Fix policy problems

Author: Knerio

app/graphql/types/node_function_type.rb

@@ -4,8 +4,7 @@ module Types
   class NodeFunctionType < Types::BaseObject
     description 'Represents a Node Function'
 
-    # authorize :read_flow TODO problem is node function doesnt have access to the project, only the runtime
-    # see NodeFunctionPolicy
+    authorize :read_flow
 
     field :next_node, Types::NodeFunctionType, null: true, description: 'The next Node Function in the flow'
     field :parameters, Types::NodeParameterType.connection_type, null: false, method: :node_parameters,

app/models/node_function.rb

@@ -4,12 +4,36 @@ class NodeFunction < ApplicationRecord
   belongs_to :runtime_function, class_name: 'RuntimeFunctionDefinition'
   belongs_to :next_node, class_name: 'NodeFunction', optional: true
 
+  has_one :previous_node, class_name: 'NodeFunction', foreign_key: :next_node_id, inverse_of: :next_node
+
   has_many :node_parameter_values, class_name: 'NodeParameter', inverse_of: :function_value
   has_many :node_parameters, class_name: 'NodeParameter', inverse_of: :node_function
   has_many :flows, class_name: 'Flow', inverse_of: :starting_node
 
   validate :validate_recursion, if: :next_node_changed?
 
+  def resolve_flow
+    flow = Flow.find_by(starting_node: self)
+    if flow.present?
+      return flow
+    end
+
+    NodeFunction.where(next_node: self).each do |node|
+      while node.previous_node.present?
+        node = node.previous_node
+        if node.flow.present?
+          return node.flow
+        end
+      end
+    end
+
+    NodeParameter.where(function_value: self).each do |param|
+      if param.node_function.flow.present?
+        return param.node_function.resolve_flow
+      end
+    end
+  end
+
   def validate_recursion
     current_node = self
     until current_node.next_node.nil?

app/policies/namespace_policy.rb

@@ -20,7 +20,6 @@ class NamespacePolicy < BasePolicy
     enable :read_namespace_member
     enable :read_namespace_member_role
     enable :read_namespace_role
-    enable :read_flow
   end
 
   namespace_resolver { |namespace| namespace }

app/policies/namespace_project_policy.rb

@@ -9,6 +9,10 @@ class NamespaceProjectPolicy < BasePolicy
 
   rule { can_create_projects }.enable :read_namespace_project
 
+  rule { can?(:has_access) }.policy do
+    enable :read_flow
+  end
+
   customizable_permission :assign_project_runtimes
   customizable_permission :read_namespace_project
   customizable_permission :update_namespace_project

app/policies/node_function_policy.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 class NodeFunctionPolicy < BasePolicy
-  delegate { subject.runtime_function }
+  delegate { subject.resolve_flow }
 end

spec/models/flow_spec.rb

@@ -11,5 +11,7 @@
     it { is_expected.to belong_to(:starting_node).class_name('NodeFunction') }
     it { is_expected.to belong_to(:input_type).class_name('DataType').optional }
     it { is_expected.to belong_to(:return_type).class_name('DataType').optional }
+
+    it { is_expected.to have_many(:flow_settings) }
   end
 end

spec/requests/graphql/mutation/namespace/projects/flows/create_mutation_spec.rb

@@ -18,6 +18,9 @@
               id
               parameters {
                 count
+                nodes {
+                  id
+                }
               }
             }
             settings {
@@ -74,11 +77,14 @@
   context 'when user has the permission' do
     before do
       stub_allowed_ability(NamespaceProjectPolicy, :create_flows, user: current_user, subject: project)
+      stub_allowed_ability(NamespaceProjectPolicy, :read_flow, user: current_user, subject: project)
     end
 
     it 'creates namespace project' do
       mutate!
 
+      p parsed_response
+
       created_flow_id = graphql_data_at(:namespaces_projects_flows_create, :flow, :id)
       expect(created_flow_id).to be_present
       flow = SagittariusSchema.object_from_id(created_flow_id)