Update Workflow serializer to use Session ALS

Author: CarsonF

src/components/workflow/permission.serializer.ts

@@ -1,14 +1,19 @@
 import { setOf } from '@seedcompany/common';
 import { DateTime } from 'luxon';
 import { type ID, Role, type Session } from '~/common';
+import { type SessionHost } from '../authentication';
 import { type Privileges, type UserResourcePrivileges } from '../authorization';
 import { Condition } from '../authorization/policy/conditions';
 import { type Workflow } from './define-workflow';
 import { type SerializedWorkflowTransitionPermission as SerializedTransitionPermission } from './dto/serialized-workflow.dto';
 import { TransitionCondition } from './workflow.granter';
 
 export const transitionPermissionSerializer =
-  <W extends Workflow>(workflow: W, privileges: Privileges) =>
+  <W extends Workflow>(
+    workflow: W,
+    privileges: Privileges,
+    sessionHost: SessionHost,
+  ) =>
   (transition: W['transition']): readonly SerializedTransitionPermission[] => {
     const all = [...Role].flatMap((role) => {
       const session: Session = {
@@ -18,21 +23,23 @@ export const transitionPermissionSerializer =
         anonymous: false,
         roles: [`global:${role}`],
       };
-      const p = privileges.for(session, workflow.eventResource);
-      const readEvent = resolve(p, 'read', transition.key);
-      const execute = resolve(p, 'create', transition.key);
-      return [
-        {
-          role,
-          readEvent: readEvent !== false,
-          condition: renderCondition(readEvent),
-        },
-        {
-          role,
-          execute: execute !== false,
-          condition: renderCondition(execute),
-        },
-      ];
+      return sessionHost.withSession(session, () => {
+        const p = privileges.for(workflow.eventResource);
+        const readEvent = resolve(p, 'read', transition.key);
+        const execute = resolve(p, 'create', transition.key);
+        return [
+          {
+            role,
+            readEvent: readEvent !== false,
+            condition: renderCondition(readEvent),
+          },
+          {
+            role,
+            execute: execute !== false,
+            condition: renderCondition(execute),
+          },
+        ];
+      });
     });
 
     // Remove roles that are never applicable.

src/components/workflow/workflow.service.ts

@@ -1,6 +1,7 @@
 import { Inject, Injectable } from '@nestjs/common';
 import { type Nil } from '@seedcompany/common';
 import { type ID, type Session, UnauthorizedException } from '~/common';
+import { SessionHost } from '../authentication';
 import { Privileges } from '../authorization';
 import { MissingContextException } from '../authorization/policy/conditions';
 import { type Workflow } from './define-workflow';
@@ -19,6 +20,7 @@ export const WorkflowService = <W extends Workflow>(workflow: () => W) => {
   @Injectable()
   abstract class WorkflowServiceClass {
     @Inject() protected readonly privileges: Privileges;
+    @Inject() protected readonly sessionHost: SessionHost;
     protected readonly workflow: W;
 
     constructor() {
@@ -142,7 +144,11 @@ export const WorkflowService = <W extends Workflow>(workflow: () => W) => {
     serialize() {
       return SerializedWorkflow.from(
         this.workflow,
-        transitionPermissionSerializer(this.workflow, this.privileges),
+        transitionPermissionSerializer(
+          this.workflow,
+          this.privileges,
+          this.sessionHost,
+        ),
       );
     }
   }