Fix policy problems

Author: Knerio

app/graphql/types/node_function_type.rb

@@ -4,8 +4,7 @@ module Types
   class NodeFunctionType < Types::BaseObject
     description 'Represents a Node Function'
 
-    # authorize :read_flow TODO problem is node function doesnt have access to the project, only the runtime
-    # see NodeFunctionPolicy
+    authorize :read_flow
 
     field :next_node, Types::NodeFunctionType, null: true, description: 'The next Node Function in the flow'
     field :parameters, Types::NodeParameterType.connection_type, null: false, method: :node_parameters,

app/models/node_function.rb

@@ -4,12 +4,30 @@ class NodeFunction < ApplicationRecord
   belongs_to :runtime_function, class_name: 'RuntimeFunctionDefinition'
   belongs_to :next_node, class_name: 'NodeFunction', optional: true
 
+  has_one :previous_node, class_name: 'NodeFunction', foreign_key: :next_node_id, inverse_of: :next_node
+
   has_many :node_parameter_values, class_name: 'NodeParameter', inverse_of: :function_value
   has_many :node_parameters, class_name: 'NodeParameter', inverse_of: :node_function
   has_many :flows, class_name: 'Flow', inverse_of: :starting_node
 
   validate :validate_recursion, if: :next_node_changed?
 
+  def resolve_flow
+    flow = Flow.find_by(starting_node: self)
+    return flow if flow.present?
+
+    NodeFunction.where(next_node: self).find_each do |node|
+      while node.previous_node.present?
+        node = node.previous_node
+        return node.flow if node.flow.present?
+      end
+    end
+
+    NodeParameter.where(function_value: self).find_each do |param|
+      return param.node_function.resolve_flow if param.node_function.flow.present?
+    end
+  end
+
   def validate_recursion
     current_node = self
     until current_node.next_node.nil?

app/policies/namespace_policy.rb

@@ -21,6 +21,10 @@ class NamespacePolicy < BasePolicy
     enable :read_namespace_member_role
     enable :read_namespace_role
     enable :read_flow
+    enable :read_runtime
+    enable :read_datatype
+    enable :read_flow_type
+    enable :read_flow_type_setting
   end
 
   namespace_resolver { |namespace| namespace }

app/policies/namespace_project_policy.rb

@@ -9,6 +9,10 @@ class NamespaceProjectPolicy < BasePolicy
 
   rule { can_create_projects }.enable :read_namespace_project
 
+  rule { can?(:has_access) }.policy do
+    enable :read_flow
+  end
+
   customizable_permission :assign_project_runtimes
   customizable_permission :read_namespace_project
   customizable_permission :update_namespace_project

app/policies/node_function_policy.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 class NodeFunctionPolicy < BasePolicy
-  delegate { subject.runtime_function }
+  delegate { subject.resolve_flow }
 end

docs/graphql/enum/namespaceroleability.md

@@ -10,12 +10,12 @@ Represents abilities that can be granted to roles in namespaces.
 | `ASSIGN_PROJECT_RUNTIMES` | Allows to assign runtimes to a project in the namespace |
 | `ASSIGN_ROLE_ABILITIES` | Allows to change the abilities of a namespace role |
 | `ASSIGN_ROLE_PROJECTS` | Allows to change the assigned projects of a namespace role |
-| `CREATE_FLOWS` | Allows to create flows in the namespace |
+| `CREATE_FLOWS` | Allows to create flows in the project |
 | `CREATE_NAMESPACE_LICENSE` | Allows to create a license for the namespace |
 | `CREATE_NAMESPACE_PROJECT` | Allows to create a project in the namespace |
 | `CREATE_NAMESPACE_ROLE` | Allows the creation of roles in a namespace |
 | `CREATE_RUNTIME` | Allows to create a runtime globally or for the namespace |
-| `DELETE_FLOWS` | Allows to delete flows in the namespace |
+| `DELETE_FLOWS` | Allows to delete flows in the project |
 | `DELETE_MEMBER` | Allows to remove members of a namespace |
 | `DELETE_NAMESPACE_LICENSE` | Allows to delete the license of the namespace |
 | `DELETE_NAMESPACE_PROJECT` | Allows to delete the project of the namespace |
@@ -24,10 +24,11 @@ Represents abilities that can be granted to roles in namespaces.
 | `DELETE_RUNTIME` | Allows to delete a runtime |
 | `INVITE_MEMBER` | Allows to invite new members to a namespace |
 | `NAMESPACE_ADMINISTRATOR` | Allows to perform any action in the namespace |
+| `READ_FLOW` | Allows to read flows in the project |
 | `READ_NAMESPACE_LICENSE` | Allows to read the license of the namespace |
 | `READ_NAMESPACE_PROJECT` | Allows to read the project of the namespace |
 | `ROTATE_RUNTIME_TOKEN` | Allows to regenerate a runtime token |
-| `UPDATE_FLOWS` | Allows to update flows in the namespace |
+| `UPDATE_FLOWS` | Allows to update flows in the project |
 | `UPDATE_NAMESPACE_PROJECT` | Allows to update the project of the namespace |
 | `UPDATE_NAMESPACE_ROLE` | Allows to update the namespace role |
 | `UPDATE_ORGANIZATION` | Allows to update the organization |

