fix(server): fixed validation in regards to workspaces, when they're secondary resource targets #2814
Conversation
| @@ -31,6 +31,11 @@ export const validateProjectInviteBeforeFinalizationFactory = | |||
| ) | |||
| } | |||
|
|
|||
| // If decline, skip all further validation | |||
| if (action === InviteFinalizationAction.DECLINE) { | |||
There was a problem hiding this comment.
I've had scenarios when something went wrong and the invite was stuck in a busted state and you couldn't even decline it. I've changed the logic so that declining skips a lot of validation so that you can always get rid of these.
| /** | ||
| * Convert the initial validation function to a finalization validation function so same logic can be reused | ||
| */ | ||
| export const convertToFinalizationValidation = (params: { |
There was a problem hiding this comment.
Allows running the same validation logic we do on invite create also on invite finalization (more DRY)
| expect(res.data?.projectMutations.invites.createForWorkspace.id).to.be.ok | ||
| }) | ||
|
|
||
| it("can't indirectly invite to workspace if not workspace admin", async () => { |
There was a problem hiding this comment.
This validates: "Workspace project invites must be validated, only workspace admins can send out project invites, that also have workspace invites in them"
| expect(res.data?.projectMutations.invites.createForWorkspace.id).to.not.be.ok | ||
| }) | ||
|
|
||
| it('can invite to workspace project even if not workspace admin, if target already belongs to workspace', async () => { |
There was a problem hiding this comment.
This validates that a project owner can invite workspace members into a project, even if they're not a workspace admin
| @@ -210,7 +293,7 @@ export const finalizeResourceInviteFactory = | |||
|
|
|||
| try { | |||
| // Add email | |||
| if (isNewEmailTarget) { | |||
| if (isNewEmailTarget && action === InviteFinalizationAction.ACCEPT) { | |||
There was a problem hiding this comment.
There was a bug here where new email was added even if action was DECLINE (new test case added for this too)
| // If workspace project, ensure secondaryResourceRoles are set (channeling users | ||
| // to the correct gql resolver) | ||
| const project = await deps.getStream({ streamId: resourceId }) | ||
| if (!allowWorkspacedProjects && project && project?.workspaceId) { |
There was a problem hiding this comment.
This prevents workspace project invite creation from the default mutation resolver
| @@ -1,5 +1,24 @@ | |||
| import { InviteResourceTarget } from '@/modules/serverinvites/domain/types' | |||
There was a problem hiding this comment.
moved some constants & types to workspacesCore, since I needed to reference them outside of workspaces
| */ | ||
| haveGraphQLErrors(message?: string): void | ||
| haveGraphQLErrors( | ||
| messageOrOptions?: string | ({ message: string } | { code: string }) |
There was a problem hiding this comment.
Added support for checking for error codes, instead of messages - less brittle tests that way
| expect(res.data?.projectMutations.invites.createForWorkspace.id).to.be.ok | ||
| }) | ||
|
|
||
| it("can't invite invalid domain email to domain protected workspace project", async () => { |
There was a problem hiding this comment.
Validates that workspace project invites also follow workspace domain policy restrictions
This might possibly also address the issue of domain policy validation being skipped, because its the same solution for both issues: Ensuring that workspace validation occurs even when the workspace is a secondary resource target.
I also added logic that re-runs the same validation that runs on invite create also on finalization, that way we don't need to duplicate a lot of it in both places
Also added new tests, where it made sense