core): Add ownership, sharing and credential details to `GET /workflows` (#4510) * :zap: Abstract into `getMany()` * :zap: Use `getMany()` from free controller * :zap: Use `getMany()` from paid controller * :test_tube: Add tests * :test_tube: Fix tests * :zap: Add credential usage info * :test_tube: Update tests * :zap: Add type and adjust test
2022-11-08 08:52:42 -08:00
let sharingSpy: jest.SpyInstance<boolean>;
feat: add endpoint for workflow sharing (#4172) (no changelog) * feat: add endpoint for workflow sharing Co-authored-by: Ben Hesseldieck <b.hesseldieck@gmail.com>
2022-10-11 05:55:05 -07:00
beforeAll(async () => {
app = await utils.initTestServer({
endpointGroups: ['workflows'],
applyAuth: true,
});
const initResult = await testDb.init();
testDbName = initResult.testDbName;
globalOwnerRole = await testDb.getGlobalOwnerRole();
globalMemberRole = await testDb.getGlobalMemberRole();
feat: add saving new workflow endpoint (#4330) (no-changelog) * feat: add saving new workflow endpoint
2022-10-13 02:55:58 -07:00
credentialOwnerRole = await testDb.getCredentialOwnerRole();
saveCredential = testDb.affixRoleToSaveCredential(credentialOwnerRole);
feat: add endpoint for workflow sharing (#4172) (no changelog) * feat: add endpoint for workflow sharing Co-authored-by: Ben Hesseldieck <b.hesseldieck@gmail.com>
2022-10-11 05:55:05 -07:00
authAgent = utils.createAuthAgent(app);
utils.initTestLogger();
utils.initTestTelemetry();
feat(core): Add credential runtime checks and prevent tampering in manual run (#4481) * :sparkles: Create `PermissionChecker` * :zap: Adjust helper * :fire: Remove superseded helpers * :zap: Use `PermissionChecker` * :test_tube: Add test for dynamic router switching * :zap: Simplify checks * :zap: Export utils * :zap: Add missing `init` method * :test_tube: Write tests for `PermissionChecker` * :blue_book: Update types * :test_tube: Fix tests * :sparkles: Set up `runManually()` * :zap: Refactor to reuse methods * :test_tube: Clear shared tables first * :twisted_rightwards_arrows: Adjust merge * :zap: Adjust imports
2022-11-11 02:14:45 -08:00
isSharingEnabled = jest.spyOn(UserManagementHelpers, 'isSharingEnabled').mockReturnValue(true);
config.set('enterprise.workflowSharingEnabled', true); // @TODO: Remove once temp flag is removed
feat(core): reimplement blocking workflow updates on interim changes (#4446) * :blue_book: Update request type * :blue_book: Update FE types * :zap: Adjust store * :zap: Set received hash * :zap: Send and load hash * :zap: Make helper more flexible * :card_file_box: Add new field to entity * :rotating_light: Add check to endpoint * :test_tube: Add tests * :zap: Add `forceSave` flag * :bug: Fix workflow update failing on new workflow * :test_tube: Add more tests * :zap: Move check to `updateWorkflow()` * :zap: Refactor to accommodate latest changes * :test_tube: Refactor tests to keep them passing * :zap: Improve syntax
2022-10-31 02:35:24 -07:00
await utils.initNodeTypes();
workflowRunner = await utils.initActiveWorkflowRunner();
feat(core): Add ownership, sharing and credential details to `GET /workflows` (#4510) * :zap: Abstract into `getMany()` * :zap: Use `getMany()` from free controller * :zap: Use `getMany()` from paid controller * :test_tube: Add tests * :test_tube: Fix tests * :zap: Add credential usage info * :test_tube: Update tests * :zap: Add type and adjust test
2022-11-08 08:52:42 -08:00
config.set('enterprise.features.sharing', true);
sharingSpy = jest.spyOn(UserManagementHelpers, 'isSharingEnabled').mockReturnValue(true); // @TODO: Remove on release
feat: add endpoint for workflow sharing (#4172) (no changelog) * feat: add endpoint for workflow sharing Co-authored-by: Ben Hesseldieck <b.hesseldieck@gmail.com>
2022-10-11 05:55:05 -07:00
});
beforeEach(async () => {
await testDb.truncate(['User', 'Workflow', 'SharedWorkflow'], testDbName);
});
afterAll(async () => {
await testDb.terminate(testDbName);
});
feat(core): Add credential runtime checks and prevent tampering in manual run (#4481) * :sparkles: Create `PermissionChecker` * :zap: Adjust helper * :fire: Remove superseded helpers * :zap: Use `PermissionChecker` * :test_tube: Add test for dynamic router switching * :zap: Simplify checks * :zap: Export utils * :zap: Add missing `init` method * :test_tube: Write tests for `PermissionChecker` * :blue_book: Update types * :test_tube: Fix tests * :sparkles: Set up `runManually()` * :zap: Refactor to reuse methods * :test_tube: Clear shared tables first * :twisted_rightwards_arrows: Adjust merge * :zap: Adjust imports
2022-11-11 02:14:45 -08:00
test('Router should switch dynamically', async () => {
const owner = await testDb.createUser({ globalRole: globalOwnerRole });
const member = await testDb.createUser({ globalRole: globalMemberRole });
const createWorkflowResponse = await authAgent(owner).post('/workflows').send(makeWorkflow());
const { id } = createWorkflowResponse.body.data;
// free router
isSharingEnabled.mockReturnValueOnce(false);
const freeShareResponse = await authAgent(owner)
.put(`/workflows/${id}/share`)
.send({ shareWithIds: [member.id] });
expect(freeShareResponse.status).toBe(404);
// EE router
const paidShareResponse = await authAgent(owner)
.put(`/workflows/${id}/share`)
.send({ shareWithIds: [member.id] });
expect(paidShareResponse.status).toBe(200);
});
feat: return sharees when returning a workflow (#4312) (no-changelog)
2022-10-11 07:40:39 -07:00
describe('PUT /workflows/:id', () => {
test('PUT /workflows/:id/share should save sharing with new users', async () => {
const owner = await testDb.createUser({ globalRole: globalOwnerRole });
const member = await testDb.createUser({ globalRole: globalMemberRole });
const workflow = await createWorkflow({}, owner);
feat: add endpoint for workflow sharing (#4172) (no changelog) * feat: add endpoint for workflow sharing Co-authored-by: Ben Hesseldieck <b.hesseldieck@gmail.com>
2022-10-11 05:55:05 -07:00
feat: return sharees when returning a workflow (#4312) (no-changelog)
2022-10-11 07:40:39 -07:00
const response = await authAgent(owner)
.put(`/workflows/${workflow.id}/share`)
.send({ shareWithIds: [member.id] });
feat: add endpoint for workflow sharing (#4172) (no changelog) * feat: add endpoint for workflow sharing Co-authored-by: Ben Hesseldieck <b.hesseldieck@gmail.com>
