Merge pull request #3244 from SeedCompany/project-workflow

CarsonF · web-flow · commit b37106e12430 · 2024-06-18T15:22:28.000-05:00
diff --git a/src/components/authorization/policies/conditions/creator.condition.ts b/src/components/authorization/policies/conditions/creator.condition.ts
@@ -14,6 +14,7 @@ import {
   AsCypherParams,
   Condition,
   IsAllowedParams,
+  MissingContextException,
 } from '../../policy/conditions';
 
 const CQL_VAR = 'requestingUser';
@@ -27,7 +28,7 @@ class CreatorCondition<TResourceStatic extends ResourceShape<HasCreator>>
 {
   isAllowed({ object, session }: IsAllowedParams<TResourceStatic>) {
     if (!object) {
-      throw new Error("Needed object but wasn't given");
+      throw new MissingContextException();
     }
 
     const creator = (() => {
diff --git a/src/components/authorization/policies/conditions/enum-field.condition.ts b/src/components/authorization/policies/conditions/enum-field.condition.ts
@@ -8,6 +8,7 @@ import {
   Condition,
   eqlInLiteralSet,
   IsAllowedParams,
+  MissingContextException,
 } from '../../policy/conditions';
 
 export class EnumFieldCondition<
@@ -25,14 +26,18 @@ export class EnumFieldCondition<
     // Double check at runtime that object has these, since they are usually
     // declared from DB, which cannot be verified.
     if (!object) {
-      throw new Error(`Needed object's ${this.path} but object wasn't given`);
+      throw new MissingContextException(
+        `Needed object's ${this.path} but object wasn't given`,
+      );
     }
     const value = get(object, this.path) as
       | Get<InstanceType<TResourceStatic>, Path>
       | undefined;
     const actual = unwrapSecured(value);
     if (!actual) {
-      throw new Error(`Needed object's ${this.path} but it wasn't found`);
+      throw new MissingContextException(
+        `Needed object's ${this.path} but it wasn't found`,
+      );
     }
 
     return this.allowed.has(actual);
diff --git a/src/components/authorization/policies/conditions/self.condition.ts b/src/components/authorization/policies/conditions/self.condition.ts
@@ -7,6 +7,7 @@ import {
   Condition,
   fqnRelativeTo,
   IsAllowedParams,
+  MissingContextException,
 } from '../../policy/conditions';
 
 const CQL_VAR = 'requestingUser';
@@ -16,7 +17,7 @@ class SelfCondition<TResourceStatic extends typeof User>
 {
   isAllowed({ object, session }: IsAllowedParams<TResourceStatic>) {
     if (!object) {
-      throw new Error("Needed user object but wasn't given");
+      throw new MissingContextException();
     }
     return object.id === session.userId;
   }
diff --git a/src/components/authorization/policies/conditions/sensitivity.condition.ts b/src/components/authorization/policies/conditions/sensitivity.condition.ts
@@ -7,6 +7,7 @@ import {
   Condition,
   fqnRelativeTo,
   IsAllowedParams,
+  MissingContextException,
 } from '../../policy/conditions';
 
 const sensitivityRank = { High: 3, Medium: 2, Low: 1 };
@@ -32,14 +33,14 @@ export class SensitivityCondition<
     // Double check at runtime that object has these, since they are usually
     // declared from DB which cannot be verified.
     if (!object) {
-      throw new Error("Needed object's sensitivity but object wasn't given");
+      throw new MissingContextException();
     }
     const actual: Sensitivity | undefined =
       Reflect.get(object, EffectiveSensitivity) ??
       Reflect.get(object, 'sensitivity');
 
     if (!actual) {
-      throw new Error(
+      throw new MissingContextException(
         "Needed object's sensitivity but object's sensitivity wasn't given",
       );
     }
diff --git a/src/components/authorization/policies/conditions/variant.condition.ts b/src/components/authorization/policies/conditions/variant.condition.ts
@@ -6,6 +6,7 @@ import {
   Condition,
   eqlInLiteralSet,
   IsAllowedParams,
+  MissingContextException,
 } from '../../policy/conditions';
 
 const VariantForCondition = Symbol('Variant');
@@ -21,7 +22,7 @@ export class VariantCondition<TResourceStatic extends ResourceShape<any>>
 
   isAllowed({ object }: IsAllowedParams<TResourceStatic>) {
     if (!object) {
-      throw new Error("Needed object but wasn't given");
+      throw new MissingContextException();
     }
 
