diff --git a/api-tests/core/admin/ee/review-workflows.test.api.js b/api-tests/core/admin/ee/review-workflows.test.api.js index 0ce21e656c..3b0d8bbd2a 100644 --- a/api-tests/core/admin/ee/review-workflows.test.api.js +++ b/api-tests/core/admin/ee/review-workflows.test.api.js @@ -648,8 +648,14 @@ describeOnCondition(edition === 'EE')('Review workflows', () => { let utils; let entry; let restrictedRequest; + let restrictedUser; let restrictedRole; + const deleteFixtures = async () => { + await utils.deleteUserById(restrictedUser.id); + await utils.deleteRolesById([restrictedRole.id]); + }; + beforeAll(async () => { // Update workflow to assign content type await requests.admin.put(`/admin/review-workflows/workflows/${testWorkflow.id}?populate=*`, { @@ -658,24 +664,28 @@ describeOnCondition(edition === 'EE')('Review workflows', () => { entry = await createEntry(productUID, { name: 'Product' }); - const restrictedUser = { - email: 'restricted@user.io', - password: 'Restricted123', - }; - utils = createUtils(strapi); const role = await utils.createRole({ name: 'restricted-role', description: '', }); + restrictedRole = role; - await utils.createUserIfNotExists({ - ...restrictedUser, + const restrictedUserInfo = { + email: 'restricted@user.io', + password: 'Restricted123', + }; + + restrictedUser = await utils.createUserIfNotExists({ + ...restrictedUserInfo, roles: [role.id], }); - restrictedRole = role; - restrictedRequest = await createAuthRequest({ strapi, userInfo: restrictedUser }); + restrictedRequest = await createAuthRequest({ strapi, userInfo: restrictedUserInfo }); + }); + + afterAll(async () => { + await deleteFixtures(); }); test("It shouldn't be available for public", async () => { diff --git a/packages/core/admin/ee/server/services/__tests__/stages.test.js b/packages/core/admin/ee/server/services/__tests__/stages.test.js index 132f105d72..23fc7c78dc 100644 --- a/packages/core/admin/ee/server/services/__tests__/stages.test.js +++ b/packages/core/admin/ee/server/services/__tests__/stages.test.js @@ -247,5 +247,29 @@ describe('Review workflows - Stages service', () => { expect(entityServiceMock.update).toBeCalled(); expect(entityServiceMock.delete).toBeCalled(); }); + + test('Undefined destination stage permissions should apply a partial permission update', async () => { + const srcStages = workflowMock.stages.map((stage) => ({ + ...stage, + permissions: [{ id: 1, role: 'role', action: 'action' }], + })); + + const destStages = workflowMock.stages.map((stage, index) => ({ + ...stage, + name: `Updated Name ${index}`, + })); + + await stagesService.replaceStages(srcStages, destStages); + + expect(entityServiceMock.create).not.toBeCalled(); + expect(entityServiceMock.delete).not.toBeCalled(); + expect(entityServiceMock.update).toBeCalledTimes(4); + + destStages.forEach((stage, index) => { + expect(entityServiceMock.update).toBeCalledWith('admin::workflow-stage', stage.id, { + data: { ...stage, permissions: srcStages[index].permissions }, + }); + }); + }); }); }); diff --git a/packages/core/admin/ee/server/services/review-workflows/stages.js b/packages/core/admin/ee/server/services/review-workflows/stages.js index e72a9a67d1..2e96d17203 100644 --- a/packages/core/admin/ee/server/services/review-workflows/stages.js +++ b/packages/core/admin/ee/server/services/review-workflows/stages.js @@ -78,12 +78,12 @@ module.exports = ({ strapi }) => { }, async update(srcStage, destStage) { - let stagePermissions = []; + let stagePermissions = srcStage?.permissions ?? []; const stageId = destStage.id; - await this.deleteStagePermissions([srcStage]); - if (destStage.permissions) { + await this.deleteStagePermissions([srcStage]); + const permissions = await mapAsync(destStage.permissions, (permission) => stagePermissionsService.register(permission.role, permission.action, stageId) ); @@ -153,6 +153,7 @@ module.exports = ({ strapi }) => { // Update the workflow stages await mapAsync(updated, (destStage) => { const srcStage = srcStages.find((s) => s.id === destStage.id); + return this.update(srcStage, destStage); });