2022-10-11 05:55:05 -07:00
feat: return sharees when returning a workflow (#4312) (no-changelog)
2022-10-11 07:40:39 -07:00
expect(response.statusCode).toBe(200);
feat: add endpoint for workflow sharing (#4172) (no changelog) * feat: add endpoint for workflow sharing Co-authored-by: Ben Hesseldieck <b.hesseldieck@gmail.com>
2022-10-11 05:55:05 -07:00
feat: return sharees when returning a workflow (#4312) (no-changelog)
2022-10-11 07:40:39 -07:00
const sharedWorkflows = await testDb.getWorkflowSharing(workflow);
expect(sharedWorkflows).toHaveLength(2);
});
feat: add endpoint for workflow sharing (#4172) (no changelog) * feat: add endpoint for workflow sharing Co-authored-by: Ben Hesseldieck <b.hesseldieck@gmail.com>
2022-10-11 05:55:05 -07:00
feat: check for cred when updating workflow and remove credential_usage table (#4350) (no-changelog) * feat: check for cred when updating workflow and remove credential_usage table
2022-10-26 06:49:43 -07:00
test('PUT /workflows/:id/share should succeed when sharing with invalid user-id', async () => {
feat: return sharees when returning a workflow (#4312) (no-changelog)
2022-10-11 07:40:39 -07:00
const owner = await testDb.createUser({ globalRole: globalOwnerRole });
const workflow = await createWorkflow({}, owner);
feat: add endpoint for workflow sharing (#4172) (no changelog) * feat: add endpoint for workflow sharing Co-authored-by: Ben Hesseldieck <b.hesseldieck@gmail.com>
2022-10-11 05:55:05 -07:00
feat: return sharees when returning a workflow (#4312) (no-changelog)
2022-10-11 07:40:39 -07:00
const response = await authAgent(owner)
.put(`/workflows/${workflow.id}/share`)
.send({ shareWithIds: [uuid()] });
feat: add endpoint for workflow sharing (#4172) (no changelog) * feat: add endpoint for workflow sharing Co-authored-by: Ben Hesseldieck <b.hesseldieck@gmail.com>
2022-10-11 05:55:05 -07:00
feat: return sharees when returning a workflow (#4312) (no-changelog)
2022-10-11 07:40:39 -07:00
expect(response.statusCode).toBe(200);
feat: add endpoint for workflow sharing (#4172) (no changelog) * feat: add endpoint for workflow sharing Co-authored-by: Ben Hesseldieck <b.hesseldieck@gmail.com>
2022-10-11 05:55:05 -07:00
feat: return sharees when returning a workflow (#4312) (no-changelog)
2022-10-11 07:40:39 -07:00
const sharedWorkflows = await testDb.getWorkflowSharing(workflow);
expect(sharedWorkflows).toHaveLength(1);
});
test('PUT /workflows/:id/share should allow sharing with multiple users', async () => {
const owner = await testDb.createUser({ globalRole: globalOwnerRole });
const member = await testDb.createUser({ globalRole: globalMemberRole });
const anotherMember = await testDb.createUser({ globalRole: globalMemberRole });
const workflow = await createWorkflow({}, owner);
const response = await authAgent(owner)
.put(`/workflows/${workflow.id}/share`)
.send({ shareWithIds: [member.id, anotherMember.id] });
expect(response.statusCode).toBe(200);
const sharedWorkflows = await testDb.getWorkflowSharing(workflow);
expect(sharedWorkflows).toHaveLength(3);
});
test('PUT /workflows/:id/share should override sharing', async () => {
const owner = await testDb.createUser({ globalRole: globalOwnerRole });
const member = await testDb.createUser({ globalRole: globalMemberRole });
const anotherMember = await testDb.createUser({ globalRole: globalMemberRole });
const workflow = await createWorkflow({}, owner);
feat: add endpoint for workflow sharing (#4172) (no changelog) * feat: add endpoint for workflow sharing Co-authored-by: Ben Hesseldieck <b.hesseldieck@gmail.com>
2022-10-11 05:55:05 -07:00
feat: return sharees when returning a workflow (#4312) (no-changelog)
2022-10-11 07:40:39 -07:00
const authOwnerAgent = authAgent(owner);
feat: add endpoint for workflow sharing (#4172) (no changelog) * feat: add endpoint for workflow sharing Co-authored-by: Ben Hesseldieck <b.hesseldieck@gmail.com>
2022-10-11 05:55:05 -07:00
feat: return sharees when returning a workflow (#4312) (no-changelog)
2022-10-11 07:40:39 -07:00
const response = await authOwnerAgent
.put(`/workflows/${workflow.id}/share`)
.send({ shareWithIds: [member.id, anotherMember.id] });
feat: add endpoint for workflow sharing (#4172) (no changelog) * feat: add endpoint for workflow sharing Co-authored-by: Ben Hesseldieck <b.hesseldieck@gmail.com>
2022-10-11 05:55:05 -07:00
feat: return sharees when returning a workflow (#4312) (no-changelog)
2022-10-11 07:40:39 -07:00
expect(response.statusCode).toBe(200);
feat: add endpoint for workflow sharing (#4172) (no changelog) * feat: add endpoint for workflow sharing Co-authored-by: Ben Hesseldieck <b.hesseldieck@gmail.com>
2022-10-11 05:55:05 -07:00
feat: return sharees when returning a workflow (#4312) (no-changelog)
2022-10-11 07:40:39 -07:00
const sharedWorkflows = await testDb.getWorkflowSharing(workflow);
expect(sharedWorkflows).toHaveLength(3);
const secondResponse = await authOwnerAgent
.put(`/workflows/${workflow.id}/share`)
.send({ shareWithIds: [member.id] });
expect(secondResponse.statusCode).toBe(200);
const secondSharedWorkflows = await testDb.getWorkflowSharing(workflow);
expect(secondSharedWorkflows).toHaveLength(2);
});
feat: add endpoint for workflow sharing (#4172) (no changelog) * feat: add endpoint for workflow sharing Co-authored-by: Ben Hesseldieck <b.hesseldieck@gmail.com>
2022-10-11 05:55:05 -07:00
});
feat(core): Add ownership, sharing and credential details to `GET /workflows` (#4510) * :zap: Abstract into `getMany()` * :zap: Use `getMany()` from free controller * :zap: Use `getMany()` from paid controller * :test_tube: Add tests * :test_tube: Fix tests * :zap: Add credential usage info * :test_tube: Update tests * :zap: Add type and adjust test
2022-11-08 08:52:42 -08:00
describe('GET /workflows', () => {
test('should return workflows with ownership, sharing and credential usage details', async () => {
const owner = await testDb.createUser({ globalRole: globalOwnerRole });
const member = await testDb.createUser({ globalRole: globalMemberRole });
const savedCredential = await saveCredential(randomCredentialPayload(), { user: owner });
const workflow = await createWorkflow(
{
nodes: [
{
id: uuid(),
name: 'Action Network',
type: 'n8n-nodes-base.actionNetwork',
parameters: {},
typeVersion: 1,
position: [0, 0],
credentials: {
