From 703f31632db371cf1c0bb12d09aa021a15ba193f Mon Sep 17 00:00:00 2001
From: Charles Bochet <charles@twenty.com>
Date: Thu, 22 Jun 2023 15:38:33 -0700
Subject: [PATCH] Fix permissions

---
 server/src/ability/ability.factory.ts                  |  1 +
 server/src/core/company/company.resolver.ts            |  9 +++++----
 server/src/core/person/person.resolver.ts              |  9 +++++----
 .../pipeline/resolvers/pipeline-progress.resolver.ts   | 10 +++++-----
 .../core/pipeline/resolvers/pipeline-stage.resolver.ts |  9 +++++----
 .../src/core/pipeline/resolvers/pipeline.resolver.ts   |  9 +++++----
 server/src/core/user/user.resolver.ts                  |  9 +++++----
 7 files changed, 31 insertions(+), 25 deletions(-)

diff --git a/server/src/ability/ability.factory.ts b/server/src/ability/ability.factory.ts
index 26bdd97a0947..33b895ed4b93 100644
--- a/server/src/ability/ability.factory.ts
+++ b/server/src/ability/ability.factory.ts
@@ -75,6 +75,7 @@ export class AbilityFactory {
     // CommentThread
     can(AbilityAction.Read, 'CommentThread', { workspaceId: workspace.id });
     can(AbilityAction.Create, 'CommentThread');
+    can(AbilityAction.Update, 'CommentThread', { workspaceId: workspace.id });
 
     // Comment
     can(AbilityAction.Read, 'Comment', { workspaceId: workspace.id });
diff --git a/server/src/core/company/company.resolver.ts b/server/src/core/company/company.resolver.ts
index e41aa17ddaf3..2c9474a2e2d5 100644
--- a/server/src/core/company/company.resolver.ts
+++ b/server/src/core/company/company.resolver.ts
@@ -46,10 +46,11 @@ export class CompanyResolver {
   ): Promise<Partial<Company>[]> {
     return this.companyService.findMany({
       ...args,
-      where: {
-        ...args.where,
-        AND: [accessibleBy(ability).Company],
-      },
+      where: args.where
+        ? {
+            AND: [args.where, accessibleBy(ability).Company],
+          }
+        : accessibleBy(ability).Company,
       select: prismaSelect.value,
     });
   }
diff --git a/server/src/core/person/person.resolver.ts b/server/src/core/person/person.resolver.ts
index 729efb1d18ba..c812bf44f6f7 100644
--- a/server/src/core/person/person.resolver.ts
+++ b/server/src/core/person/person.resolver.ts
@@ -48,10 +48,11 @@ export class PersonResolver {
   ): Promise<Partial<Person>[]> {
     return this.personService.findMany({
       ...args,
-      where: {
-        ...args.where,
-        AND: [accessibleBy(ability).Person],
-      },
+      where: args.where
+        ? {
+            AND: [args.where, accessibleBy(ability).Person],
+          }
+        : accessibleBy(ability).Person,
       select: prismaSelect.value,
     });
   }
diff --git a/server/src/core/pipeline/resolvers/pipeline-progress.resolver.ts b/server/src/core/pipeline/resolvers/pipeline-progress.resolver.ts
index e5cb2d3cf404..cdde43cbab9f 100644
--- a/server/src/core/pipeline/resolvers/pipeline-progress.resolver.ts
+++ b/server/src/core/pipeline/resolvers/pipeline-progress.resolver.ts
@@ -45,11 +45,11 @@ export class PipelineProgressResolver {
   ): Promise<Partial<PipelineProgress>[]> {
     return this.pipelineProgressService.findMany({
       ...args,
-      where: {
-        ...args.where,
-        AND: [accessibleBy(ability).PipelineProgress],
-      },
-      select: prismaSelect.value,
+      where: args.where
+        ? {
+            AND: [args.where, accessibleBy(ability).PipelineProgress],
+          }
+        : accessibleBy(ability).PipelineProgress,
     });
   }
 
diff --git a/server/src/core/pipeline/resolvers/pipeline-stage.resolver.ts b/server/src/core/pipeline/resolvers/pipeline-stage.resolver.ts
index 4cba70621f47..8b34b5763483 100644
--- a/server/src/core/pipeline/resolvers/pipeline-stage.resolver.ts
+++ b/server/src/core/pipeline/resolvers/pipeline-stage.resolver.ts
@@ -31,10 +31,11 @@ export class PipelineStageResolver {
   ): Promise<Partial<PipelineStage>[]> {
     return this.pipelineStageService.findMany({
       ...args,
-      where: {
-        ...args.where,
-        AND: [accessibleBy(ability).PipelineStage],
-      },
+      where: args.where
+        ? {
+            AND: [args.where, accessibleBy(ability).PipelineStage],
+          }
+        : accessibleBy(ability).PipelineStage,
       select: prismaSelect.value,
     });
   }
diff --git a/server/src/core/pipeline/resolvers/pipeline.resolver.ts b/server/src/core/pipeline/resolvers/pipeline.resolver.ts
index c6613457d6d8..11003eac2024 100644
--- a/server/src/core/pipeline/resolvers/pipeline.resolver.ts
+++ b/server/src/core/pipeline/resolvers/pipeline.resolver.ts
@@ -31,10 +31,11 @@ export class PipelineResolver {
   ): Promise<Partial<Pipeline>[]> {
     return this.pipelineService.findMany({
       ...args,
-      where: {
-        ...args.where,
-        AND: [accessibleBy(ability).Pipeline],
-      },
+      where: args.where
+        ? {
+            AND: [args.where, accessibleBy(ability).Pipeline],
+          }
+        : accessibleBy(ability).Pipeline,
       select: prismaSelect.value,
     });
   }
diff --git a/server/src/core/user/user.resolver.ts b/server/src/core/user/user.resolver.ts
index 7078a89295a2..ce24db9761bb 100644
--- a/server/src/core/user/user.resolver.ts
+++ b/server/src/core/user/user.resolver.ts
@@ -38,10 +38,11 @@ export class UserResolver {
   ): Promise<Partial<User>[]> {
     return await this.userService.findMany({
       ...args,
-      where: {
-        ...args.where,
-        AND: [accessibleBy(ability).User],
-      },
+      where: args.where
+        ? {
+            AND: [args.where, accessibleBy(ability).User],
+          }
+        : accessibleBy(ability).User,
       select: prismaSelect.value,
     });
   }