From 466035face3a0472fe8804e91d3d25854c3502a0 Mon Sep 17 00:00:00 2001
From: Marc-Roig <marc12info@gmail.com>
Date: Mon, 24 Apr 2023 11:20:49 +0200
Subject: [PATCH 1/2] feat: limit number of stages to 200

---
 .../core/admin/ee/server/validation/review-workflows.js    | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/packages/core/admin/ee/server/validation/review-workflows.js b/packages/core/admin/ee/server/validation/review-workflows.js
index 4f67c8645f..af8464d83f 100644
--- a/packages/core/admin/ee/server/validation/review-workflows.js
+++ b/packages/core/admin/ee/server/validation/review-workflows.js
@@ -7,7 +7,12 @@ const stageObject = yup.object().shape({
   name: yup.string().max(255).required(),
 });
 
-const validateUpdateStagesSchema = yup.array().of(stageObject).required();
+const validateUpdateStagesSchema = yup
+  .array()
+  .of(stageObject)
+  .required()
+  .max(200, 'You can not create more than 200 stages');
+
 const validateUpdateStageOnEntity = yup
   .object()
   .shape({

From 09e21070815dd1fad10071ca69f7fe2239a25a14 Mon Sep 17 00:00:00 2001
From: Marc-Roig <marc12info@gmail.com>
Date: Mon, 24 Apr 2023 11:52:05 +0200
Subject: [PATCH 2/2] test: can not create more than 200 stages

---
 .../core/admin/ee/review-workflows.test.api.js    | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/api-tests/core/admin/ee/review-workflows.test.api.js b/api-tests/core/admin/ee/review-workflows.test.api.js
index c21cb4d975..23684987d0 100644
--- a/api-tests/core/admin/ee/review-workflows.test.api.js
+++ b/api-tests/core/admin/ee/review-workflows.test.api.js
@@ -344,6 +344,19 @@ describeOnCondition(edition === 'EE')('Review workflows', () => {
         expect(workflowRes.body.data).toBeUndefined();
       }
     });
+    test('It should throw an error if trying to create more than 200 stages', async () => {
+      const stagesRes = await requests.admin.put(
+        `/admin/review-workflows/workflows/${testWorkflow.id}/stages`,
+        { body: { data: Array(201).fill({ name: 'new stage' }) } }
+      );
+
+      if (hasRW) {
+        expect(stagesRes.status).toBe(400);
+        expect(stagesRes.body.error).toBeDefined();
+        expect(stagesRes.body.error.name).toEqual('ValidationError');
+        expect(stagesRes.body.error.message).toBeDefined();
+      }
+    });
   });
 
   describe('Enabling/Disabling review workflows on a content type', () => {
@@ -407,7 +420,7 @@ describeOnCondition(edition === 'EE')('Review workflows', () => {
     });
   });
 
-  describe('update a stage on an entity', () => {
+  describe('Update a stage on an entity', () => {
     describe('Review Workflow is enabled', () => {
       beforeAll(async () => {
         await updateContentType(productUID, {