actionNetworkApi: {
id: savedCredential.id.toString(),
name: savedCredential.name,
},
},
},
],
},
owner,
);
await testDb.shareWorkflowWithUsers(workflow, [member]);
const response = await authAgent(owner).get('/workflows');
const [fetchedWorkflow] = response.body.data;
expect(response.statusCode).toBe(200);
expect(fetchedWorkflow.ownedBy).toMatchObject({
id: owner.id,
email: owner.email,
firstName: owner.firstName,
lastName: owner.lastName,
});
expect(fetchedWorkflow.sharedWith).toHaveLength(1);
const [sharee] = fetchedWorkflow.sharedWith;
expect(sharee).toMatchObject({
id: member.id,
email: member.email,
firstName: member.firstName,
lastName: member.lastName,
});
expect(fetchedWorkflow.usedCredentials).toHaveLength(1);
const [usedCredential] = fetchedWorkflow.usedCredentials;
expect(usedCredential).toMatchObject({
id: savedCredential.id.toString(),
name: savedCredential.name,
type: savedCredential.type,
currentUserHasAccess: true,
});
});
});
feat: return sharees when returning a workflow (#4312) (no-changelog)
2022-10-11 07:40:39 -07:00
describe('GET /workflows/:id', () => {
feat: add saving new workflow endpoint (#4330) (no-changelog) * feat: add saving new workflow endpoint
2022-10-13 02:55:58 -07:00
test('GET should fail with invalid id due to route rule', async () => {
feat: return sharees when returning a workflow (#4312) (no-changelog)
2022-10-11 07:40:39 -07:00
const owner = await testDb.createUser({ globalRole: globalOwnerRole });
feat: add endpoint for workflow sharing (#4172) (no changelog) * feat: add endpoint for workflow sharing Co-authored-by: Ben Hesseldieck <b.hesseldieck@gmail.com>
2022-10-11 05:55:05 -07:00
feat: add saving new workflow endpoint (#4330) (no-changelog) * feat: add saving new workflow endpoint
2022-10-13 02:55:58 -07:00
const response = await authAgent(owner).get('/workflows/potatoes');
feat: add endpoint for workflow sharing (#4172) (no changelog) * feat: add endpoint for workflow sharing Co-authored-by: Ben Hesseldieck <b.hesseldieck@gmail.com>
2022-10-11 05:55:05 -07:00
feat: add saving new workflow endpoint (#4330) (no-changelog) * feat: add saving new workflow endpoint
2022-10-13 02:55:58 -07:00
expect(response.statusCode).toBe(404);
});
test('GET should return 404 for non existing workflow', async () => {
const owner = await testDb.createUser({ globalRole: globalOwnerRole });
const response = await authAgent(owner).get('/workflows/9001');
expect(response.statusCode).toBe(404);
feat: return sharees when returning a workflow (#4312) (no-changelog)
2022-10-11 07:40:39 -07:00
});
feat: add endpoint for workflow sharing (#4172) (no changelog) * feat: add endpoint for workflow sharing Co-authored-by: Ben Hesseldieck <b.hesseldieck@gmail.com>
2022-10-11 05:55:05 -07:00
feat: return sharees when returning a workflow (#4312) (no-changelog)
2022-10-11 07:40:39 -07:00
test('GET should return a workflow with owner', async () => {
const owner = await testDb.createUser({ globalRole: globalOwnerRole });
const workflow = await createWorkflow({}, owner);
feat: add endpoint for workflow sharing (#4172) (no changelog) * feat: add endpoint for workflow sharing Co-authored-by: Ben Hesseldieck <b.hesseldieck@gmail.com>
2022-10-11 05:55:05 -07:00
feat: add saving new workflow endpoint (#4330) (no-changelog) * feat: add saving new workflow endpoint
2022-10-13 02:55:58 -07:00
const response = await authAgent(owner).get(`/workflows/${workflow.id}`);
feat: add endpoint for workflow sharing (#4172) (no changelog) * feat: add endpoint for workflow sharing Co-authored-by: Ben Hesseldieck <b.hesseldieck@gmail.com>
2022-10-11 05:55:05 -07:00
feat: return sharees when returning a workflow (#4312) (no-changelog)
2022-10-11 07:40:39 -07:00
expect(response.statusCode).toBe(200);
expect(response.body.data.ownedBy).toMatchObject({
id: owner.id,
email: owner.email,
firstName: owner.firstName,
lastName: owner.lastName,
});
feat: add endpoint for workflow sharing (#4172) (no changelog) * feat: add endpoint for workflow sharing Co-authored-by: Ben Hesseldieck <b.hesseldieck@gmail.com>
2022-10-11 05:55:05 -07:00
feat: return sharees when returning a workflow (#4312) (no-changelog)
2022-10-11 07:40:39 -07:00
expect(response.body.data.sharedWith).toHaveLength(0);
});
test('GET should return shared workflow with user data', async () => {
const owner = await testDb.createUser({ globalRole: globalOwnerRole });
const member = await testDb.createUser({ globalRole: globalMemberRole });
const workflow = await createWorkflow({}, owner);
await testDb.shareWorkflowWithUsers(workflow, [member]);
feat: add saving new workflow endpoint (#4330) (no-changelog) * feat: add saving new workflow endpoint
2022-10-13 02:55:58 -07:00
const response = await authAgent(owner).get(`/workflows/${workflow.id}`);
feat: return sharees when returning a workflow (#4312) (no-changelog)
2022-10-11 07:40:39 -07:00
expect(response.statusCode).toBe(200);
expect(response.body.data.ownedBy).toMatchObject({
id: owner.id,
email: owner.email,
firstName: owner.firstName,
lastName: owner.lastName,
});
expect(response.body.data.sharedWith).toHaveLength(1);
expect(response.body.data.sharedWith[0]).toMatchObject({
id: member.id,
email: member.email,
firstName: member.firstName,
lastName: member.lastName,
});
});
test('GET should return all sharees', async () => {
const owner = await testDb.createUser({ globalRole: globalOwnerRole });
const member1 = await testDb.createUser({ globalRole: globalMemberRole });
const member2 = await testDb.createUser({ globalRole: globalMemberRole });
const workflow = await createWorkflow({}, owner);
await testDb.shareWorkflowWithUsers(workflow, [member1, member2]);
feat: add saving new workflow endpoint (#4330) (no-changelog) * feat: add saving new workflow endpoint
2022-10-13 02:55:58 -07:00
const response = await authAgent(owner).get(`/workflows/${workflow.id}`);
feat: return sharees when returning a workflow (#4312) (no-changelog)
2022-10-11 07:40:39 -07:00
expect(response.statusCode).toBe(200);
expect(response.body.data.ownedBy).toMatchObject({
id: owner.id,
email: owner.email,
firstName: owner.firstName,
lastName: owner.lastName,
});
expect(response.body.data.sharedWith).toHaveLength(2);
});
feat: also send credentials when returning workflow via API (#4458) (no-changelog)
2022-10-31 07:08:25 -07:00
