From cdf6d6508299b3d0b591fdf2476538bf37bf3a5c Mon Sep 17 00:00:00 2001 From: "aakash.reddy@techdome.net.in" Date: Wed, 17 Sep 2025 14:38:54 +0530 Subject: [PATCH 1/3] fix: condition check for insert generate variable --- .../workspace/services/collection.service.ts | 21 ++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/src/modules/workspace/services/collection.service.ts b/src/modules/workspace/services/collection.service.ts index 588d5e09d..c5e7cbe3b 100644 --- a/src/modules/workspace/services/collection.service.ts +++ b/src/modules/workspace/services/collection.service.ts @@ -1,5 +1,6 @@ import { BadRequestException, + ForbiddenException, Injectable, NotFoundException, UnauthorizedException, @@ -56,6 +57,7 @@ import { RequestBodyDto } from "@src/modules/common/models/collection.model"; import { UserRepository } from "@src/modules/identity/repositories/user.repository"; import { CollectionGenerateVariableDto } from "@src/modules/common/models/collection.model"; import { CollectionRequestService } from "./collection-request.service"; +import { WorkspaceRole } from "@src/modules/common/enum/roles.enum"; @Injectable() export class CollectionService { @@ -1379,6 +1381,23 @@ export class CollectionService { "Please provide collectionId and Generated Variables.", ); } + const workspaceDetails = await this.workspaceRepository.get(workspaceId); + const matchingUser = workspaceDetails.users?.find( + (currentUser) => currentUser.id === user._id.toString(), + ); + if (!matchingUser) { + throw new NotFoundException( + `User with ${user.email} not found in workspace.`, + ); + } + if ( + matchingUser.role !== WorkspaceRole.ADMIN && + matchingUser.role !== WorkspaceRole.EDITOR + ) { + throw new ForbiddenException( + "You do not have permission to modify generated variables. Only Admin or Editor can perform this action.", + ); + } const collectionDocument = await this.getCollection(collectionId); if (!collectionDocument) { throw new NotFoundException("Collection is not Found."); @@ -1387,7 +1406,7 @@ export class CollectionService { const validGeneratedPairs = generatedPairs.filter( (pair) => pair.key?.trim() && pair.value?.trim(), ); - if(validGeneratedPairs.length < 1){ + if (validGeneratedPairs.length < 1) { throw new BadRequestException( "Please provide Vaild Generated Variables.", ); From 0256c56a6f8780516491e5a9a52ec8c0ebad2155 Mon Sep 17 00:00:00 2001 From: "aakash.reddy@techdome.net.in" Date: Wed, 17 Sep 2025 14:41:17 +0530 Subject: [PATCH 2/3] fix: condition check for insert generate variable --- src/modules/workspace/services/collection.service.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/modules/workspace/services/collection.service.ts b/src/modules/workspace/services/collection.service.ts index c5e7cbe3b..fd9e481c7 100644 --- a/src/modules/workspace/services/collection.service.ts +++ b/src/modules/workspace/services/collection.service.ts @@ -1395,7 +1395,7 @@ export class CollectionService { matchingUser.role !== WorkspaceRole.EDITOR ) { throw new ForbiddenException( - "You do not have permission to modify generated variables. Only Admin or Editor can perform this action.", + "You do not have permission to modify generated variables.", ); } const collectionDocument = await this.getCollection(collectionId); From ac038ff05c351d5cd807f42f27e153a01a6de017 Mon Sep 17 00:00:00 2001 From: "aakash.reddy@techdome.net.in" Date: Wed, 8 Oct 2025 12:46:43 +0530 Subject: [PATCH 3/3] fix: updated the function permission --- .../workspace/services/collection.service.ts | 20 ++++--------------- 1 file changed, 4 insertions(+), 16 deletions(-) diff --git a/src/modules/workspace/services/collection.service.ts b/src/modules/workspace/services/collection.service.ts index fd9e481c7..9bdc7e366 100644 --- a/src/modules/workspace/services/collection.service.ts +++ b/src/modules/workspace/services/collection.service.ts @@ -1381,23 +1381,11 @@ export class CollectionService { "Please provide collectionId and Generated Variables.", ); } - const workspaceDetails = await this.workspaceRepository.get(workspaceId); - const matchingUser = workspaceDetails.users?.find( - (currentUser) => currentUser.id === user._id.toString(), + await this.workspaceService.IsWorkspaceAdminOrEditor( + workspaceId, + user._id, ); - if (!matchingUser) { - throw new NotFoundException( - `User with ${user.email} not found in workspace.`, - ); - } - if ( - matchingUser.role !== WorkspaceRole.ADMIN && - matchingUser.role !== WorkspaceRole.EDITOR - ) { - throw new ForbiddenException( - "You do not have permission to modify generated variables.", - ); - } + await this.checkPermission(workspaceId, user._id); const collectionDocument = await this.getCollection(collectionId); if (!collectionDocument) { throw new NotFoundException("Collection is not Found.");