From ccf0f0076049da51e1113f12867812b7b5f9e00c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Iv=C3=A1n=20Ovejero?= <ivov.src@gmail.com>
Date: Tue, 13 Aug 2024 14:12:17 +0200
Subject: [PATCH] fix(core): Account for owner when filtering by project ID in
 `GET /workflows` in Public API

---
 .../handlers/workflows/workflows.handler.ts   | 13 ++++++++++
 .../integration/publicApi/workflows.test.ts   | 26 +++++++++++++++++--
 2 files changed, 37 insertions(+), 2 deletions(-)

diff --git a/packages/cli/src/PublicApi/v1/handlers/workflows/workflows.handler.ts b/packages/cli/src/PublicApi/v1/handlers/workflows/workflows.handler.ts
index d5abac95a1787..8515548dea16b 100644
--- a/packages/cli/src/PublicApi/v1/handlers/workflows/workflows.handler.ts
+++ b/packages/cli/src/PublicApi/v1/handlers/workflows/workflows.handler.ts
@@ -143,6 +143,19 @@ export = {
 					);
 					where.id = In(workflowIds);
 				}
+
+				if (projectId) {
+					const workflows = await Container.get(SharedWorkflowRepository).findAllWorkflowsForUser(
+						req.user,
+						['workflow:read'],
+					);
+
+					const workflowIds = workflows
+						.filter((workflow) => workflow.projectId === projectId)
+						.map((workflow) => workflow.id);
+
+					where.id = In(workflowIds);
+				}
 			} else {
 				const options: { workflowIds?: string[] } = {};
 
diff --git a/packages/cli/test/integration/publicApi/workflows.test.ts b/packages/cli/test/integration/publicApi/workflows.test.ts
index 1e292af64d92f..5185f3862de89 100644
--- a/packages/cli/test/integration/publicApi/workflows.test.ts
+++ b/packages/cli/test/integration/publicApi/workflows.test.ts
@@ -267,8 +267,30 @@ describe('GET /workflows', () => {
 		}
 	});
 
-	test('should return all user-accessible workflows filtered by `projectId`', async () => {
-		license.setQuota('quota:maxTeamProjects', 2);
+	test('for owner, should return all workflows filtered by `projectId`', async () => {
+		license.setQuota('quota:maxTeamProjects', -1);
+		const firstProject = await Container.get(ProjectService).createTeamProject('First', owner);
+		const secondProject = await Container.get(ProjectService).createTeamProject('Second', member);
+
+		await Promise.all([
+			createWorkflow({ name: 'First workflow' }, firstProject),
+			createWorkflow({ name: 'Second workflow' }, secondProject),
+		]);
+
+		const firstResponse = await authOwnerAgent.get(`/workflows?projectId=${firstProject.id}`);
+		const secondResponse = await authOwnerAgent.get(`/workflows?projectId=${secondProject.id}`);
+
+		expect(firstResponse.statusCode).toBe(200);
+		expect(firstResponse.body.data.length).toBe(1);
+		expect(firstResponse.body.data[0].name).toBe('First workflow');
+
+		expect(secondResponse.statusCode).toBe(200);
+		expect(secondResponse.body.data.length).toBe(1);
+		expect(secondResponse.body.data[0].name).toBe('Second workflow');
+	});
+
+	test('for member, should return all member-accessible workflows filtered by `projectId`', async () => {
+		license.setQuota('quota:maxTeamProjects', -1);
 		const otherProject = await Container.get(ProjectService).createTeamProject(
 			'Other project',
 			member,