test('GET should return workflow with credentials owned by user', async () => {
const owner = await testDb.createUser({ globalRole: globalOwnerRole });
const savedCredential = await saveCredential(randomCredentialPayload(), { user: owner });
const workflowPayload = makeWorkflow({
withPinData: false,
withCredential: { id: savedCredential.id.toString(), name: savedCredential.name },
});
const workflow = await createWorkflow(workflowPayload, owner);
const response = await authAgent(owner).get(`/workflows/${workflow.id}`);
expect(response.statusCode).toBe(200);
expect(response.body.data.usedCredentials).toMatchObject([
{
id: savedCredential.id.toString(),
name: savedCredential.name,
currentUserHasAccess: true,
},
]);
expect(response.body.data.sharedWith).toHaveLength(0);
});
test('GET should return workflow with credentials saying owner has access even when not shared', async () => {
const owner = await testDb.createUser({ globalRole: globalOwnerRole });
const member = await testDb.createUser({ globalRole: globalMemberRole });
const savedCredential = await saveCredential(randomCredentialPayload(), { user: member });
const workflowPayload = makeWorkflow({
withPinData: false,
withCredential: { id: savedCredential.id.toString(), name: savedCredential.name },
});
const workflow = await createWorkflow(workflowPayload, owner);
const response = await authAgent(owner).get(`/workflows/${workflow.id}`);
expect(response.statusCode).toBe(200);
expect(response.body.data.usedCredentials).toMatchObject([
{
id: savedCredential.id.toString(),
name: savedCredential.name,
currentUserHasAccess: true, // owner has access to any cred
},
]);
expect(response.body.data.sharedWith).toHaveLength(0);
});
test('GET should return workflow with credentials for all users with or without access', async () => {
const member1 = await testDb.createUser({ globalRole: globalMemberRole });
const member2 = await testDb.createUser({ globalRole: globalMemberRole });
const savedCredential = await saveCredential(randomCredentialPayload(), { user: member1 });
const workflowPayload = makeWorkflow({
withPinData: false,
withCredential: { id: savedCredential.id.toString(), name: savedCredential.name },
});
const workflow = await createWorkflow(workflowPayload, member1);
await testDb.shareWorkflowWithUsers(workflow, [member2]);
const responseMember1 = await authAgent(member1).get(`/workflows/${workflow.id}`);
expect(responseMember1.statusCode).toBe(200);
expect(responseMember1.body.data.usedCredentials).toMatchObject([
{
id: savedCredential.id.toString(),
name: savedCredential.name,
currentUserHasAccess: true, // one user has access
},
]);
expect(responseMember1.body.data.sharedWith).toHaveLength(1);
const responseMember2 = await authAgent(member2).get(`/workflows/${workflow.id}`);
expect(responseMember2.statusCode).toBe(200);
expect(responseMember2.body.data.usedCredentials).toMatchObject([
{
id: savedCredential.id.toString(),
name: savedCredential.name,
currentUserHasAccess: false, // the other one doesn't
},
]);
expect(responseMember2.body.data.sharedWith).toHaveLength(1);
});
test('GET should return workflow with credentials for all users with access', async () => {
const member1 = await testDb.createUser({ globalRole: globalMemberRole });
const member2 = await testDb.createUser({ globalRole: globalMemberRole });
const savedCredential = await saveCredential(randomCredentialPayload(), { user: member1 });
// Both users have access to the credential (none is owner)
await testDb.shareCredentialWithUsers(savedCredential, [member2]);
const workflowPayload = makeWorkflow({
withPinData: false,
withCredential: { id: savedCredential.id.toString(), name: savedCredential.name },
});
const workflow = await createWorkflow(workflowPayload, member1);
await testDb.shareWorkflowWithUsers(workflow, [member2]);
const responseMember1 = await authAgent(member1).get(`/workflows/${workflow.id}`);
expect(responseMember1.statusCode).toBe(200);
expect(responseMember1.body.data.usedCredentials).toMatchObject([
{
id: savedCredential.id.toString(),
name: savedCredential.name,
currentUserHasAccess: true,
},
]);
expect(responseMember1.body.data.sharedWith).toHaveLength(1);
const responseMember2 = await authAgent(member2).get(`/workflows/${workflow.id}`);
expect(responseMember2.statusCode).toBe(200);
expect(responseMember2.body.data.usedCredentials).toMatchObject([
{
id: savedCredential.id.toString(),
name: savedCredential.name,
currentUserHasAccess: true,
},
]);
expect(responseMember2.body.data.sharedWith).toHaveLength(1);
});
feat: add endpoint for workflow sharing (#4172) (no changelog) * feat: add endpoint for workflow sharing Co-authored-by: Ben Hesseldieck <b.hesseldieck@gmail.com>
2022-10-11 05:55:05 -07:00
});
feat: add saving new workflow endpoint (#4330) (no-changelog) * feat: add saving new workflow endpoint
2022-10-13 02:55:58 -07:00
describe('POST /workflows', () => {
it('Should create a workflow that uses no credential', async () => {
const owner = await testDb.createUser({ globalRole: globalOwnerRole });
const workflow = makeWorkflow({ withPinData: false });
const response = await authAgent(owner).post('/workflows').send(workflow);
expect(response.statusCode).toBe(200);
});
feat: check for cred when updating workflow and remove credential_usage table (#4350) (no-changelog) * feat: check for cred when updating workflow and remove credential_usage table
2022-10-26 06:49:43 -07:00
it('Should save a new workflow with credentials', async () => {
feat: add saving new workflow endpoint (#4330) (no-changelog) * feat: add saving new workflow endpoint
2022-10-13 02:55:58 -07:00
const owner = await testDb.createUser({ globalRole: globalOwnerRole });
const savedCredential = await saveCredential(randomCredentialPayload(), { user: owner });
const workflow = makeWorkflow({
withPinData: false,
withCredential: { id: savedCredential.id.toString(), name: savedCredential.name },
});
const response = await authAgent(owner).post('/workflows').send(workflow);
expect(response.statusCode).toBe(200);
});
it('Should not allow saving a workflow using credential you have no access', async () => {
const owner = await testDb.createUser({ globalRole: globalOwnerRole });
const member = await testDb.createUser({ globalRole: globalMemberRole });
// Credential belongs to owner, member cannot use it.