docs/graphql/input_object/flowinput.md

@@ -8,8 +8,6 @@ Input type for creating or updating a flow
 
 | Name | Type | Description |
 |------|------|-------------|
-| `inputType` | [`DataTypeID`](../scalar/datatypeid.md) | The ID of the input data type |
-| `returnType` | [`DataTypeID`](../scalar/datatypeid.md) | The ID of the return data type |
 | `settings` | [`[FlowSettingInput!]`](../input_object/flowsettinginput.md) | The settings of the flow |
 | `startingNode` | [`NodeFunctionInput!`](../input_object/nodefunctioninput.md) | The starting node of the flow |
 | `type` | [`FlowTypeID!`](../scalar/flowtypeid.md) | The identifier of the flow type |

docs/graphql/mutation/namespacesprojectsflowsdelete.md

@@ -0,0 +1,20 @@
+---
+title: namespacesProjectsFlowsDelete
+---
+
+Deletes a namespace project.
+
+## Arguments
+
+| Name | Type | Description |
+|------|------|-------------|
+| `clientMutationId` | [`String`](../scalar/string.md) | A unique identifier for the client performing the mutation. |
+| `flowId` | [`FlowID!`](../scalar/flowid.md) | The id of the flow which will be deleted |
+
+## Fields
+
+| Name | Type | Description |
+|------|------|-------------|
+| `clientMutationId` | [`String`](../scalar/string.md) | A unique identifier for the client performing the mutation. |
+| `errors` | [`[Error!]!`](../union/error.md) | Errors encountered during execution of the mutation. |
+| `flow` | [`Flow`](../object/flow.md) | The deleted flow. |

docs/graphql/object/flow.md

@@ -9,7 +9,6 @@ Represents a flow
 | Name | Type | Description |
 |------|------|-------------|
 | `createdAt` | [`Time!`](../scalar/time.md) | Time when this Flow was created |
-| `flowId` | [`FlowID!`](../scalar/flowid.md) | The global ID of the flow |
 | `id` | [`FlowID!`](../scalar/flowid.md) | Global ID of this Flow |
 | `inputType` | [`DataType`](../object/datatype.md) | The input data type of the flow |
 | `returnType` | [`DataType`](../object/datatype.md) | The return data type of the flow |

docs/graphql/object/flowsetting.md

@@ -9,7 +9,7 @@ Represents a flow setting
 | Name | Type | Description |
 |------|------|-------------|
 | `createdAt` | [`Time!`](../scalar/time.md) | Time when this FlowSetting was created |
-| `databaseId` | [`FlowSettingID!`](../scalar/flowsettingid.md) | The global ID of the flow setting |
+| `flowSettingId` | [`String!`](../scalar/string.md) | The identifier of the flow setting |
 | `id` | [`FlowSettingID!`](../scalar/flowsettingid.md) | Global ID of this FlowSetting |
 | `updatedAt` | [`Time!`](../scalar/time.md) | Time when this FlowSetting was last updated |
 | `value` | [`JSON!`](../scalar/json.md) | The value of the flow setting |

docs/graphql/object/nodefunction.md

@@ -9,9 +9,9 @@ Represents a Node Function
 | Name | Type | Description |
 |------|------|-------------|
 | `createdAt` | [`Time!`](../scalar/time.md) | Time when this NodeFunction was created |
-| `function` | [`NodeFunctionDefinition!`](../object/nodefunctiondefinition.md) | The definition of the Node Function |
 | `id` | [`NodeFunctionID!`](../scalar/nodefunctionid.md) | Global ID of this NodeFunction |
 | `nextNode` | [`NodeFunction`](../object/nodefunction.md) | The next Node Function in the flow |
 | `parameters` | [`NodeParameterConnection!`](../object/nodeparameterconnection.md) | The parameters of the Node Function |
+| `runtimeFunction` | [`RuntimeFunctionDefinition!`](../object/runtimefunctiondefinition.md) | The definition of the Node Function |
 | `updatedAt` | [`Time!`](../scalar/time.md) | Time when this NodeFunction was last updated |
 