     const current = Reflect.get(
diff --git a/src/components/authorization/policy/conditions/index.ts b/src/components/authorization/policy/conditions/index.ts
@@ -1,4 +1,5 @@
 export * from './condition.interface';
+export * from './missing-context.exception';
 export * from './aggregate.condition';
 export * from './calculated.condition';
 export * from './eql.util';
diff --git a/src/components/authorization/policy/conditions/missing-context.exception.ts b/src/components/authorization/policy/conditions/missing-context.exception.ts
@@ -0,0 +1,7 @@
+import { ServerException } from '~/common';
+
+export class MissingContextException extends ServerException {
+  constructor(message?: string, cause?: Error) {
+    super(message ?? "Needed context object but wasn't given", cause);
+  }
+}
diff --git a/src/components/project/workflow/dto/execute-project-transition.input.ts b/src/components/project/workflow/dto/execute-project-transition.input.ts
diff --git a/src/components/project/workflow/dto/index.ts b/src/components/project/workflow/dto/index.ts
@@ -1,3 +1,3 @@
-export * from './execute-progress-report-transition.input';
+export * from './execute-project-transition.input';
 export * from './workflow-event.dto';
 export * from './workflow-transition.dto';
diff --git a/src/components/project/workflow/project-workflow.service.ts b/src/components/project/workflow/project-workflow.service.ts
@@ -57,10 +57,6 @@ export class ProjectWorkflowService extends WorkflowService(
     );
   }
 
-  canBypass(session: Session) {
-    return this.privileges.for(session, WorkflowEvent).can('create');
-  }
-
   async executeTransition(
     input: ExecuteProjectTransitionInput,
     session: Session,
diff --git a/src/components/project/workflow/project-workflow.ts b/src/components/project/workflow/project-workflow.ts
@@ -13,10 +13,10 @@ import {
   ResolveParams,
 } from './transitions/dynamic-step';
 import {
-  EmailDistro,
-  FinancialApprovers,
-  TeamMembers,
-} from './transitions/notifiers';
+  ApprovalFromEarlyConversationsRequiresEngagements,
+  ImplicitlyNotifyTeamMembers,
+} from './transitions/enhancers';
+import { EmailDistro, FinancialApprovers } from './transitions/notifiers';
 
 // This also controls the order shown in the UI.
 // Therefore, these should generally flow down.
@@ -38,7 +38,10 @@ export const ProjectWorkflow = defineWorkflow({
   states: Step,
   event: ProjectWorkflowEvent,
   context: defineContext<ResolveParams>,
-  defaultNotifiers: [TeamMembers],
+  transitionEnhancers: [
+    ImplicitlyNotifyTeamMembers, //
+    ApprovalFromEarlyConversationsRequiresEngagements,
+  ],
 })({
   // In Development
   // region
diff --git a/src/components/project/workflow/transitions/conditions.ts b/src/components/project/workflow/transitions/conditions.ts
@@ -23,6 +23,16 @@ export const IsMultiplication: Condition = {
   },
 };
 
+export const HasEngagement: Condition = {
+  description: 'Has an engagement',
+  resolve({ project }) {
+    return {
+      status: project.engagementTotal > 0 ? 'ENABLED' : 'DISABLED',
+      disabledReason: `Create an engagement first`,
+    };
+  },
+};
+
 export const RequireOngoingEngagementsToBeFinalizingCompletion: Condition = {
   description:
     'All engagements must be Finalizing Completion or in a terminal status',
diff --git a/src/components/project/workflow/transitions/enhancers.ts b/src/components/project/workflow/transitions/enhancers.ts
@@ -0,0 +1,22 @@
+import { TransitionEnhancer } from '../../../workflow/define-workflow';
+import { ProjectStep as Step } from '../../dto';
+import { HasEngagement } from './conditions';
+import { ResolveParams } from './dynamic-step';
+import { TeamMembers } from './notifiers';
+
+type Enhancer = TransitionEnhancer<Step, ResolveParams>;
+
+export const ImplicitlyNotifyTeamMembers: Enhancer = (transition) => ({
+  ...transition,
+  notifiers: transition.notifiers.concat(TeamMembers),
+});
+
+export const ApprovalFromEarlyConversationsRequiresEngagements: Enhancer = (
+  transition,
+) =>
+  transition.type === 'Approve' && transition.from?.has('EarlyConversations')
+    ? {
+        ...transition,
+        conditions: transition.conditions.concat(HasEngagement),
+      }
+    : transition;
diff --git a/src/components/workflow/define-workflow.ts b/src/components/workflow/define-workflow.ts
@@ -1,4 +1,4 @@
-import { many, mapValues, setOf } from '@seedcompany/common';
+import { entries, many, setOf } from '@seedcompany/common';
 import * as uuid from 'uuid';
 import {
   EnumType,
@@ -10,7 +10,6 @@ import {
   ResourceShape,
 } from '~/common';
 import { WorkflowEvent } from './dto';
-import { TransitionNotifier } from './transitions/notifiers';
 import { InternalTransition, TransitionInput } from './transitions/types';
 