const savedCredential = await saveCredential(randomCredentialPayload(), { user: owner });
const workflow = makeWorkflow({
withPinData: false,
withCredential: { id: savedCredential.id.toString(), name: savedCredential.name },
});
const response = await authAgent(member).post('/workflows').send(workflow);
expect(response.statusCode).toBe(400);
expect(response.body.message).toBe(
'The workflow contains credentials that you do not have access to',
);
});
it('Should allow owner to save a workflow using credential owned by others', async () => {
const owner = await testDb.createUser({ globalRole: globalOwnerRole });
const member = await testDb.createUser({ globalRole: globalMemberRole });
// Credential belongs to owner, member cannot use it.
const savedCredential = await saveCredential(randomCredentialPayload(), { user: member });
const workflow = makeWorkflow({
withPinData: false,
withCredential: { id: savedCredential.id.toString(), name: savedCredential.name },
});
const response = await authAgent(owner).post('/workflows').send(workflow);
expect(response.statusCode).toBe(200);
});
it('Should allow saving a workflow using a credential owned by others and shared with you', async () => {
const member1 = await testDb.createUser({ globalRole: globalMemberRole });
const member2 = await testDb.createUser({ globalRole: globalMemberRole });
const savedCredential = await saveCredential(randomCredentialPayload(), { user: member1 });
await testDb.shareCredentialWithUsers(savedCredential, [member2]);
const workflow = makeWorkflow({
withPinData: false,
withCredential: { id: savedCredential.id.toString(), name: savedCredential.name },
});
const response = await authAgent(member2).post('/workflows').send(workflow);
expect(response.statusCode).toBe(200);
feat: check for cred when updating workflow and remove credential_usage table (#4350) (no-changelog) * feat: check for cred when updating workflow and remove credential_usage table
2022-10-26 06:49:43 -07:00
});
});
feat(core): reimplement blocking workflow updates on interim changes (#4446) * :blue_book: Update request type * :blue_book: Update FE types * :zap: Adjust store * :zap: Set received hash * :zap: Send and load hash * :zap: Make helper more flexible * :card_file_box: Add new field to entity * :rotating_light: Add check to endpoint * :test_tube: Add tests * :zap: Add `forceSave` flag * :bug: Fix workflow update failing on new workflow * :test_tube: Add more tests * :zap: Move check to `updateWorkflow()` * :zap: Refactor to accommodate latest changes * :test_tube: Refactor tests to keep them passing * :zap: Improve syntax
2022-10-31 02:35:24 -07:00
describe('PATCH /workflows/:id - validate credential permissions to user', () => {
feat: check for cred when updating workflow and remove credential_usage table (#4350) (no-changelog) * feat: check for cred when updating workflow and remove credential_usage table
2022-10-26 06:49:43 -07:00
it('Should succeed when saving unchanged workflow nodes', async () => {
const owner = await testDb.createUser({ globalRole: globalOwnerRole });
const savedCredential = await saveCredential(randomCredentialPayload(), { user: owner });
feat(core): reimplement blocking workflow updates on interim changes (#4446) * :blue_book: Update request type * :blue_book: Update FE types * :zap: Adjust store * :zap: Set received hash * :zap: Send and load hash * :zap: Make helper more flexible * :card_file_box: Add new field to entity * :rotating_light: Add check to endpoint * :test_tube: Add tests * :zap: Add `forceSave` flag * :bug: Fix workflow update failing on new workflow * :test_tube: Add more tests * :zap: Move check to `updateWorkflow()` * :zap: Refactor to accommodate latest changes * :test_tube: Refactor tests to keep them passing * :zap: Improve syntax
2022-10-31 02:35:24 -07:00
const workflow = {
name: 'test',
active: false,
connections: {},
nodes: [
{
id: 'uuid-1234',
name: 'Start',
parameters: {},
position: [-20, 260],
type: 'n8n-nodes-base.start',
typeVersion: 1,
credentials: {
default: {
id: savedCredential.id.toString(),
name: savedCredential.name,
feat: check for cred when updating workflow and remove credential_usage table (#4350) (no-changelog) * feat: check for cred when updating workflow and remove credential_usage table
2022-10-26 06:49:43 -07:00
},
},
feat(core): reimplement blocking workflow updates on interim changes (#4446) * :blue_book: Update request type * :blue_book: Update FE types * :zap: Adjust store * :zap: Set received hash * :zap: Send and load hash * :zap: Make helper more flexible * :card_file_box: Add new field to entity * :rotating_light: Add check to endpoint * :test_tube: Add tests * :zap: Add `forceSave` flag * :bug: Fix workflow update failing on new workflow * :test_tube: Add more tests * :zap: Move check to `updateWorkflow()` * :zap: Refactor to accommodate latest changes * :test_tube: Refactor tests to keep them passing * :zap: Improve syntax
2022-10-31 02:35:24 -07:00
},
],
};
const createResponse = await authAgent(owner).post('/workflows').send(workflow);
const { id, hash } = createResponse.body.data;
feat: check for cred when updating workflow and remove credential_usage table (#4350) (no-changelog) * feat: check for cred when updating workflow and remove credential_usage table
2022-10-26 06:49:43 -07:00
feat(core): reimplement blocking workflow updates on interim changes (#4446) * :blue_book: Update request type * :blue_book: Update FE types * :zap: Adjust store * :zap: Set received hash * :zap: Send and load hash * :zap: Make helper more flexible * :card_file_box: Add new field to entity * :rotating_light: Add check to endpoint * :test_tube: Add tests * :zap: Add `forceSave` flag * :bug: Fix workflow update failing on new workflow * :test_tube: Add more tests * :zap: Move check to `updateWorkflow()` * :zap: Refactor to accommodate latest changes * :test_tube: Refactor tests to keep them passing * :zap: Improve syntax
2022-10-31 02:35:24 -07:00
const response = await authAgent(owner).patch(`/workflows/${id}`).send({
feat: check for cred when updating workflow and remove credential_usage table (#4350) (no-changelog) * feat: check for cred when updating workflow and remove credential_usage table
2022-10-26 06:49:43 -07:00
name: 'new name',
feat(core): reimplement blocking workflow updates on interim changes (#4446) * :blue_book: Update request type * :blue_book: Update FE types * :zap: Adjust store * :zap: Set received hash * :zap: Send and load hash * :zap: Make helper more flexible * :card_file_box: Add new field to entity * :rotating_light: Add check to endpoint * :test_tube: Add tests * :zap: Add `forceSave` flag * :bug: Fix workflow update failing on new workflow * :test_tube: Add more tests * :zap: Move check to `updateWorkflow()` * :zap: Refactor to accommodate latest changes * :test_tube: Refactor tests to keep them passing * :zap: Improve syntax
