fix(wf-def): disallow template editing (#2661)

Author: alonp99

services/workflows-service/src/workflow-defintion/workflow-definition.repository.ts

@@ -122,10 +122,19 @@ export class WorkflowDefinitionRepository {
     projectIds: TProjectIds,
     noValidate = false,
   ): Promise<Prisma.BatchPayload> {
+    const workflowDefinition = await this.prisma.workflowDefinition.findUnique({
+      where: { id },
+      select: { isPublic: true },
+    });
+
+    if (workflowDefinition?.isPublic) {
+      throw new Error('Cannot update public workflow definition templates');
+    }
+
     const scopedArgs = this.scopeService.scopeUpdateMany(
       {
         ...args,
-        where: { id },
+        where: { id, isPublic: false },
       },
       projectIds,
     );
@@ -142,6 +151,14 @@ export class WorkflowDefinitionRepository {
     args: Prisma.SelectSubset<T, Omit<Prisma.WorkflowDefinitionDeleteArgs, 'where'>>,
     projectIds: TProjectIds,
   ): Promise<WorkflowDefinition> {
+    const workflowDefinition = await this.prisma.workflowDefinition.findUnique({
+      where: { id },
+      select: { isPublic: true },
+    });
+
+    if (workflowDefinition?.isPublic) {
+      throw new Error('Cannot delete public workflow definition templates');
+    }
     return await this.prisma.workflowDefinition.delete(
       this.scopeService.scopeDelete(
         {

services/workflows-service/src/workflow-defintion/workflow-definition.service.intg.test.ts

@@ -16,7 +16,7 @@ import { ClsService } from 'nestjs-cls';
 import { ApiKeyService } from '@/customer/api-key/api-key.service';
 import { ApiKeyRepository } from '@/customer/api-key/api-key.repository';
 
-const buildWorkflowDefinition = (sequenceNum: number, projectId?: string) => {
+const buildWorkflowDefinition = (sequenceNum: number, projectId?: string, isPublic = false) => {
   return {
     id: sequenceNum.toString(),
     name: `name ${sequenceNum}`,
@@ -42,7 +42,7 @@ const buildWorkflowDefinition = (sequenceNum: number, projectId?: string) => {
       schema: {},
     },
     projectId: projectId,
-    isPublic: false,
+    isPublic: isPublic,
   };
 };
 
@@ -83,7 +83,7 @@ describe('WorkflowDefinitionService', () => {
 
   beforeEach(async () => {
     await prismaService.workflowDefinition.create({
-      data: buildWorkflowDefinition(1),
+      data: buildWorkflowDefinition(Math.floor(Math.random() * 1000) + 1),
     });
 
     const customer = await createCustomer(
@@ -242,4 +242,41 @@ describe('WorkflowDefinitionService', () => {
       expect(latestWorkflowVersion.id).toEqual(updatedWorkflowDefintiion.id);
     });
   });
+
+  describe('Public records (templates)', () => {
+    it('should not allow editing of public records', async () => {
+      // Arrange
+      const publicWorkflowDefinition = await prismaService.workflowDefinition.create({
+        data: buildWorkflowDefinition(11, undefined, true),
+      });
+
+      const updateArgs = {
+        definition: { some: 'new definition' },
+      };
+
+      // Act & Assert
+      await expect(
+        workflowDefinitionService.updateById(publicWorkflowDefinition.id, updateArgs as any, [
+          project.id,
+        ]),
+      ).rejects.toThrow('Cannot update public workflow definition templates');
+    });
+
+    it('should allow reading of public records', async () => {
+      // Arrange
+      const publicWorkflowDefinition = await prismaService.workflowDefinition.create({
+        data: buildWorkflowDefinition(23, undefined, true),
+      });
+
+      // Act
+      const result = await workflowDefinitionService.getLatestVersion(publicWorkflowDefinition.id, [
+        project.id,
+      ]);
+
+      // Assert
+      expect(result).toBeDefined();
+      expect(result.id).toEqual(publicWorkflowDefinition.id);
+      expect(result.isPublic).toBe(true);
+    });
+  });
 });