 export const defineWorkflow =
@@ -34,33 +33,31 @@ export const defineWorkflow =
      */
     context: () => Context;
     /**
-     * Notifiers that apply to all transitions by default.
+     * Middleware functions to adapt built transitions.
      */
-    defaultNotifiers?: ReadonlyArray<TransitionNotifier<Context>>;
+    transitionEnhancers?: Many<TransitionEnhancer<State, Context>>;
   }) =>
   <TransitionNames extends string>(
     obj: Record<TransitionNames, TransitionInput<State, Context>>,
   ) => {
-    const transitions = mapValues(
-      obj,
-      (
-        name,
-        transition,
-      ): InternalTransition<State, TransitionNames, Context> => ({
+    const enhancers = many(input.transitionEnhancers ?? []);
+
+    const transitions = entries(obj).map(([name, transition]) => {
+      const normalized: InternalTransition<State, TransitionNames, Context> = {
         name,
         ...transition,
         from: transition.from ? setOf(many(transition.from)) : undefined,
         key: (transition.key ?? uuid.v5(name, input.id)) as ID,
-        conditions: maybeMany(transition.conditions),
-        notifiers: [
-          ...(input.defaultNotifiers ?? []),
-          ...(maybeMany(transition.notifiers) ?? []),
-        ],
-      }),
-    ).asRecord as Record<
-      TransitionNames,
-      InternalTransition<State, TransitionNames, Context>
-    >;
+        conditions: maybeMany(transition.conditions) ?? [],
+        notifiers: maybeMany(transition.notifiers) ?? [],
+      };
+      const enhanced = enhancers.reduce(
+        (t, enhancer) => enhancer(t),
+        normalized,
+      );
+      return enhanced;
+    });
+
     const workflow: Workflow<
       Name,
       Context,
@@ -71,7 +68,7 @@ export const defineWorkflow =
     > = {
       ...input,
       id: input.id as ID,
-      transitions: Object.values(transitions),
+      transitions,
       eventResource: input.event,
       transitionByKey: (key: ID) => {
         const transition = workflow.transitions.find((t) => t.key === key);
@@ -137,3 +134,7 @@ export interface Workflow<
     ...keys: Array<Many<Names>>
   ) => ReadonlySet<Names>;
 }
+
+export type TransitionEnhancer<State extends string, Context> = (
+  transition: InternalTransition<State, any, Context>,
+) => InternalTransition<State, any, Context>;
diff --git a/src/components/workflow/dto/serialized-workflow.dto.ts b/src/components/workflow/dto/serialized-workflow.dto.ts
@@ -171,10 +171,10 @@ export class SerializedWorkflow extends DataObject {
                 relatedStates:
                   transition.to.relatedStates?.map(serializeState) ?? [],
               },
-        conditions: (transition.conditions ?? []).map((condition) => ({
+        conditions: transition.conditions.map((condition) => ({
           label: condition.description,
         })),
-        notifiers: (transition.notifiers ?? []).map((notifier) => ({
+        notifiers: transition.notifiers.map((notifier) => ({
           label: notifier.description,
         })),
         permissions: getPermissions(transition),
diff --git a/src/components/workflow/transitions/types.ts b/src/components/workflow/transitions/types.ts
@@ -1,7 +1,5 @@
-import { many, mapValues, setOf } from '@seedcompany/common';
 import { Merge } from 'type-fest';
-import * as uuid from 'uuid';
-import { ID, Many, maybeMany } from '~/common';
+import { ID, Many } from '~/common';
 import { WorkflowTransition as PublicTransition } from '../dto/workflow-transition.dto';
 import { TransitionCondition } from './conditions';
 import { DynamicState } from './dynamic-state';
@@ -28,22 +26,7 @@ export type InternalTransition<
     name: Names;
     key: ID;
     from?: ReadonlySet<State>;
-    conditions?: ReadonlyArray<TransitionCondition<Context>>;
-    notifiers?: ReadonlyArray<TransitionNotifier<Context>>;
+    conditions: ReadonlyArray<TransitionCondition<Context>>;
+    notifiers: ReadonlyArray<TransitionNotifier<Context>>;
   }>
 >;
-
-export const defineTransitions =
-  <State extends string, Context>(options: { namespaceId: string }) =>
-  <Names extends string>(obj: Record<Names, TransitionInput<State, Context>>) =>
-    mapValues(
-      obj,
-      (name, transition): InternalTransition<State, Names, Context> => ({
-        name: name,
-        ...transition,
-        from: transition.from ? setOf(many(transition.from)) : undefined,
-        key: (transition.key ?? uuid.v5(name, options.namespaceId)) as ID,
-        conditions: maybeMany(transition.conditions),
-        notifiers: maybeMany(transition.notifiers),
-      }),
-    ).asRecord;
diff --git a/src/components/workflow/workflow.flowchart.ts b/src/components/workflow/workflow.flowchart.ts
@@ -75,9 +75,10 @@ export const WorkflowFlowchart = <W extends Workflow>(workflow: () => W) => {
               : `--> ${dynamicToId(t.to)}`;
           const endHalf = `${endId}{{ ${t.label} }}:::${t.type} ${to}`;
 