2022-10-31 02:35:24 -07:00
hash,
feat: check for cred when updating workflow and remove credential_usage table (#4350) (no-changelog) * feat: check for cred when updating workflow and remove credential_usage table
2022-10-26 06:49:43 -07:00
});
expect(response.statusCode).toBe(200);
});
it('Should allow owner to add node containing credential not shared with the owner', async () => {
const owner = await testDb.createUser({ globalRole: globalOwnerRole });
const member = await testDb.createUser({ globalRole: globalMemberRole });
const savedCredential = await saveCredential(randomCredentialPayload(), { user: member });
feat(core): reimplement blocking workflow updates on interim changes (#4446) * :blue_book: Update request type * :blue_book: Update FE types * :zap: Adjust store * :zap: Set received hash * :zap: Send and load hash * :zap: Make helper more flexible * :card_file_box: Add new field to entity * :rotating_light: Add check to endpoint * :test_tube: Add tests * :zap: Add `forceSave` flag * :bug: Fix workflow update failing on new workflow * :test_tube: Add more tests * :zap: Move check to `updateWorkflow()` * :zap: Refactor to accommodate latest changes * :test_tube: Refactor tests to keep them passing * :zap: Improve syntax
2022-10-31 02:35:24 -07:00
const workflow = {
name: 'test',
active: false,
connections: {},
nodes: [
{
id: 'uuid-1234',
name: 'Start',
parameters: {},
position: [-20, 260],
type: 'n8n-nodes-base.start',
typeVersion: 1,
credentials: {
default: {
id: savedCredential.id.toString(),
name: savedCredential.name,
},
},
},
],
};
const createResponse = await authAgent(owner).post('/workflows').send(workflow);
const { id, hash } = createResponse.body.data;
feat: check for cred when updating workflow and remove credential_usage table (#4350) (no-changelog) * feat: check for cred when updating workflow and remove credential_usage table
2022-10-26 06:49:43 -07:00
const response = await authAgent(owner)
feat(core): reimplement blocking workflow updates on interim changes (#4446) * :blue_book: Update request type * :blue_book: Update FE types * :zap: Adjust store * :zap: Set received hash * :zap: Send and load hash * :zap: Make helper more flexible * :card_file_box: Add new field to entity * :rotating_light: Add check to endpoint * :test_tube: Add tests * :zap: Add `forceSave` flag * :bug: Fix workflow update failing on new workflow * :test_tube: Add more tests * :zap: Move check to `updateWorkflow()` * :zap: Refactor to accommodate latest changes * :test_tube: Refactor tests to keep them passing * :zap: Improve syntax
2022-10-31 02:35:24 -07:00
.patch(`/workflows/${id}`)
feat: check for cred when updating workflow and remove credential_usage table (#4350) (no-changelog) * feat: check for cred when updating workflow and remove credential_usage table
2022-10-26 06:49:43 -07:00
.send({
feat(core): reimplement blocking workflow updates on interim changes (#4446) * :blue_book: Update request type * :blue_book: Update FE types * :zap: Adjust store * :zap: Set received hash * :zap: Send and load hash * :zap: Make helper more flexible * :card_file_box: Add new field to entity * :rotating_light: Add check to endpoint * :test_tube: Add tests * :zap: Add `forceSave` flag * :bug: Fix workflow update failing on new workflow * :test_tube: Add more tests * :zap: Move check to `updateWorkflow()` * :zap: Refactor to accommodate latest changes * :test_tube: Refactor tests to keep them passing * :zap: Improve syntax
2022-10-31 02:35:24 -07:00
hash,
feat: check for cred when updating workflow and remove credential_usage table (#4350) (no-changelog) * feat: check for cred when updating workflow and remove credential_usage table
2022-10-26 06:49:43 -07:00
nodes: [
{
id: 'uuid-1234',
name: 'Start',
parameters: {},
position: [-20, 260],
type: 'n8n-nodes-base.start',
typeVersion: 1,
credentials: {
default: {
id: savedCredential.id.toString(),
name: savedCredential.name,
},
},
},
],
});
expect(response.statusCode).toBe(200);
});
it('Should prevent member from adding node containing credential inaccessible to member', async () => {
const owner = await testDb.createUser({ globalRole: globalOwnerRole });
const member = await testDb.createUser({ globalRole: globalMemberRole });
const savedCredential = await saveCredential(randomCredentialPayload(), { user: owner });
feat(core): reimplement blocking workflow updates on interim changes (#4446) * :blue_book: Update request type * :blue_book: Update FE types * :zap: Adjust store * :zap: Set received hash * :zap: Send and load hash * :zap: Make helper more flexible * :card_file_box: Add new field to entity * :rotating_light: Add check to endpoint * :test_tube: Add tests * :zap: Add `forceSave` flag * :bug: Fix workflow update failing on new workflow * :test_tube: Add more tests * :zap: Move check to `updateWorkflow()` * :zap: Refactor to accommodate latest changes * :test_tube: Refactor tests to keep them passing * :zap: Improve syntax
2022-10-31 02:35:24 -07:00
const workflow = {
name: 'test',
active: false,
connections: {},
nodes: [
{
id: 'uuid-1234',
name: 'Start',
parameters: {},
position: [-20, 260],
type: 'n8n-nodes-base.start',
typeVersion: 1,
credentials: {
default: {
id: savedCredential.id.toString(),
name: savedCredential.name,
},
},
},
],
};
const createResponse = await authAgent(owner).post('/workflows').send(workflow);
const { id, hash } = createResponse.body.data;
feat: check for cred when updating workflow and remove credential_usage table (#4350) (no-changelog) * feat: check for cred when updating workflow and remove credential_usage table
2022-10-26 06:49:43 -07:00
const response = await authAgent(member)
feat(core): reimplement blocking workflow updates on interim changes (#4446) * :blue_book: Update request type * :blue_book: Update FE types * :zap: Adjust store * :zap: Set received hash * :zap: Send and load hash * :zap: Make helper more flexible * :card_file_box: Add new field to entity * :rotating_light: Add check to endpoint * :test_tube: Add tests * :zap: Add `forceSave` flag * :bug: Fix workflow update failing on new workflow * :test_tube: Add more tests * :zap: Move check to `updateWorkflow()` * :zap: Refactor to accommodate latest changes * :test_tube: Refactor tests to keep them passing * :zap: Improve syntax
2022-10-31 02:35:24 -07:00
.patch(`/workflows/${id}`)
feat: check for cred when updating workflow and remove credential_usage table (#4350) (no-changelog) * feat: check for cred when updating workflow and remove credential_usage table