docs/graphql/object/nodefunctiondefinition.md

@@ -9,8 +9,8 @@ Represents a Node parameter
 | Name | Type | Description |
 |------|------|-------------|
 | `createdAt` | [`Time!`](../scalar/time.md) | Time when this NodeParameter was created |
-| `definition` | [`NodeParameterDefinition!`](../object/nodeparameterdefinition.md) | The definition of the parameter |
 | `id` | [`NodeParameterID!`](../scalar/nodeparameterid.md) | Global ID of this NodeParameter |
+| `runtimeParameter` | [`RuntimeParameterDefinition!`](../object/runtimeparameterdefinition.md) | The definition of the parameter |
 | `updatedAt` | [`Time!`](../scalar/time.md) | Time when this NodeParameter was last updated |
 | `value` | [`NodeParameterValue`](../union/nodeparametervalue.md) | The value of the parameter |
 

docs/graphql/object/nodeparameter.md

@@ -0,0 +1,14 @@
+---
+title: RuntimeFunctionDefinition
+---
+
+Represents a Node Function definition
+
+## Fields without arguments
+
+| Name | Type | Description |
+|------|------|-------------|
+| `createdAt` | [`Time!`](../scalar/time.md) | Time when this RuntimeFunctionDefinition was created |
+| `id` | [`RuntimeParameterDefinitionID!`](../scalar/runtimeparameterdefinitionid.md) | Global ID of this RuntimeFunctionDefinition |
+| `updatedAt` | [`Time!`](../scalar/time.md) | Time when this RuntimeFunctionDefinition was last updated |
+

docs/graphql/object/nodeparameterdefinition.md

@@ -0,0 +1,14 @@
+---
+title: RuntimeParameterDefinition
+---
+
+Represents a Node parameter definition
+
+## Fields without arguments
+
+| Name | Type | Description |
+|------|------|-------------|
+| `createdAt` | [`Time!`](../scalar/time.md) | Time when this RuntimeParameterDefinition was created |
+| `id` | [`RuntimeParameterDefinitionID!`](../scalar/runtimeparameterdefinitionid.md) | Global ID of this RuntimeParameterDefinition |
+| `updatedAt` | [`Time!`](../scalar/time.md) | Time when this RuntimeParameterDefinition was last updated |
+

docs/graphql/object/runtimefunctiondefinition.md

@@ -11,5 +11,7 @@
     it { is_expected.to belong_to(:starting_node).class_name('NodeFunction') }
     it { is_expected.to belong_to(:input_type).class_name('DataType').optional }
     it { is_expected.to belong_to(:return_type).class_name('DataType').optional }
+
+    it { is_expected.to have_many(:flow_settings) }
   end
 end

docs/graphql/object/runtimeparameterdefinition.md

@@ -18,6 +18,9 @@
               id
               parameters {
                 count
+                nodes {
+                  id
+                }
               }
             }
             settings {
@@ -74,6 +77,7 @@
   context 'when user has the permission' do
     before do
       stub_allowed_ability(NamespaceProjectPolicy, :create_flows, user: current_user, subject: project)
+      stub_allowed_ability(NamespaceProjectPolicy, :read_flow, user: current_user, subject: project)
     end
 
     it 'creates namespace project' do

spec/models/flow_spec.rb

@@ -36,9 +36,9 @@
   context 'when user has permission' do
     before do
       stub_allowed_ability(NamespaceProjectPolicy, :delete_flows, user: current_user,
-                                                                            subject: namespace_project)
+                                                                  subject: namespace_project)
       stub_allowed_ability(NamespaceProjectPolicy, :read_flow, user: current_user,
-                           subject: namespace_project)
+                                                               subject: namespace_project)
     end
 
     it 'deletes flow' do
@@ -71,7 +71,8 @@
       mutate!
 
       expect(graphql_data_at(:namespaces_projects_flows_delete, :flow)).to be_nil
-      expect(graphql_data_at(:namespaces_projects_flows_delete, :errors)).to include({ 'message' => 'missing_permission' })
+      expect(graphql_data_at(:namespaces_projects_flows_delete,
+                             :errors)).to include({ 'message' => 'missing_permission' })
     end
   end
 end