-          const conditions = t.conditions
-            ? '--"' + t.conditions.map((c) => c.description).join('\\n') + '"'
-            : '';
+          const conditions =
+            t.conditions.length > 0
+              ? '--"' + t.conditions.map((c) => c.description).join('\\n') + '"'
+              : '';
           const from = (t.from ? [...t.from].map(useState) : ['*(*)']).join(
             ' & ',
           );
diff --git a/src/components/workflow/workflow.service.ts b/src/components/workflow/workflow.service.ts
@@ -2,6 +2,7 @@ import { Inject, Injectable } from '@nestjs/common';
 import { Nil } from '@seedcompany/common';
 import { ID, Session, UnauthorizedException } from '~/common';
 import { Privileges } from '../authorization';
+import { MissingContextException } from '../authorization/policy/conditions';
 import { Workflow } from './define-workflow';
 import {
   ExecuteTransitionInput as ExecuteTransitionInputFn,
@@ -59,7 +60,7 @@ export const WorkflowService = <W extends Workflow>(workflow: () => W) => {
       );
 
       // Resolve conditions & filter as needed
-      const conditions = available.flatMap((t) => t.conditions ?? []);
+      const conditions = available.flatMap((t) => t.conditions);
       const resolvedConditions = new Map(
         await Promise.all(
           [...new Set(conditions)].map(
@@ -69,8 +70,7 @@ export const WorkflowService = <W extends Workflow>(workflow: () => W) => {
         ),
       );
       available = available.flatMap((t) => {
-        const conditions =
-          t.conditions?.map((c) => resolvedConditions.get(c)!) ?? [];
+        const conditions = t.conditions.map((c) => resolvedConditions.get(c)!);
         if (conditions.some((c) => c.status === 'OMIT')) {
           return [];
         }
@@ -105,9 +105,18 @@ export const WorkflowService = <W extends Workflow>(workflow: () => W) => {
     }
 
     canBypass(session: Session) {
-      return this.privileges
-        .for(session, this.workflow.eventResource)
-        .can('create');
+      try {
+        return this.privileges
+          .for(session, this.workflow.eventResource)
+          .can('create');
+      } catch (e) {
+        if (e instanceof MissingContextException) {
+          // Missing context, means a condition was required.
+          // Therefore, bypass is not allowed, as the convention is "condition-less execute"
+          return false;
+        }
+        throw e;
+      }
     }
 
     protected getBypassIfValid(

Original file line number	Diff line number	Diff line change
`@@ -14,6 +14,7 @@ import {`
`14`	`14`	`AsCypherParams,`
`15`	`15`	`Condition,`
`16`	`16`	`IsAllowedParams,`
	`17`	`+ MissingContextException,`
`17`	`18`	`} from '../../policy/conditions';`
`18`	`19`
`19`	`20`	`const CQL_VAR = 'requestingUser';`
`@@ -27,7 +28,7 @@ class CreatorCondition<TResourceStatic extends ResourceShape<HasCreator>>`
`27`	`28`	`{`
`28`	`29`	`isAllowed({ object, session }: IsAllowedParams<TResourceStatic>) {`
`29`	`30`	`if (!object) {`
`30`		`- throw new Error("Needed object but wasn't given");`
	`31`	`+ throw new MissingContextException();`
`31`	`32`	`}`
`32`	`33`
`33`	`34`	`const creator = (() => {`
Original file line number	Diff line number	Diff line change
`@@ -7,6 +7,7 @@ import {`
`7`	`7`	`Condition,`
`8`	`8`	`fqnRelativeTo,`
`9`	`9`	`IsAllowedParams,`
	`10`	`+ MissingContextException,`
`10`	`11`	`} from '../../policy/conditions';`
`11`	`12`
`12`	`13`	`const CQL_VAR = 'requestingUser';`
`@@ -16,7 +17,7 @@ class SelfCondition<TResourceStatic extends typeof User>`
`16`	`17`	`{`
`17`	`18`	`isAllowed({ object, session }: IsAllowedParams<TResourceStatic>) {`
`18`	`19`	`if (!object) {`
`19`		`- throw new Error("Needed user object but wasn't given");`
	`20`	`+ throw new MissingContextException();`
`20`	`21`	`}`
`21`	`22`	`return object.id === session.userId;`
`22`	`23`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,5 @@`
`1`	`1`	`export * from './condition.interface';`
	`2`	`+export * from './missing-context.exception';`
`2`	`3`	`export * from './aggregate.condition';`
`3`	`4`	`export * from './calculated.condition';`
`4`	`5`	`export * from './eql.util';`