2022-10-26 06:49:43 -07:00
.send({
feat(core): reimplement blocking workflow updates on interim changes (#4446) * :blue_book: Update request type * :blue_book: Update FE types * :zap: Adjust store * :zap: Set received hash * :zap: Send and load hash * :zap: Make helper more flexible * :card_file_box: Add new field to entity * :rotating_light: Add check to endpoint * :test_tube: Add tests * :zap: Add `forceSave` flag * :bug: Fix workflow update failing on new workflow * :test_tube: Add more tests * :zap: Move check to `updateWorkflow()` * :zap: Refactor to accommodate latest changes * :test_tube: Refactor tests to keep them passing * :zap: Improve syntax
2022-10-31 02:35:24 -07:00
hash,
feat: check for cred when updating workflow and remove credential_usage table (#4350) (no-changelog) * feat: check for cred when updating workflow and remove credential_usage table
2022-10-26 06:49:43 -07:00
nodes: [
{
id: 'uuid-1234',
name: 'Start',
parameters: {},
position: [-20, 260],
type: 'n8n-nodes-base.start',
typeVersion: 1,
credentials: {},
},
{
id: 'uuid-12345',
name: 'Start',
parameters: {},
position: [-20, 260],
type: 'n8n-nodes-base.start',
typeVersion: 1,
credentials: {
default: {
id: savedCredential.id.toString(),
name: savedCredential.name,
},
},
},
],
});
expect(response.statusCode).toBe(400);
});
it('Should succeed but prevent modifying nodes that are read-only for the requester', async () => {
const member1 = await testDb.createUser({ globalRole: globalMemberRole });
const member2 = await testDb.createUser({ globalRole: globalMemberRole });
const savedCredential = await saveCredential(randomCredentialPayload(), { user: member1 });
const originalNodes: INode[] = [
{
id: 'uuid-1234',
name: 'Start',
parameters: {},
position: [-20, 260],
type: 'n8n-nodes-base.start',
typeVersion: 1,
credentials: {
default: {
id: savedCredential.id.toString(),
name: savedCredential.name,
},
},
},
];
const changedNodes: INode[] = [
{
id: 'uuid-1234',
name: 'End',
parameters: {},
position: [-20, 260],
type: 'n8n-nodes-base.no-op',
typeVersion: 1,
credentials: {
default: {
id: '200',
name: 'fake credential',
},
},
},
];
feat(core): reimplement blocking workflow updates on interim changes (#4446) * :blue_book: Update request type * :blue_book: Update FE types * :zap: Adjust store * :zap: Set received hash * :zap: Send and load hash * :zap: Make helper more flexible * :card_file_box: Add new field to entity * :rotating_light: Add check to endpoint * :test_tube: Add tests * :zap: Add `forceSave` flag * :bug: Fix workflow update failing on new workflow * :test_tube: Add more tests * :zap: Move check to `updateWorkflow()` * :zap: Refactor to accommodate latest changes * :test_tube: Refactor tests to keep them passing * :zap: Improve syntax
2022-10-31 02:35:24 -07:00
const workflow = {
name: 'test',
active: false,
connections: {},
nodes: originalNodes,
};
const createResponse = await authAgent(member1).post('/workflows').send(workflow);
const { id, hash } = createResponse.body.data;
await authAgent(member1)
.put(`/workflows/${id}/share`)
.send({ shareWithIds: [member2.id] });
feat: check for cred when updating workflow and remove credential_usage table (#4350) (no-changelog) * feat: check for cred when updating workflow and remove credential_usage table
2022-10-26 06:49:43 -07:00
feat(core): reimplement blocking workflow updates on interim changes (#4446) * :blue_book: Update request type * :blue_book: Update FE types * :zap: Adjust store * :zap: Set received hash * :zap: Send and load hash * :zap: Make helper more flexible * :card_file_box: Add new field to entity * :rotating_light: Add check to endpoint * :test_tube: Add tests * :zap: Add `forceSave` flag * :bug: Fix workflow update failing on new workflow * :test_tube: Add more tests * :zap: Move check to `updateWorkflow()` * :zap: Refactor to accommodate latest changes * :test_tube: Refactor tests to keep them passing * :zap: Improve syntax
2022-10-31 02:35:24 -07:00
const response = await authAgent(member2).patch(`/workflows/${id}`).send({
hash,
feat: check for cred when updating workflow and remove credential_usage table (#4350) (no-changelog) * feat: check for cred when updating workflow and remove credential_usage table
2022-10-26 06:49:43 -07:00
nodes: changedNodes,
});
expect(response.statusCode).toBe(200);
expect(response.body.data.nodes).toMatchObject(originalNodes);
feat: add saving new workflow endpoint (#4330) (no-changelog) * feat: add saving new workflow endpoint
2022-10-13 02:55:58 -07:00
});
});
feat(core): reimplement blocking workflow updates on interim changes (#4446) * :blue_book: Update request type * :blue_book: Update FE types * :zap: Adjust store * :zap: Set received hash * :zap: Send and load hash * :zap: Make helper more flexible * :card_file_box: Add new field to entity * :rotating_light: Add check to endpoint * :test_tube: Add tests * :zap: Add `forceSave` flag * :bug: Fix workflow update failing on new workflow * :test_tube: Add more tests * :zap: Move check to `updateWorkflow()` * :zap: Refactor to accommodate latest changes * :test_tube: Refactor tests to keep them passing * :zap: Improve syntax
2022-10-31 02:35:24 -07:00
refactor(core): Skip interim updates check (no-changelog) (#4536) :zap: Skip interim updates check
2022-11-07 08:33:35 -08:00
describe.skip('PATCH /workflows/:id - validate interim updates', () => {
feat(core): reimplement blocking workflow updates on interim changes (#4446) * :blue_book: Update request type * :blue_book: Update FE types * :zap: Adjust store * :zap: Set received hash * :zap: Send and load hash * :zap: Make helper more flexible * :card_file_box: Add new field to entity * :rotating_light: Add check to endpoint * :test_tube: Add tests * :zap: Add `forceSave` flag * :bug: Fix workflow update failing on new workflow * :test_tube: Add more tests * :zap: Move check to `updateWorkflow()` * :zap: Refactor to accommodate latest changes * :test_tube: Refactor tests to keep them passing * :zap: Improve syntax
2022-10-31 02:35:24 -07:00
it('should block owner updating workflow nodes on interim update by member', async () => {
const owner = await testDb.createUser({ globalRole: globalOwnerRole });
const member = await testDb.createUser({ globalRole: globalMemberRole });
// owner creates and shares workflow
const createResponse = await authAgent(owner).post('/workflows').send(makeWorkflow());
const { id, hash: ownerHash } = createResponse.body.data;
await authAgent(owner)
.put(`/workflows/${id}/share`)
.send({ shareWithIds: [member.id] });
// member accesses and updates workflow name
const memberGetResponse = await authAgent(member).get(`/workflows/${id}`);
const { hash: memberHash } = memberGetResponse.body.data;
await authAgent(member)
.patch(`/workflows/${id}`)
.send({ name: 'Update by member', hash: memberHash });
// owner blocked from updating workflow nodes
const updateAttemptResponse = await authAgent(owner)
.patch(`/workflows/${id}`)
.send({ nodes: [], hash: ownerHash });
expect(updateAttemptResponse.status).toBe(400);
expect(updateAttemptResponse.body.message).toContain(
'cannot be saved because it was changed by another user',
);
});
it('should block member updating workflow nodes on interim update by owner', async () => {
const owner = await testDb.createUser({ globalRole: globalOwnerRole });
const member = await testDb.createUser({ globalRole: globalMemberRole });
// owner creates, updates and shares workflow
const createResponse = await authAgent(owner).post('/workflows').send(makeWorkflow());
const { id, hash: ownerFirstHash } = createResponse.body.data;
const updateResponse = await authAgent(owner)
.patch(`/workflows/${id}`)
.send({ name: 'Update by owner', hash: ownerFirstHash });
const { hash: ownerSecondHash } = updateResponse.body.data;
await authAgent(owner)
.put(`/workflows/${id}/share`)
.send({ shareWithIds: [member.id] });
// member accesses workflow
const memberGetResponse = await authAgent(member).get(`/workflows/${id}`);
const { hash: memberHash } = memberGetResponse.body.data;
// owner re-updates workflow
await authAgent(owner)
.patch(`/workflows/${id}`)
.send({ name: 'Owner update again', hash: ownerSecondHash });
// member blocked from updating workflow
const updateAttemptResponse = await authAgent(member)
.patch(`/workflows/${id}`)
.send({ nodes: [], hash: memberHash });
expect(updateAttemptResponse.status).toBe(400);
expect(updateAttemptResponse.body.message).toContain(
'cannot be saved because it was changed by another user',
);
});
it('should block owner activation on interim activation by member', async () => {
const owner = await testDb.createUser({ globalRole: globalOwnerRole });
const member = await testDb.createUser({ globalRole: globalMemberRole });
// owner creates and shares workflow
const createResponse = await authAgent(owner).post('/workflows').send(makeWorkflow());
const { id, hash: ownerHash } = createResponse.body.data;
await authAgent(owner)
.put(`/workflows/${id}/share`)
.send({ shareWithIds: [member.id] });
// member accesses and activates workflow
const memberGetResponse = await authAgent(member).get(`/workflows/${id}`);
const { hash: memberHash } = memberGetResponse.body.data;
await authAgent(member).patch(`/workflows/${id}`).send({ active: true, hash: memberHash });
// owner blocked from activating workflow
const activationAttemptResponse = await authAgent(owner)
.patch(`/workflows/${id}`)
.send({ active: true, hash: ownerHash });
expect(activationAttemptResponse.status).toBe(400);
expect(activationAttemptResponse.body.message).toContain(
'cannot be saved because it was changed by another user',
);
});
it('should block member activation on interim activation by owner', async () => {
const owner = await testDb.createUser({ globalRole: globalOwnerRole });
const member = await testDb.createUser({ globalRole: globalMemberRole });
// owner creates, updates and shares workflow
const createResponse = await authAgent(owner).post('/workflows').send(makeWorkflow());
const { id, hash: ownerFirstHash } = createResponse.body.data;
const updateResponse = await authAgent(owner)
.patch(`/workflows/${id}`)
.send({ name: 'Update by owner', hash: ownerFirstHash });
const { hash: ownerSecondHash } = updateResponse.body.data;
await authAgent(owner)
.put(`/workflows/${id}/share`)
.send({ shareWithIds: [member.id] });
// member accesses workflow
const memberGetResponse = await authAgent(member).get(`/workflows/${id}`);
const { hash: memberHash } = memberGetResponse.body.data;
// owner activates workflow
await authAgent(owner).patch(`/workflows/${id}`).send({ active: true, hash: ownerSecondHash });
// member blocked from activating workflow
const updateAttemptResponse = await authAgent(member)
.patch(`/workflows/${id}`)
.send({ active: true, hash: memberHash });
expect(updateAttemptResponse.status).toBe(400);
expect(updateAttemptResponse.body.message).toContain(
'cannot be saved because it was changed by another user',
);
});
it('should block member updating workflow settings on interim update by owner', async () => {
const owner = await testDb.createUser({ globalRole: globalOwnerRole });
const member = await testDb.createUser({ globalRole: globalMemberRole });
// owner creates and shares workflow
const createResponse = await authAgent(owner).post('/workflows').send(makeWorkflow());
const { id, hash: ownerHash } = createResponse.body.data;
await authAgent(owner)
.put(`/workflows/${id}/share`)
.send({ shareWithIds: [member.id] });
// member accesses workflow
const memberGetResponse = await authAgent(member).get(`/workflows/${id}`);
const { hash: memberHash } = memberGetResponse.body.data;
// owner updates workflow name
await authAgent(owner)
.patch(`/workflows/${id}`)
.send({ name: 'Another name', hash: ownerHash });
// member blocked from updating workflow settings
const updateAttemptResponse = await authAgent(member)
.patch(`/workflows/${id}`)
.send({ settings: { saveManualExecutions: true }, hash: memberHash });
expect(updateAttemptResponse.status).toBe(400);
expect(updateAttemptResponse.body.message).toContain(
'cannot be saved because it was changed by another user',
);
});
it('should block member updating workflow name on interim update by owner', async () => {
const owner = await testDb.createUser({ globalRole: globalOwnerRole });
const member = await testDb.createUser({ globalRole: globalMemberRole });
// owner creates and shares workflow
const createResponse = await authAgent(owner).post('/workflows').send(makeWorkflow());
const { id, hash: ownerHash } = createResponse.body.data;
await authAgent(owner)
.put(`/workflows/${id}/share`)
.send({ shareWithIds: [member.id] });
// member accesses workflow
const memberGetResponse = await authAgent(member).get(`/workflows/${id}`);
const { hash: memberHash } = memberGetResponse.body.data;
// owner updates workflow settings
await authAgent(owner)
.patch(`/workflows/${id}`)
.send({ settings: { saveManualExecutions: true }, hash: ownerHash });
// member blocked from updating workflow name
const updateAttemptResponse = await authAgent(member)
.patch(`/workflows/${id}`)
.send({ settings: { saveManualExecutions: true }, hash: memberHash });
expect(updateAttemptResponse.status).toBe(400);
expect(updateAttemptResponse.body.message).toContain(
'cannot be saved because it was changed by another user',
);
});
});
Reference in a new issue Copy permalink